Minor permissions cleanups for article controller methods, and support for

"unclaimed" events (those with null member_ids) for event transfer between
users and avoiding breakage when member accounts are deleted.


git-svn-id: http://svn.pdxruby.org/repos/www/trunk@151 f0fbaf97-c700-0410-a5eb-8ea856f8537e

Author: lennon

app/controllers/articles_controller.rb

@@ -1,11 +1,14 @@
 class ArticlesController < ApplicationController
+  before_filter :member_is_author, :only => [ :edit, :create, :destroy, :update ]
+  before_filter :authenticate, :only => [ :new ]
+  
   def index
     list
     render :action => 'list'
   end
 
   def list
-    @article_pages, @articles = paginate :article, :per_page => 10
+    @article_pages, @articles = paginate :article, :per_page => 10, :order_by => 'modified_at'
   end
 
   def show
@@ -42,6 +45,17 @@ def update
 
   def destroy
     Article.find(params[:id]).destroy
+    flash[:notice] = 'Article deleted.'
     redirect_to :action => 'list'
   end
+  
+  private 
+  
+  def member_is_author
+    if !member_is_this_member? Article.find(params[:id]).member.id
+      flash[:notice] = "Only the author can edit or remove articles."
+      redirect_to :action => 'list'
+      return false
+    end
+  end
 end

app/controllers/events_controller.rb

@@ -1,13 +1,14 @@
 class EventsController < ApplicationController
-  before_filter :authenticate, :only => [ :edit, :create, :new, :destroy ]
+  before_filter :authenticate, :only => [ :edit, :create, :new, :claim ]
+  before_filter :member_is_owner, :only => [ :edit, :destroy, :release ]
 
   def index
     list
     render :action => 'list'
   end
 
   def list
-    @event_pages, @events = paginate :event, :per_page => 10, :order => 'starts_at ASC'
+    @event_pages, @events = paginate :event, :per_page => 10, :order_by => 'starts_at ASC'
   end
 
   def show
@@ -118,10 +119,52 @@ def cancel
     redirect_to :action => 'list'
   end
 
+  def release
+    @event = Event.find(params[:id])
+    if session[:member].id != @event.member_id
+      flash[:notice] = "Only an event owner can release it."
+      redirect_to :action => 'list'
+      return
+    end
+    @event.member = nil
+    if @event.save
+      flash[:notice] = "Event released."
+    else
+      flash[:notice] = "Failed to release event."
+    end
+    redirect_to :action => 'list'
+  end
+  
+  def claim
+    @event = Event.find(params[:id])
+    unless @event.unclaimed?
+      flash[:notice] = "This event already has an owner. They must release it before it can be claimed."
+      redirect_to :action => 'show', :id => @event.id
+      return
+    end
+    @event.member = session[:member]
+    if @event.save
+      flash[:notice] = "Event ownership claimed. Thank you!"
+    else
+      flash[:notice] = "Failed to claim event."
+    end
+    redirect_to :action => 'show', :id => @event.id
+  end
+  
   ICAL_EVENT_LIMIT = 100
   def ical
      @headers['content-type'] = 'text/plain'
      @events = Event.find_upcoming(ICAL_EVENT_LIMIT)
      render_without_layout
   end
+  
+  private
+  
+  def member_is_owner
+    if !member_is_this_member? Event.find(params[:id]).member.id
+      flash[:notice] = "Only the owner can edit or remove events."
+      redirect_to :action => 'list'
+      return false
+    end
+  end
 end

app/models/event.rb

@@ -65,6 +65,10 @@ def feedbacks
     self.participants.map {|p| p.feedbacks }.flatten
   end
 
