From 893313741f9ab324336fd08d7379b7ba72d2c8b6 Mon Sep 17 00:00:00 2001
From: manson <manson@rulingcom.com>
Date: Fri, 1 Aug 2014 12:22:47 +0800
Subject: [PATCH] add authorization

---
 app/controllers/admin/diplomas_controller.rb    |  7 +++++--
 app/views/admin/diplomas/_diploma.html.erb      |  1 +
 app/views/admin/diplomas/_form.html.erb         |  1 +
 app/views/admin/diplomas/index.html.erb         |  7 ++++---
 .../plugin/personal_diploma/_profile.html.erb   | 17 +++++++++--------
 5 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/app/controllers/admin/diplomas_controller.rb b/app/controllers/admin/diplomas_controller.rb
index 6e4054d..ea9bf7e 100644
--- a/app/controllers/admin/diplomas_controller.rb
+++ b/app/controllers/admin/diplomas_controller.rb
@@ -4,6 +4,9 @@ class Admin::DiplomasController < OrbitMemberController
   before_action :set_plugin
   before_action :get_settings,:only => [:new, :edit, :setting]
 
+  before_action :need_access_right
+  before_action :allow_admin_only, :only => [:index, :setting]
+
   def index
     @diplomas = Diploma.order_by(:end_date=>'desc',:start_date=>'desc').page(params[:page]).per(10)
   end
@@ -17,7 +20,7 @@ class Admin::DiplomasController < OrbitMemberController
     @member = MemberProfile.find(diploma_params['member_profile_id']) rescue nil
     @diploma = Diploma.new(diploma_params)
     @diploma.save
-    redirect_to URI.encode('/admin/members/'+@member.to_param+'/Diploma')
+    redirect_to params['referer_url']
   end
 
   def edit
@@ -30,7 +33,7 @@ class Admin::DiplomasController < OrbitMemberController
     @diploma = Diploma.find(params[:id])
     @diploma.update_attributes(diploma_params)
     @diploma.save
-    redirect_to URI.encode('/admin/members/'+@member.to_param+'/Diploma')
+    redirect_to params['referer_url']
   end
 
   def destroy
diff --git a/app/views/admin/diplomas/_diploma.html.erb b/app/views/admin/diplomas/_diploma.html.erb
index 4c11752..14c6019 100644
--- a/app/views/admin/diplomas/_diploma.html.erb
+++ b/app/views/admin/diplomas/_diploma.html.erb
@@ -1,5 +1,6 @@
 <% @diplomas.each do |diploma| %> 
   <tr id="<%= dom_id diploma %>" class="<%= diploma.is_hidden ? "checkHide" : "" %>">
+    <td><%= diploma.member_profile.name %></td>
     <td><%= diploma.duration %></td>
     <td>
       <%= link_to diploma.school_name, OrbitHelper.url_to_plugin_show(diploma.to_param,'personal_diploma'), target: "blank"%>
diff --git a/app/views/admin/diplomas/_form.html.erb b/app/views/admin/diplomas/_form.html.erb
index 83d2e86..d2baf33 100644
--- a/app/views/admin/diplomas/_form.html.erb
+++ b/app/views/admin/diplomas/_form.html.erb
@@ -177,6 +177,7 @@
 <!-- Form Actions -->
 <div class="form-actions">
   <%= f.hidden_field :user_id, :value => params[:user_id] if !params[:user_id].blank? %>
+  <input type="hidden" name="referer_url" value="<%= request.referer %>">
   <%= f.submit t('submit'), class: 'btn btn-primary' %>
   <%= link_to t('cancel'), get_go_back, :class=>"btn" %>  
 </div>
\ No newline at end of file
diff --git a/app/views/admin/diplomas/index.html.erb b/app/views/admin/diplomas/index.html.erb
index a365c30..10c7d70 100644
--- a/app/views/admin/diplomas/index.html.erb
+++ b/app/views/admin/diplomas/index.html.erb
@@ -1,10 +1,11 @@
 <table class="table main-list">
   <thead>
     <tr>
-      <th class="span3"><%= t('date_') %></th>
+      <th class="span2"><%= t('users.name') %></th>
+      <th class="span3"><%= t('personal_diploma.duration') %></th>
       <th class="span3"><%= t('personal_diploma.school_name') %></th>
-      <th class="span3"><%= t('personal_diploma.department') %></th>
-      <th class="span3"><%= t('personal_diploma.degree') %></th>
+      <th class="span2"><%= t('personal_diploma.department') %></th>
+      <th class="span2"><%= t('personal_diploma.degree') %></th>
     </tr>
   </thead>
   <tbody id="tbody_diplomas" class="sort-holder">
diff --git a/app/views/plugin/personal_diploma/_profile.html.erb b/app/views/plugin/personal_diploma/_profile.html.erb
index ef14752..6089f6e 100644
--- a/app/views/plugin/personal_diploma/_profile.html.erb
+++ b/app/views/plugin/personal_diploma/_profile.html.erb
@@ -6,15 +6,14 @@
 <% end %>
 
