developers
/
Orbit
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix for NCCU 0430 all functions ok with two submanagers but different behavors

This commit is contained in:
Matthew K. Fu JuYuan 2012-04-30 03:14:15 +08:00 committed by Christophe Vilayphiou
parent 45e21f9569
commit 05ded8de03
14 changed files with 107 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/admin/dashboards_controller.rb
View File

@ -2,7 +2,7 @@ class Admin::DashboardsController < ApplicationController
layout "new_admin" layout "new_admin"
before_filter :authenticate_user! before_filter :authenticate_user!
before_filter :is_admin? # before_filter :is_admin?
def index def index
end end

1
app/controllers/admin/designs_controller.rb
View File

@ -6,6 +6,7 @@ class Admin::DesignsController < ApplicationController
layout "new_admin" layout "new_admin"
before_filter :authenticate_user! before_filter :authenticate_user!
before_filter :is_admin? before_filter :is_admin?
before_filter :for_admin_only
def upload_package def upload_package
if !params[:design].nil? if !params[:design].nil?

52
app/controllers/application_controller.rb
View File

@ -39,9 +39,59 @@ class ApplicationController < ActionController::Base
@parent_item = Item.first(:conditions => { :id => BSON::ObjectId(params[:parent_id]) }) rescue nil @parent_item = Item.first(:conditions => { :id => BSON::ObjectId(params[:parent_id]) }) rescue nil
end end
def auth_failed_in_backend
redirect_to admin_dashboards_url
end
# Check if the current_user is admin # Check if the current_user is admin
def is_admin? def is_admin?
redirect_to root_url unless current_user.admin?
auth_failed_in_backend unless current_user.admin?
end
def is_manager?
@module_app.managing_users.include?(current_user) || is_admin?
end
def for_admin_only
if is_admin?
true
else
flash[:notice] = "Access Denied for you are not Admin"
auth_failed_in_backend
end
end
def for_app_manager
if is_manager?
true
else
flash[:notice] = "Access Denied for you are not Manager for this app"
auth_failed_in_backend
end
end
def for_app_sub_manager
if (@module_app.sub_managing_users.include?(current_user) || is_manager?)
true
else
flash[:notice] = "Access Denied for you are not SubManager for this app"
auth_failed_in_backend
end
end
def for_app_user
if (@module_app.app_auth.auth_users.include?(current_user) || for_app_sub_manager )
true
else
flash[:notice] = "Access Denied for you are not User for this app"
auth_failed_in_backend
end
end
def check_object_premission(obj,title)
flash[:notice] = "Access Denied for you don't have permission for this object"
auth_failed_in_backend unless (obj.get_object_auth_by_title(title).auth_users.include?(current_user) || is_manager? || is_admin? )
end end
# Render the page # Render the page

2
app/helpers/orbit_backend_helper.rb
View File

@ -27,7 +27,7 @@ module OrbitBackendHelper
concat (content_tag :th, :class => "span1 strong" do concat (content_tag :th, :class => "span1 strong" do
concat check_box_tag :check_all concat check_box_tag :check_all
concat link_to content_tag(:i, nil, :class => "icon-trash"), '#', :class => "list-remove" concat link_to content_tag(:i, nil, :class => "icon-trash"), '#', :class => "list-remove"
end) if delete_all end) if delete_all && is_manager?
titles.each do |title| titles.each do |title|
concat render_title(title[0], title[1], title[2], title[3]) concat render_title(title[0], title[1], title[2], title[3])
end end

2
app/views/admin/dashboards/index.html.erb
View File

@ -1,3 +1,5 @@
<%= flash_messages %>
<div id="isotope"> <div id="isotope">
<div class="item element"> <div class="item element">
<h3><i class="icons-content"></i><a href=""><%= t(:content) %></a></h3> <h3><i class="icons-content"></i><a href=""><%= t(:content) %></a></h3>

