lib/masterview/extras/app/controllers/masterview_controller.rb in masterview-0.3.1 vs lib/masterview/extras/app/controllers/masterview_controller.rb in masterview-0.3.2

@@ -46,11 +46,11 @@
 #
 require 'masterview/extras/sample_templates'
 
 class MasterviewController < ApplicationController
   include MasterView::MIO::DefaultGenerateMIOFilter
-
+  include MasterView::MasterViewAdminAuthMixin
   before_filter :check_authorization, :except => [ :access_not_allowed ]
 
   ###layout 'masterview_admin'
 
   MV_ADMIN_INSTALL_DIR = File.expand_path( File.join(File.dirname(__FILE__), '../..') ) #:nodoc:
@@ -77,18 +77,21 @@
   # Describe the MasterView configuration option settings
   def configuration
     masterview_render_with_layout( 'masterview/admin/configuration', 'masterview_admin_config' )
   end
 
+  # Describe the installed set of MasterView directives (builtin and addons)
   def directives
     masterview_render_with_layout( 'masterview/admin/directives', 'masterview_admin_config' )
   end
 
+  # Describe the installed set of MasterView features
   def features
     masterview_render_with_layout( 'masterview/admin/features', 'masterview_admin_config' )
   end
 
+#####move this to someplace accessible!!
   # Rebuild all templates in the application.
   # Invoked from the main masterview admin page.
   def rebuild_all
     files_rebuilt = []
     MasterView::TemplateSpec.scan do |template_spec, content_hash|
@@ -119,11 +122,11 @@
   end
 
   # Create a new, empty template.
   # Invoked from the main masterview admin page.
   def create
-    if @request.post?
+    if request.post?
       action_to_create = params[:action_name]
       src_file = params[:file]
 
       empty_file_path = find_path('app/views/masterview/admin/empty.rhtml')
       empty_insert_erb = File.readlines(empty_file_path).join
@@ -145,11 +148,11 @@
     raise "RHTML file ("+@rhtml_file+") not found. Maybe automatic parsing is disabled. You may invoke parsing manually by using rake mv:parse" unless f.exist?
     @rhtml_content = f.read
     smart_render 'masterview/admin/view_rhtml'
   end
 
-  # interact, test template src, view results
+  # interactive template editor - parse template source and show generated output
   def interact
     @results = []
     @src = params[:src]
     if @src
       begin
@@ -168,31 +171,36 @@
       end
     end
     smart_render 'masterview/admin/interact'
   end
 
+  protected
+
+  # Check that the current user has authorization to access admin operations
+  def check_authorization
+    if ! allow_access?
+      redirect_to :action => :access_not_allowed
+    end
+  end
+
   def access_not_allowed #:nodoc:
     render :text => '<p>We\'re sorry, but the page you have requested is only available to authorized users.</p>',
             :status => 500
   end
 
-  protected
-
+=begin
+  # uses the config.admin_check_auth_proc to determine if allowed, override this
+  # in config settings. Default restricts to local_request
   # Default implementation of authorization check
-  # to restrict access to administrative services
+  # restricts access to administrative services
+  # to local machine (developer testing)
   def allow_access?
     # a more general solution might look something like:
     # current_user && user_has_perm?('mv-admin')
     # backstop: only allow for developer testing on local machine
     local_request?
   end
-
-  # Check that the current user has authorization to access admin operations
-  def check_authorization
-    if ! allow_access?
-      redirect_to :action => :access_not_allowed
-    end
-  end
+=end
 
   private
 
   # checks app path first for views and files, then falls back to files in MV
   def find_path(path)