Add authorization

2014-07-31 20:42:42 +08:00 · 2014-07-31 20:42:42 +08:00 · 38758160fe
parent 5608c79d42
commit 38758160fe
3 changed files with 10 additions and 4 deletions
--- a/app/controllers/admin/page_contents_controller.rb
+++ b/app/controllers/admin/page_contents_controller.rb
@ -9,8 +9,12 @@ class Admin::PageContentsController < OrbitAdminController
  end

  def new
-  	@page = Page.find(params[:page_id])
-  	@page_content = PageContext.new
+    if can_edit_or_delete?(nil)
+      @page = Page.find(params[:page_id])
+      @page_content = PageContext.new
+    else
+      render_401
+    end
  end

  def create
--- a/app/views/admin/page_contents/index.html.erb
+++ b/app/views/admin/page_contents/index.html.erb
@ -13,7 +13,9 @@
 				<a href="/<%= I18n.locale %><%= page.url %>" target="_blank"><%= page.name %></a>
 				<div class="quick-edit">
 					<ul class="nav nav-pills">
-						<li><a href="/admin/page_contents/new?page_id=<%= page.id.to_s %>"><%= t(:edit) %></a></li>
+						<% if can_edit_or_delete?(page) %>
+							<li><a href="/admin/page_contents/new?page_id=<%= page.id.to_s %>"><%= t(:edit) %></a></li>
+						<% end %>
 					</ul>
 				</div>
 			</td>
--- a/lib/page_content/engine.rb
+++ b/lib/page_content/engine.rb
@ -9,7 +9,7 @@ module PageContent

        side_bar do
          head_label_i18n 'page_content.page', icon_class: "icons-newspaper"
-          available_for [:admin,:manager,:sub_manager]
+          available_for "users"
          active_for_controllers (['admin/page_contents'])
          head_link_path "admin_page_contents_path"
      	end