Made having a confirmed email required to manage blog posts.

2017-11-19 15:33:02 -05:00
parent 42722d03a0
commit 40337f9e68
3 changed files with 29 additions and 9 deletions
--- a/app/controllers/blogposts_controller.rb
+++ b/app/controllers/blogposts_controller.rb
@@ -69,7 +69,7 @@ class BlogpostsController < ApplicationController
  end

  def auth
-    unless mod?
+    unless mod? && current_user.confirmed?
      flash[:alert] = "You are not allowed to edit posts!"
      redirect_to @post ? @post : blogposts_path
    end
--- a/app/views/blogposts/edit.html.erb
+++ b/app/views/blogposts/edit.html.erb
@@ -1,10 +1,20 @@
 <% title "Edit News: #{@post.title}" %>

+<%
+  def can_edit?
+    mod? && current_user.confirmed?
+  end
+%>
+
 <h1>Edit post</h1>
 <%= form_for @post do |f|%>
-  <%= f.text_field :title %>
-  <%= render partial: "md_editor", locals: {name: "blogpost[content]", content: @post.content} %>
-  <p><%= f.submit "Update Post", class: "btn blue left" %></p>
+  <%= f.text_field :title, disabled: !can_edit? %>
+  <%= render partial: "md_editor", locals: {name: "blogpost[content]", content: @post.content, options: {disabled: !can_edit?}} %>
+  <p><%= f.submit "Update Post", class: "btn blue left", disabled: !can_edit? %></p>
+<% end %>
+<p><%= button_to "Delete post", @post, method: "delete", data: {confirm: "Delete post & comments forever?"}, class: "btn red right", disabled: !can_edit? %></p>
+<div class="clear"></div>
+
+<% if !current_user.confirmed? %>
+  <span class='red-alert'>You must confirm your email before you can edit blog posts.</span>
 <% end %>
-<p><%= button_to "Delete post", @post, method: "delete", data: {confirm: "Delete post & comments forever?"}, class: "btn red right" %></p>
-<div class="clear"></div>
--- a/app/views/blogposts/new.html.erb
+++ b/app/views/blogposts/new.html.erb
@@ -1,9 +1,19 @@
 <% title "New Blog Post" %>

+<%
+  def can_create?
+    admin? && current_user.confirmed?
+  end
+%>
+
 <h1>New Post</h1>
 <%= form_for @post do |f|%>
-  <%= f.text_field :title, placeholder: "Title" %>
-  <%= render partial: "md_editor", locals: {name: "blogpost[content]", content: @post.content} %>
-  <p><%= f.submit "Create Post", class: "btn blue left" %></p>
+  <%= f.text_field :title, placeholder: "Title", disabled: !can_create? %>
+  <%= render partial: "md_editor", locals: {name: "blogpost[content]", content: @post.content, options: {disabled: !can_create?}} %>
+  <p><%= f.submit "Create Post", class: "btn blue left", disabled: !can_create? %></p>
  <div class="clear"></div>
+
+  <% if !current_user.confirmed? %>
+    <span class='red-alert'>You must confirm your email before you can create new blog posts.</span>
+  <% end %>
 <% end %>