+  def unclaimed?
+    nil == self.member
+  end
+  
   def Event.find_upcoming(limit=10)
     find(:all, :limit => limit, :order => 'starts_at desc', 
          :conditions => ['starts_at > ? and status = ?', Time.now, EVENT_STATUS[:active]])

app/views/events/list.rhtml

@@ -17,11 +17,19 @@
       <%= link_to event.name, :action => 'show', :id => event.id %>
     </td>
     <td>
-      <%= link_to event.member.name, 
-          :controller => 'members', 
-          :action => 'show',
-          :id => event.member.id
-      %></td>
+      <% if event.member %>
+          <%= link_to event.member.name, 
+              :controller => 'members', 
+              :action => 'show',
+              :id => event.member.id %>
+      <% else %>
+        <span class="attention">no one</span> 
+        (<%= link_to 'claim',
+            {:action => 'claim',
+             :id => event.id },
+             :confirm => 'Are you sure?' %>)
+      <% end %>
+    </td>
     <% if event.location.nil? %>
       <td><i>unknown</i></td>
     <% else %>

app/views/events/show.rhtml

@@ -3,11 +3,18 @@
 <% end %>
 
 <p>Organized by 
+  <% if @event.member.nil? %>
+  no one 
+  (<%= link_to 'claim',
+        {:id => @event.id, :action => 'claim'},
+        :confirm => 'Are you sure?' %>)
+  <% else %>
   <%= link_to @event.member.name, 
       :controller => 'members', 
       :action => 'show', 
       :id => @event.member.id 
   %>
+  <% end %>
 </p>
 <p>Time: <%= @event.starts_at %> - <%= @event.ends_at %></p>
 <p>Location: 
@@ -96,9 +103,21 @@
 <% if not (@event.cancelled? or @event.ended?) %>
 | <%= link_to 'Cancel this event', :action => 'cancel', :id => @event, :confirm => 'Are you sure?' %>
 <% end %>
+<% if @event.member == session[:member] %>
+| <%= link_to 'Give up ownership', 
+    :action => 'release', 
+    :id => @event,
+    :confirm => 'Are you sure?' %>
+<% end %>
 </p>
 <% end %>
 
+<% if @event.unclaimed? and session[:member] %>
+<%= link_to 'Claim ownership',
+    :action => 'claim',
+    :id => @event,
+    :confirm => 'Are you sure?' %>
+<% end %>
 
 <p>
 <%= link_to 'Browse other events', :action => 'list' %>

doc/TODO

@@ -8,22 +8,11 @@ Notes:
    put your name in [square brackets] at the end of the event.
 
 _Spamming_
-  - When event is over, ask participants for feedback. [lennon]
-  
-  - Participants are notified via email of change to core event information [lennon]
-  
-  - Participants are notified via email if event is cancelled [lennon]
-  
-  - Participants are notified of reminder of event (eg, day before) [lennon]
-  
-  - Owner is notified via email of RSVPs and comments [lennon]
 
   - All members are notified of new events [lennon]
 
 _Other_
   - Owner can give event to another participant.
-  
-  - Export events to an iCalendar (http://en.wikipedia.org/wiki/ICalendar) file
 
   - Make forms prettier (i.e. make input sizes more appropriate)
   	- on Edit/New Event, when existing location is selected, alternative location
@@ -39,8 +28,6 @@ _Other_
     occurs (i.e. when scripts/feeder runs, and when an event is added or deleted or modified). Ideally
     the index should be able to handle a slashdotting.
 
-  - Some way for a user to reset/change their password
-
   - User should be able to delete their own account...
 
 _Input Validation_

public/stylesheets/stylesheet.css

@@ -116,5 +116,11 @@ table#eventlist td{
   padding: 3px;
 }
 table#eventlist tr.cancelled_event {
-  background: #fba;
+  background: #ecb;
+  color: #444;
+}
+
+.attention {
+  font-weight: bold;
+  background: #ff9;
 }

