Completed post & user list filer by role

closes #3446, closes #3086

- Authors can only ever get to their own posts
- Editors only ever see authors in the user list

core/client/models/post.js

@@ -37,7 +37,12 @@ var Post = DS.Model.extend(NProgressSaveMixin, ValidationEngine, {
 
         tags.removeObjects(oldTags);
         oldTags.invoke('deleteRecord');
+    },
+
+    isAuthoredByUser: function (user) {
+        return parseInt(user.get('id'), 10) === parseInt(this.get('author_id'), 10);
     }
+
 });
 
 export default Post;

core/client/routes/editor/edit.js

@@ -35,6 +35,11 @@ var EditorEditRoute = Ember.Route.extend(SimpleAuth.AuthenticatedRouteMixin, bas
             return self.store.find('post', paginationSettings).then(function (records) {
                 var post = records.get('firstObject');
 
+                if (user.get('isAuthor') && post.isAuthoredByUser(user)) {
+                    // do not show the post if they are an author but not this posts author
+                    post = null;
+                }
+
                 if (post) {
                     return post;
                 }

core/client/routes/posts.js

@@ -23,7 +23,7 @@ var PostsRoute = Ember.Route.extend(SimpleAuth.AuthenticatedRouteMixin, Shortcut
             // we just need to 'return true' to allow all models by default.
             return self.store.filter('post', paginationSettings, function (post) {
                 if (user.get('isAuthor')) {
-                    return user.get('id') === post.get('author_id');
+                    return post.isAuthoredByUser(user);
                 }
 
                 return true;
@@ -35,15 +35,15 @@ var PostsRoute = Ember.Route.extend(SimpleAuth.AuthenticatedRouteMixin, Shortcut
         this._super(controller, model);
         this.setupPagination(paginationSettings);
     },
-    
+
     stepThroughPosts: function (step) {
         var currentPost = this.get('controller.currentPost'),
             posts = this.get('controller.model'),
             length = posts.get('length'),
             newPosition;
-        
+
         newPosition = posts.indexOf(currentPost) + step;
-        
+
         //Make sure we're inbounds
         if (newPosition >= length) {
             newPosition = 0;
@@ -53,7 +53,7 @@ var PostsRoute = Ember.Route.extend(SimpleAuth.AuthenticatedRouteMixin, Shortcut
         }
         this.transitionTo('posts.post', posts.objectAt(newPosition));
     },
-    
+
     shortcuts: {
         'up': 'moveUp',
         'down': 'moveDown'

core/client/routes/posts/index.js

@@ -5,13 +5,21 @@ var PostsIndexRoute = Ember.Route.extend(SimpleAuth.AuthenticatedRouteMixin, loa
     // exists to be used for the content preview.  It has a parent resource (Posts)
     // that is responsible for populating the store.
     beforeModel: function () {
+        var self = this,
         // the store has been populated so we can work with the local copy
-        var post = this.store.all('post').get('firstObject');
+            post = this.store.all('post').get('firstObject');
 
         if (post) {
-            return this.transitionTo('posts.post', post);
+            return this.store.find('user', 'me').then(function (user) {
+                if (user.get('isAuthor') && post.isAuthoredByUser(user)) {
+                    // do not show the post if they are an author but not this posts author
+                    return;
+                }
+
+                return self.transitionTo('posts.post', post);
+            });
         }
     }
 });
 
-export default PostsIndexRoute;
+export default PostsIndexRoute;

core/client/routes/posts/post.js

@@ -35,7 +35,7 @@ var PostsPostRoute = Ember.Route.extend(SimpleAuth.AuthenticatedRouteMixin, load
             return self.store.find('post', paginationSettings).then(function (records) {
                 var post = records.get('firstObject');
 
-                if (user.get('isAuthor') && user.get('id') !== post.get('author_id')) {
+                if (user.get('isAuthor') && post.isAuthoredByUser(user)) {
                     // do not show the post if they are an author but not this posts author
                     post = null;
                 }
@@ -50,10 +50,10 @@ var PostsPostRoute = Ember.Route.extend(SimpleAuth.AuthenticatedRouteMixin, load
     },
     setupController: function (controller, model) {
         this._super(controller, model);
-        
+
         this.controllerFor('posts').set('currentPost', model);
     },
-    
+
     shortcuts: {
         'enter': 'openEditor'
     },

core/client/routes/settings/users/index.js

@@ -13,8 +13,18 @@ var UsersIndexRoute = Ember.Route.extend(SimpleAuth.AuthenticatedRouteMixin, Pag
     },
 
     model: function () {
-        return this.store.filter('user', paginationSettings, function () {
-            return true;
+        var self = this;
+        return this.store.find('user', 'me').then(function (currentUser) {
+            if (currentUser.get('isEditor')) {
+                // Editors only see authors in the list
+                paginationSettings.role = 'Author';
+            }
+            return self.store.filter('user', paginationSettings, function (user) {
+                if (currentUser.get('isEditor')) {
+                    return user.get('isAuthor');
+                }
+                return true;
+            });
         });
     }
 });

core/client/routes/signout.js

@@ -10,11 +10,11 @@ var SignoutRoute = Ember.Route.extend(SimpleAuth.AuthenticatedRouteMixin, styleB
         if (Ember.canInvoke(transition, 'send')) {
             transition.send('invalidateSession');
             transition.abort();
-            this.hardRefresh();
         } else {
             this.send('invalidateSession');
-            this.hardRefresh();
         }
+
+        this.hardRefresh();
     },
 
     hardRefresh: function () {