publiclab · jywarren · Dec 13, 2016 · Dec 13, 2016 · Dec 13, 2016
diff --git a/app/controllers/tag_controller.rb b/app/controllers/tag_controller.rb
@@ -144,7 +144,7 @@ def create
   # should delete only the term_node/node_tag (instance), not the term_data (class)
   def delete
     node_tag = DrupalNodeCommunityTag.where(nid: params[:nid], tid: params[:tid]).first
-    # check for community tag too...
+    # only admins, mods, and tag authors can delete other peoples' tags
     if node_tag.uid == current_user.uid || current_user.role == "admin" || current_user.role == "moderator"
 
       node_tag.delete

diff --git a/app/models/drupal_node.rb b/app/models/drupal_node.rb
@@ -785,16 +785,18 @@ def self.upgrades(tagname)
   def can_tag(tagname, user, errors = false)
     if tagname[0..4] == "with:"
       if User.find_by_username(tagname.split(':')[1]).nil?
-        return errors ? I18n.t('tag_controller.cannot_find_username') : false
+        return errors ? I18n.t('drupal_node.cannot_find_username') : false
       elsif self.author.uid != user.uid
-        return errors ? I18n.t('tag_controller.only_author_use_powertag') : false
+        return errors ? I18n.t('drupal_node.only_author_use_powertag') : false
       elsif tagname.split(':')[1] == user.username
-        return errors ? I18n.t('tag_controller.cannot_add_yourself_coauthor') : false
+        return errors ? I18n.t('drupal_node.cannot_add_yourself_coauthor') : false
       else
         return true
       end
     elsif tagname[0..4] == "rsvp:" && user.username != tagname.split(":")[1]
-      return errors ? I18n.t('tag_controller.only_RSVP_for_yourself') : false
+      return errors ? I18n.t('drupal_node.only_RSVP_for_yourself') : false
+    elsif tagname == "locked" && user.role != "admin"
+      return errors ? I18n.t('drupal_node.only_admins_can_lock') : false
     else
       return true
     end

diff --git a/config/locales/controllers/tag_controller/de.yml b/config/locales/controllers/tag_controller/de.yml
@@ -6,11 +6,7 @@ de:
     tag_already_exists: "Fehler: dass Tag existiert bereits."
     barnstar_not_created: "Die Barnstar konnte nicht erstellt werden."
     barnstar_awarded: "Sie vergab den <a href='%{url1}'>%{star} barnstar</a> <a href='%{url2}'>%{awardee}</a>"
-    only_author_use_powertag: "Fehler: nur der Autor kann diese PowerTag verwenden."
-    cannot_find_username: "Fehler: kann nicht, dass Benutzernamen finden."
-    cannot_add_yourself_coauthor: "Fehler: Sie selbst als Co-Autor nicht hinzufügen können."
-    only_RSVP_for_yourself: "Fehler: Sie können nur für sich selbst RSVP."
     error_tags: "Fehler: Tags "
     tags_created_error: "%{tag_count} Tags erstellt, %{error_count} Fehler."
     tag_deleted: "Tag gelöscht."
-    must_own_tag_to_delete: "Sie müssen den Tag besitzen, um es zu löschen."
+    must_own_tag_to_delete: "Sie müssen den Tag besitzen, um es zu löschen."
diff --git a/config/locales/controllers/tag_controller/en.yml b/config/locales/controllers/tag_controller/en.yml
@@ -6,11 +6,7 @@ en:
     tag_already_exists: "Error: that tag already exists."
     barnstar_not_created: "The barnstar could not be created."
     barnstar_awarded: "You awarded the <a href='%{url1}'>%{star} barnstar</a> to <a href='%{url2}'>%{awardee}</a>"
-    only_author_use_powertag: "Error: only the author may use that powertag."
-    cannot_find_username: "Error: cannot find that username."
-    cannot_add_yourself_coauthor: "Error: you cannot add yourself as coauthor."
-    only_RSVP_for_yourself: "Error: you can only RSVP for yourself."
     error_tags: "Error: tags "
     tags_created_error: "%{tag_count} tags created, %{error_count} errors."
     tag_deleted: "Tag deleted."
-    must_own_tag_to_delete: "You must own the tag to delete it."
+    must_own_tag_to_delete: "You must own the tag to delete it."
diff --git a/config/locales/models/drupal_node/de.yml b/config/locales/models/drupal_node/de.yml
@@ -0,0 +1,8 @@
+# See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+
+de:
+  drupal_node:
+    only_author_use_powertag: "Fehler: nur der Autor kann diese PowerTag verwenden."
+    cannot_find_username: "Fehler: kann nicht, dass Benutzernamen finden."
+    cannot_add_yourself_coauthor: "Fehler: Sie selbst als Co-Autor nicht hinzufügen können."
+    only_RSVP_for_yourself: "Fehler: Sie können nur für sich selbst RSVP."
diff --git a/config/locales/models/drupal_node/en.yml b/config/locales/models/drupal_node/en.yml
@@ -0,0 +1,9 @@
+# See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+
+en:
+  drupal_node:
+    only_author_use_powertag: "Error: only the author may use that powertag."
+    cannot_find_username: "Error: cannot find that username."
+    cannot_add_yourself_coauthor: "Error: you cannot add yourself as coauthor."
+    only_RSVP_for_yourself: "Error: you can only RSVP for yourself."
+    only_admins_can_lock: "Error: only admins can lock pages."
diff --git a/test/functional/tag_controller_test.rb b/test/functional/tag_controller_test.rb
@@ -63,7 +63,7 @@ def setup
          nid: node(:one).nid # authored by jeff, not bob
 