 <%
-  is_autorized_user = (current_user==@member.user || current_user.is_admin?)
-  if is_autorized_user
+  if has_access?
     @diplomas = Diploma.where(member_profile_id: @member.id).desc(:year).page(params[:page]).per(10)
   else
     @diplomas = Diploma.where(is_hidden: false, member_profile_id: @member.id).desc(:year).page(params[:page]).per(10)
   end
 %>
 
-<% if is_autorized_user %>
+<% if has_access? %>
   <div class="list-active">
     <div class="btn-group">
       <%= link_to('Hide', '#', :class => "btn btn-mini list-active-btn disabled", "data-check-action" => "list-be-hide", :rel => toggle_hide_admin_diplomas_path(member_profile_id: params[:id], disable: 'true') ) %>
@@ -26,7 +25,7 @@
 <table class="table table-condensed table-striped main-list">
   <thead>
     <tr>
-      <% if is_autorized_user %>
+      <% if has_access? %>
         <th><input type="checkbox" /></th>
       <% end -%>
       <th class="span3"><%= t('date_') %></th>
@@ -38,7 +37,7 @@
   <tbody>
     <% @diplomas.each do |diploma| %> 
       <tr id="<%= dom_id diploma %>" class="<%= diploma.is_hidden ? "checkHide" : "" %>">
-        <% if is_autorized_user %>
+        <% if has_access? %>
           <td>
             <%= check_box_tag 'to_change[]', diploma.id.to_s, false, :class => "list-check" %>
           </td>
@@ -48,8 +47,10 @@
           <%= link_to diploma.school_name, OrbitHelper.url_to_plugin_show(diploma.to_param,'personal_diploma'), target: "blank"%>
           <div class="quick-edit">
             <ul class="nav nav-pills hide">
-              <li><%= link_to t('edit'), '/admin/members/'+@member.to_param+'/diplomas/'+diploma.id+'/edit' %></li>
-              <li><%= link_to t(:delete_), admin_diploma_path(id: diploma.id, member_profile_id: @member.id), method: :delete, remote: true, data: { confirm: t('sure?') } %></li>
+              <% if has_access? %>
+                <li><%= link_to t('edit'), '/admin/members/'+@member.to_param+'/diplomas/'+diploma.id+'/edit' %></li>
+                <li><%= link_to t(:delete_), admin_diploma_path(id: diploma.id, member_profile_id: @member.id), method: :delete, remote: true, data: { confirm: t('sure?') } %></li>
+              <% end %> 
             </ul>
           </div>
         </td>
@@ -62,7 +63,7 @@
 
 
 <div class="bottomnav clearfix">
-  <% if is_autorized_user %>
+  <% if has_access? %>
     <div class="action pull-right">
       <%= link_to content_tag(:i, nil, :class => 'icon-edit') +' '+ t('setting'),'/admin/members/'+@member.to_param+'/diplomas/frontend_setting', :class => 'btn btn-primary' %>
       <%= link_to content_tag(:i, nil, :class => 'icon-plus') +' '+ t('new_'),