From 2e58c63ff7d787eac3f92c10033fd3d63b5d690c Mon Sep 17 00:00:00 2001 From: Matthew Kaito Juyuan Fu Date: Thu, 16 Feb 2012 13:57:28 +0800 Subject: [PATCH] fix bugs with token --- app/controllers/orbit_backend_controller.rb | 1 - app/models/module_app.rb | 4 +++- app/models/object_auth.rb | 2 +- app/models/prototype_auth.rb | 5 ++--- .../components/_user_role_management.html.erb | 3 ++- config/routes.rb | 2 +- lib/orbit_core_lib.rb | 22 +++++++++++++++++-- .../_bulletin_category.html.erb | 4 ++-- 8 files changed, 31 insertions(+), 12 deletions(-) diff --git a/app/controllers/orbit_backend_controller.rb b/app/controllers/orbit_backend_controller.rb index 49505c8f4..d3639ebe3 100644 --- a/app/controllers/orbit_backend_controller.rb +++ b/app/controllers/orbit_backend_controller.rb @@ -10,7 +10,6 @@ class OrbitBackendController< ApplicationController def setup_vars @app_title = request.fullpath.split('/')[2] @module_app = ModuleApp.first(conditions: {:key => @app_title} ) - end private diff --git a/app/models/module_app.rb b/app/models/module_app.rb index 7e5e23fda..7ad4ac1dd 100644 --- a/app/models/module_app.rb +++ b/app/models/module_app.rb @@ -1,6 +1,7 @@ class ModuleApp include Mongoid::Document include Mongoid::Timestamps + include OrbitCoreLib::ObjectTokenUnility field :key field :title @@ -14,7 +15,7 @@ class ModuleApp field :app_pages ,type: Array field :widgets ,type: Array - + has_many :managers,as: :managing_app ,:class_name => "AppManager" #,:dependent => :destroy,:foreign_key => "managing_app_id",:inverse_of => :managing_app has_many :sub_managers,as: :sub_managing_app ,:class_name => "AppManager"#, :dependent => :destroy,:foreign_key => "sub_managing_app_id",:inverse_of => :sub_managing_app @@ -81,5 +82,6 @@ class ModuleApp def set_key self.key = self.title.underscore if self.title end + end diff --git a/app/models/object_auth.rb b/app/models/object_auth.rb index dab7acc73..f67f99843 100644 --- a/app/models/object_auth.rb +++ b/app/models/object_auth.rb @@ -1,5 +1,5 @@ class ObjectAuth < PrototypeAuth - + include OrbitCoreLib::ObjectTokenUnility belongs_to :obj_authable, polymorphic: true # > - Something.find_with_auth(query) # > - or Something.find(query).auth diff --git a/app/models/prototype_auth.rb b/app/models/prototype_auth.rb index 6b22a1b39..666bc7a89 100644 --- a/app/models/prototype_auth.rb +++ b/app/models/prototype_auth.rb @@ -4,7 +4,6 @@ class PrototypeAuth # after_save :update_block_list,:update_privilage_list field :title - field :token field :all ,type: Boolean,default: false belongs_to :users @@ -12,12 +11,13 @@ class PrototypeAuth has_and_belongs_to_many :blocked_users, :inverse_of => nil, :class_name => "User" has_and_belongs_to_many :privilege_users, :inverse_of => nil, :class_name => "User" - has_and_belongs_to_many :roles has_and_belongs_to_many :sub_roles attr_protected :roles,:sub_roles,:privilege_users,:blocked_users + + def add_role role add_operation(:roles,role) end @@ -87,7 +87,6 @@ class PrototypeAuth auth_users_before_block_list - self.blocked_users end - # protected end \ No newline at end of file diff --git a/app/views/admin/components/_user_role_management.html.erb b/app/views/admin/components/_user_role_management.html.erb index 593073516..ed7c34765 100644 --- a/app/views/admin/components/_user_role_management.html.erb +++ b/app/views/admin/components/_user_role_management.html.erb @@ -1,5 +1,7 @@

User Role

+ All User + <%= form_tag(submit_url) do %> <%= collection_select(:new,:role, Role.all, :id, :key, :prompt => true) %> <%= submit_tag 'Add Role' %>
@@ -10,7 +12,6 @@ <%= collection_select(:new,:blocked_user, User.all, :id, :name, :prompt => true) %> <%= submit_tag 'Add BlockedList' %>
<% end %> - <% unless auth.nil? %> <% auth.roles.each do |role| %>
  • <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %> diff --git a/config/routes.rb b/config/routes.rb index ba5acb0ab..cd3921f00 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -16,7 +16,7 @@ PrototypeR4::Application.routes.draw do resources :app_auths resources :object_auths do collection do - match 'new/:type/:obj_id/:module_app_id',:action => 'new',:via => "get",:as => :init + match 'new/:type/:obj_id',:action => 'new',:via => "get",:as => :init end member do match ':id/create_role',:action => 'create_role',:via => "post",:as => :create_role diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb index 2520e04c6..561fceba0 100644 --- a/lib/orbit_core_lib.rb +++ b/lib/orbit_core_lib.rb @@ -31,12 +31,28 @@ module OrbitCoreLib end end + module ObjectTokenUnility + def self.included(base) + base.instance_eval("field :s_token") + base.instance_eval("after_create :generate_token") + end + + def token + return self.s_token + end + + protected + def generate_token + self.s_token = ActiveSupport::SecureRandom.hex(16) + self.save! + end + end module PermissionUnility private def check_permission(type = :use) permission_grant = current_user.admin?? true : false - module_app = @module_app.nil?? ModuleApp.find(params[:module_app_id]) : @module_app + module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app unless permission_grant permission_grant = case type when :use @@ -51,6 +67,8 @@ module OrbitCoreLib end permission_grant end - + def find_module_app_by_token(token) + ModuleApp.first(conditions: {s_token: token}) + end end end diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb index 2cd097ed2..e834ec606 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb @@ -7,9 +7,9 @@ <%= bulletin_category.display %> <% if is_manager? %> - <%= link_to t('blog.new_auth'), init_admin_object_auths_path("BulletinCategory",bulletin_category,@module_app) %>
    + <%= link_to t('blog.new_auth'), init_admin_object_auths_path("BulletinCategory",bulletin_category,:token => @module_app.token) %>
    <% bulletin_category.object_auths.each do |obj_auth| %> - <%= link_to obj_auth.title,edit_admin_object_auth_url(obj_auth) %>
    + <%= link_to obj_auth.title,edit_admin_object_auth_url(obj_auth,:token => @module_app.token) %>
    <% end %>