www.tmproj

@@ -3,7 +3,7 @@
 <plist version="1.0">
 <dict>
 	<key>currentDocument</key>
-	<string>app/models/mail_bot.rb</string>
+	<string>app/views/events/list.rhtml</string>
 	<key>documents</key>
 	<array>
 		<dict>
@@ -23,82 +23,68 @@
 	<integer>200</integer>
 	<key>metaData</key>
 	<dict>
-		<key>app/models/mail_bot.rb</key>
+		<key>app/controllers/articles_controller.rb</key>
 		<dict>
 			<key>caret</key>
 			<dict>
 				<key>column</key>
-				<integer>39</integer>
-				<key>line</key>
-				<integer>28</integer>
-			</dict>
-			<key>firstVisibleColumn</key>
-			<integer>0</integer>
-			<key>firstVisibleLine</key>
-			<integer>6</integer>
-		</dict>
-		<key>app/views/mail_bot/cancel_message.rhtml</key>
-		<dict>
-			<key>caret</key>
-			<dict>
-				<key>column</key>
-				<integer>23</integer>
+				<integer>0</integer>
 				<key>line</key>
-				<integer>12</integer>
+				<integer>61</integer>
 			</dict>
 			<key>firstVisibleColumn</key>
 			<integer>0</integer>
 			<key>firstVisibleLine</key>
-			<integer>0</integer>
+			<integer>23</integer>
 		</dict>
-		<key>app/views/mail_bot/change_message.rhtml</key>
+		<key>app/controllers/events_controller.rb</key>
 		<dict>
 			<key>caret</key>
 			<dict>
 				<key>column</key>
-				<integer>28</integer>
+				<integer>8</integer>
 				<key>line</key>
-				<integer>9</integer>
+				<integer>115</integer>
 			</dict>
 			<key>firstVisibleColumn</key>
 			<integer>0</integer>
 			<key>firstVisibleLine</key>
-			<integer>0</integer>
+			<integer>97</integer>
 		</dict>
-		<key>app/views/mail_bot/feedback_message.rhtml</key>
+		<key>app/models/event.rb</key>
 		<dict>
 			<key>caret</key>
 			<dict>
 				<key>column</key>
-				<integer>0</integer>
+				<integer>19</integer>
 				<key>line</key>
-				<integer>4</integer>
+				<integer>83</integer>
 			</dict>
 			<key>firstVisibleColumn</key>
 			<integer>0</integer>
 			<key>firstVisibleLine</key>
-			<integer>0</integer>
+			<integer>49</integer>
 		</dict>
-		<key>app/views/mail_bot/new_event_message.rhtml</key>
+		<key>app/views/events/list.rhtml</key>
 		<dict>
 			<key>caret</key>
 			<dict>
 				<key>column</key>
-				<integer>28</integer>
+				<integer>44</integer>
 				<key>line</key>
-				<integer>5</integer>
+				<integer>29</integer>
 			</dict>
 			<key>firstVisibleColumn</key>
 			<integer>0</integer>
 			<key>firstVisibleLine</key>
 			<integer>0</integer>
 		</dict>
-		<key>app/views/mail_bot/rsvp_message.rhtml</key>
+		<key>app/views/events/show.rhtml</key>
 		<dict>
 			<key>caret</key>
 			<dict>
 				<key>column</key>
-				<integer>19</integer>
+				<integer>9</integer>
 				<key>line</key>
 				<integer>8</integer>
 			</dict>
@@ -107,34 +93,18 @@
 			<key>firstVisibleLine</key>
 			<integer>0</integer>
 		</dict>
-		<key>app/views/mail_bot/signup_message.rhtml</key>
-		<dict>
-			<key>caret</key>
-			<dict>
-				<key>column</key>
-				<integer>16</integer>
-				<key>line</key>
-				<integer>13</integer>
-			</dict>
-			<key>firstVisibleColumn</key>
-			<integer>0</integer>
-			<key>firstVisibleLine</key>
-			<integer>0</integer>
-		</dict>
 	</dict>
 	<key>openDocuments</key>
 	<array>
-		<string>app/views/mail_bot/rsvp_message.rhtml</string>
-		<string>app/views/mail_bot/feedback_message.rhtml</string>
-		<string>app/views/mail_bot/change_message.rhtml</string>
-		<string>app/views/mail_bot/cancel_message.rhtml</string>
-		<string>app/views/mail_bot/new_event_message.rhtml</string>
-		<string>app/views/mail_bot/signup_message.rhtml</string>
-		<string>app/models/mail_bot.rb</string>
+		<string>app/controllers/events_controller.rb</string>
+		<string>app/views/events/list.rhtml</string>
+		<string>app/views/events/show.rhtml</string>
+		<string>app/controllers/articles_controller.rb</string>
+		<string>app/models/event.rb</string>
 	</array>
 	<key>showFileHierarchyDrawer</key>
 	<true/>
 	<key>windowFrame</key>
-	<string>{{210, 44}, {814, 702}}</string>
+	<string>{{254, 96}, {744, 638}}</string>
 </dict>
 </plist>