4
app/views/layouts/_side_bar.html.erb
View File

@ -1,6 +1,10 @@
<%#= content_tag :li, :class => active_for_controllers('purchases') do -%> <%#= content_tag :li, :class => active_for_controllers('purchases') do -%>
<%#= link_to content_tag(:i, nil, :class => 'icons-purchase') + t('admin.purchase'), admin_purchases_path %> <%#= link_to content_tag(:i, nil, :class => 'icons-purchase') + t('admin.purchase'), admin_purchases_path %>
<%# end -%> <%# end -%>
<% content_for :page_specific_javascript do %>
<%= javascript_include_tag "/static/kernel.js" %>
<% end %>
<%= flash_messages %>
<%= content_tag :li, :class => active_for_controllers('bulletins', '/panel/announcement/back_end/tags', 'bulletin_categorys','module_apps', 'approvals') do -%> <%= content_tag :li, :class => active_for_controllers('bulletins', '/panel/announcement/back_end/tags', 'bulletin_categorys','module_apps', 'approvals') do -%>
<%= link_to content_tag(:i, nil, :class => 'icons-announcement') + t('admin.announcement'), panel_announcement_back_end_bulletins_path %> <%= link_to content_tag(:i, nil, :class => 'icons-announcement') + t('admin.announcement'), panel_announcement_back_end_bulletins_path %>

1
public/static/kernel.js
View File

@ -1,4 +1,5 @@
$(document).ready(function() { $(document).ready(function() {
$.each($(".notice"),function(k,v){ alert("EMPTY Cate");});
$.each($(".dymanic_load"),function(){ $.each($(".dymanic_load"),function(){
if($(this).attr("path")==''){$(this).html("App setting Failed");} if($(this).attr("path")==''){$(this).html("App setting Failed");}

1
vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/approvals_controller.rb vendored
View File

@ -1,5 +1,6 @@
class Panel::Announcement::BackEnd::ApprovalsController < OrbitBackendController class Panel::Announcement::BackEnd::ApprovalsController < OrbitBackendController
before_filter :authenticate_user! before_filter :authenticate_user!
before_filter :is_admin?
include AdminHelper include AdminHelper
# layout 'admin' # layout 'admin'

2
vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletin_categorys_controller.rb vendored
View File

@ -1,4 +1,6 @@
class Panel::Announcement::BackEnd::BulletinCategorysController < OrbitBackendController class Panel::Announcement::BackEnd::BulletinCategorysController < OrbitBackendController
before_filter :for_app_manager,:except => [:index]
def index def index
@bulletin_categorys = BulletinCategory.all @bulletin_categorys = BulletinCategory.all

18
vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb vendored
View File

@ -1,8 +1,9 @@
class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
before_filter :authenticate_user! before_filter :authenticate_user!
before_filter :is_admin? # before_filter :for_admin_only,:only => [:]
# before_filter :for_app_manager,:only => [:index,:show,]
before_filter :for_app_sub_manager,:except => [:index,:show,:get_sorted_and_filtered_bulletins]
def index def index
# @bulletins = Bulletin.all # @bulletins = Bulletin.all
# @bulletins = Bulletin.desc("postdate desc") # @bulletins = Bulletin.desc("postdate desc")
@ -42,6 +43,10 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
@bulletin_file = BulletinFile.new @bulletin_file = BulletinFile.new
@file_url = panel_announcement_back_end_bulletins_path @file_url = panel_announcement_back_end_bulletins_path
@bulletins.delete_if{ |bulletin|
bulletin.is_pending == true && (!bulletin.bulletin_category.authed_users('fact_check').include?(current_user) || bulletin.create_user_id!=current_user.id)
}
respond_to do |format| respond_to do |format|
format.html # index.html.erb format.html # index.html.erb
format.js { } format.js { }
@ -80,14 +85,17 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
# @bulletin.bulletin_files.build # @bulletin.bulletin_files.build
# @bulletin.bulletin_files.new # @bulletin.bulletin_files.new
get_categorys if get_categorys.empty?
flash[:notice] = "You dont have any permission for post on cate"
redirect_to :action => :index
else
get_tags get_tags
respond_to do |format| respond_to do |format|
format.html # new.html.erb format.html # new.html.erb
format.xml { render :xml => @bulletin } format.xml { render :xml => @bulletin }
end end
end end
end
# GET /bulletins/1/edit # GET /bulletins/1/edit
def edit def edit
@ -314,7 +322,7 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
if(is_manager? || is_admin?) if(is_manager? || is_admin?)
@bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.excludes('disabled' => true)) @bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.excludes('disabled' => true))
elsif is_sub_manager? elsif is_sub_manager?
@bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit_new') @bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit')
end end
end end