     assert_redirected_to(node(:one).path)
-    assert_equal I18n.t('tag_controller.only_author_use_powertag'), assigns['output']['errors'][0]
+    assert_equal I18n.t('drupal_node.only_author_use_powertag'), assigns['output']['errors'][0]
   end
 
   test "admins can add disallowed tags" do

diff --git a/test/unit/drupal_node_tag_test.rb b/test/unit/drupal_node_tag_test.rb
@@ -122,7 +122,7 @@ class DrupalNodeTagTest < ActiveSupport::TestCase
   test "can't powertag with: yourself" do
     user = node(:blog).author
     tagname = "with:#{user.username}"
-    assert_equal I18n.t('tag_controller.cannot_add_yourself_coauthor'), node(:blog).can_tag(tagname, user, true)
+    assert_equal I18n.t('drupal_node.cannot_add_yourself_coauthor'), node(:blog).can_tag(tagname, user, true)
     assert_false node(:blog).can_tag(tagname, user)
   end
 
@@ -136,7 +136,7 @@ class DrupalNodeTagTest < ActiveSupport::TestCase
   test "can't tag with: a nonexistent user" do
     user = rusers(:bob)
     tagname = "with:steven"
-    assert_equal I18n.t('tag_controller.cannot_find_username'), node(:blog).can_tag(tagname, user, true)
+    assert_equal I18n.t('drupal_node.cannot_find_username'), node(:blog).can_tag(tagname, user, true)
     assert_false node(:blog).can_tag(tagname, user)
   end
 
@@ -149,7 +149,7 @@ class DrupalNodeTagTest < ActiveSupport::TestCase
       title: 'My research note'
     })
     tagname = "with:#{jeff.username}"
-    assert_equal I18n.t('tag_controller.only_author_use_powertag'), node.can_tag(tagname, bob, true)
+    assert_equal I18n.t('drupal_node.only_author_use_powertag'), node.can_tag(tagname, bob, true)
     assert_false node.can_tag(tagname, bob)
   end
 
@@ -171,8 +171,14 @@ class DrupalNodeTagTest < ActiveSupport::TestCase
     tagname = "rsvp:#{jeff.username}"
     assert_not_equal true,  node.can_tag(tagname, user, true) # return errors with optional 3rd parameter
     assert_not_equal false, node.can_tag(tagname, user, true)
-    assert_equal I18n.t('tag_controller.only_RSVP_for_yourself'), node.can_tag(tagname, user, true)
+    assert_equal I18n.t('drupal_node.only_RSVP_for_yourself'), node.can_tag(tagname, user, true)
     assert_false node.can_tag(tagname, user) # default is true/false
   end
 
+  test "only admins can lock pages" do
+    assert_false node(:blog).can_tag('locked', rusers(:bob))
+    assert node(:blog).can_tag('locked', rusers(:admin))
+    assert_equal I18n.t('drupal_node.only_admins_can_lock'), node(:blog).can_tag('locked', rusers(:bob), true)
+  end
+
 end