app/controllers/cms/pages_controller.rb in we5-browsercms-3.0.2 vs app/controllers/cms/pages_controller.rb in we5-browsercms-3.0.5
- old
+ new
@@ -1,7 +1,7 @@
class Cms::PagesController < Cms::BaseController
-
+
before_filter :set_toolbar_tab
before_filter :load_section, :only => [:new, :create]
before_filter :load_page, :only => [:versions, :version, :revert_to, :destroy]
before_filter :load_draft_page, :only => [:edit, :update]
before_filter :hide_toolbar, :only => [:new, :create]
@@ -16,11 +16,11 @@
end
def show
redirect_to Page.find(params[:id]).path
end
-
+
def create
@page = Page.new(params[:page])
@page.section = @section
if @page.save
flash[:notice] = "Page was '#{@page.name}' created."
@@ -36,11 +36,11 @@
redirect_to [:cms, @page]
else
render :action => "edit"
end
rescue ActiveRecord::StaleObjectError => e
- @other_version = @page.class.find(@page.id)
+ @other_version = @page.class.find(@page.id)
render :action => "edit"
end
def destroy
respond_to do |format|
@@ -53,18 +53,18 @@
format.html { flash[:error] = message; redirect_to(cms_sitemap_url) }
format.json { render :json => {:success => false, :message => message } }
end
end
end
-
+
#status actions
{:publish => "published", :hide => "hidden", :archive => "archived"}.each do |status, verb|
define_method status do
if params[:page_ids]
- params[:page_ids].each do |id|
- Page.find(id).send(status)
- end
+ @pages = params[:page_ids].map { |id| Page.find(id) }
+ raise Cms::Errors::AccessDenied unless @pages.all? { |page| current_user.able_to_edit?(page) }
+ @pages.each { |page| page.send(status) }
flash[:notice] = "#{params[:page_ids].size} pages #{verb}"
redirect_to cms_dashboard_url
else
load_page
if @page.send(status)
@@ -72,58 +72,62 @@
end
redirect_to @page.path
end
end
end
-
+
def version
@page = @page.as_of_version(params[:version])
@show_toolbar = true
@show_page_toolbar = true
+ @_connectors = @page.connectors.for_page_version(@page.version)
+ @_connectables = @_connectors.map(&:connectable_with_deleted)
render :layout => @page.layout, :template => 'cms/content/show'
- end
-
+ end
+
def revert_to
if @page.revert_to(params[:version])
flash[:notice] = "Page '#{@page.name}' was reverted to version #{params[:version]}"
end
-
+
respond_to do |format|
format.html { redirect_to @page.path }
format.js { render :template => 'cms/shared/show_notice' }
- end
+ end
end
-
+
private
def strip_publish_params
unless current_user.able_to?(:publish_content)
params[:page].delete :hidden
params[:page].delete :archived
end
end
def load_page
@page = Page.find(params[:id])
+ raise Cms::Errors::AccessDenied unless current_user.able_to_edit?(@page)
end
-
+
def load_draft_page
load_page
@page = @page.as_of_draft_version
end
-
+
def load_section
@section = Section.find(params[:section_id])
+ raise Cms::Errors::AccessDenied unless current_user.able_to_edit?(@section)
end
-
+
def hide_toolbar
@hide_page_toolbar = true
end
def set_toolbar_tab
@toolbar_tab = :sitemap
end
-
+
def load_templates
@templates = PageTemplate.options
end
-
+
end