7
vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb vendored
View File

@ -4,10 +4,13 @@
<%= bulletin_category.key %> <%= bulletin_category.key %>
<div class="quick-edit"> <div class="quick-edit">
<ul class="nav nav-pills hide"> <ul class="nav nav-pills hide">
<li><%= link_to t('bulletin_category.edit'), edit_panel_announcement_back_end_bulletin_category_path(bulletin_category), :remote => true %></li> <%if is_manager? || is_admin? %>
<li><%= show_submit_permission_link(bulletin_category) %></li> <li><%= show_submit_permission_link(bulletin_category) %></li>
<% end %>
<% if is_admin?%>
<li><%= link_to t('bulletin_category.edit'), edit_panel_announcement_back_end_bulletin_category_path(bulletin_category), :remote => true %></li>
<li><%= link_to t('bulletin_category.delete'), panel_announcement_back_end_bulletin_category_path(bulletin_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li> <li><%= link_to t('bulletin_category.delete'), panel_announcement_back_end_bulletin_category_path(bulletin_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
<% end %>
</ul> </ul>
</div> </div>

2
vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb vendored
View File

@ -35,7 +35,7 @@
</tbody> </tbody>
</table> </table>
<div id="form"><%= render :partial => "form" %></div> <div id="form"><%= render :partial => "form" if is_manager?%></div>

14
vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb vendored
View File

@ -1,5 +1,8 @@
<tr id="<%= dom_id bulletin %>" class="with_action"> <tr id="<%= dom_id bulletin %>" class="with_action">
<td><%= check_box_tag 'to_delete[]', bulletin.id, false, :class => "checkbox_in_list" %></td> <td>
<% if (bulletin.create_user_id == current_user.id) || is_manager? %>
<%= check_box_tag 'to_delete[]', bulletin.id, false, :class => "checkbox_in_list" %>
<% end -%>
<td> <td>
<div class="label-group"> <div class="label-group">
<div class="label-td"> <div class="label-td">
@ -27,8 +30,11 @@
<td><%= bulletin.bulletin_category.i18n_variable[I18n.locale] %></td> <td><%= bulletin.bulletin_category.i18n_variable[I18n.locale] %></td>
<td> <td>
<%= link_to bulletin.title[I18n.locale], panel_announcement_front_end_bulletin_path(bulletin, :category_id => bulletin.bulletin_category.id) rescue ''%> <%= link_to bulletin.title[I18n.locale], panel_announcement_front_end_bulletin_path(bulletin, :category_id => bulletin.bulletin_category.id) rescue ''%>
<div class="quick-edit"> <div class="quick-edit">
<ul class="nav nav-pills hide"> <ul class="nav nav-pills hide">
<% if (bulletin.create_user_id == current_user.id) || is_manager? %>
<% if current_user.admin? || (!bulletin.is_rejected? && !bulletin.is_checked?) %> <% if current_user.admin? || (!bulletin.is_rejected? && !bulletin.is_checked?) %>
<li><%= link_to t('bulletin.edit'), edit_panel_announcement_back_end_bulletin_path(bulletin) %></li> <li><%= link_to t('bulletin.edit'), edit_panel_announcement_back_end_bulletin_path(bulletin) %></li>
<li class="dropdown"> <li class="dropdown">
@ -43,11 +49,13 @@
</li> </li>
<%#= debugger %> <%#= debugger %>
<%#= a=1 %> <%#= a=1 %>
<% end %>
<li class="dropdown"><%= link_to t('bulletin.delete'), panel_announcement_back_end_bulletin_path(bulletin), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
<% end -%>
<% if show_approval_link(bulletin) %> <% if show_approval_link(bulletin) %>
<li><%= link_to t('announcement.bulletin.approval'), edit_panel_announcement_back_end_bulletin_path(bulletin) %></li><%#= #TODO add ancher so user can quick access into that part %> <li><%= link_to t('announcement.bulletin.approval'), edit_panel_announcement_back_end_bulletin_path(bulletin) %></li><%#= #TODO add ancher so user can quick access into that part %>
<% end %> <% end %>
<% end %>
<li class="dropdown"><%= link_to t('bulletin.delete'), panel_announcement_back_end_bulletin_path(bulletin), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
</ul> </ul>
</div> </div>
</td> </td>