X-Git-Url: http://git.osdn.net/view?p=pettanr%2Fpettanr.git;a=blobdiff_plain;f=app%2Fcontrollers%2Fpanel_pictures_controller.rb;h=f0939491aba0683e1844e82e68c56ace85ddd075;hp=be237f5e811f9ae20500da3db5dd4c8656a9803c;hb=d726b7ed12159f568a59d8eb7e1229d306c3dfc0;hpb=a9ec68d632929b0cb3c5391309180e41ef38b048

diff --git a/app/controllers/panel_pictures_controller.rb b/app/controllers/panel_pictures_controller.rb
index be237f5e..f0939491 100644
--- a/app/controllers/panel_pictures_controller.rb
+++ b/app/controllers/panel_pictures_controller.rb
@@ -51,9 +51,12 @@ class PanelPicturesController < ApplicationController
   end
 
   def new
-    @panel_picture = PanelPicture.new params[:panel_picture]
+    @picture = Picture.show params[:picture_id], @author
+    raise ActiveRecord::Forbidden unless @picture.enable?
+    @panel = Panel.edit(@author.working_panel, @author)
+    
+    @panel_picture = PanelPicture.new :panel_id => @panel.id, :picture_id => @picture.id
     @panel_picture.supply_default
-    @panel = @panel_picture.panel
 
     respond_to do |format|
       format.html
@@ -71,10 +74,14 @@ class PanelPicturesController < ApplicationController
   end
 
   def create
-    @panel_picture = PanelPicture.new params[:panel_picture]
-    @panel_picture.supply_default
-    @panel_picture.overwrite 
-    @panel = Panel.edit(@panel_picture.panel.id, @author)
+    @panel = Panel.edit(@author.working_panel, @author)
+    
+    @panel_picture = PanelPicture.new 
+    @panel_picture.attributes = params[:panel_picture]
+    @panel_picture.overwrite @panel.id
+    
+    @picture = Picture.show @panel_picture.picture_id, @author
+    raise ActiveRecord::Forbidden unless @picture.enable?
     
     respond_to do |format|
       if @panel_picture.valid?
@@ -83,8 +90,8 @@ class PanelPicturesController < ApplicationController
           format.html { redirect_to @panel }
           format.json { render json: @panel.panel_elements_as_json, status: :created, location: @panel }
         else
-          flash[:notice] = I18n.t('flash.notice.not_created', :model => Panel.model_name.human)
-          format.html { render action: "panels/new" }
+          flash[:notice] = I18n.t('flash.notice.not_created', :model => PanelPicture.model_name.human)
+          format.html { render action: "new" }
           format.json { render json: @panel.errors, status: :unprocessable_entity }
         end
       else
@@ -98,8 +105,11 @@ class PanelPicturesController < ApplicationController
   def update
     @panel_picture = PanelPicture.show(params[:id], @author)
     @panel_picture.attributes = params[:panel_picture]
-    @panel_picture.overwrite 
     @panel = Panel.edit(@panel_picture.panel.id, @author)
+    @panel_picture.overwrite @panel.id
+    
+    @picture = Picture.show @panel_picture.picture_id, @author
+    raise ActiveRecord::Forbidden unless @picture.enable?
     
     respond_to do |format|
       if @panel_picture.store @author