Fix for NCCU 0430 all functions ok with two submanagers but different behavors

2012-04-30 03:14:15 +08:00 · 2012-04-30 03:14:15 +08:00 · 4466e7ae1c
parent 4a51355b1a
commit 4466e7ae1c
14 changed files with 109 additions and 25 deletions
--- a/app/controllers/admin/dashboards_controller.rb
+++ b/app/controllers/admin/dashboards_controller.rb
@ -2,7 +2,7 @@ class Admin::DashboardsController < ApplicationController
  
  layout "new_admin"
  before_filter :authenticate_user!
-  before_filter :is_admin?
+#  before_filter :is_admin?
  
  def index
  end
--- a/app/controllers/admin/designs_controller.rb
+++ b/app/controllers/admin/designs_controller.rb
@ -6,6 +6,7 @@ class Admin::DesignsController < ApplicationController
  layout "new_admin"
  before_filter :authenticate_user!
  before_filter :is_admin? 
+  before_filter :for_admin_only

  def upload_package
    if !params[:design].nil?
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -39,9 +39,59 @@ class ApplicationController < ActionController::Base
    @parent_item  = Item.first(:conditions => { :id => BSON::ObjectId(params[:parent_id]) }) rescue nil
  end
  
+  def auth_failed_in_backend
+     redirect_to admin_dashboards_url 
+  end
+  
  # Check if the current_user is admin
  def is_admin?
-    redirect_to root_url unless current_user.admin?
+    
+    auth_failed_in_backend unless current_user.admin?
+  end
+  
+  def is_manager?
+     @module_app.managing_users.include?(current_user) || is_admin?
+  end
+  
+  def for_admin_only
+    if is_admin?
+      true
+    else
+    flash[:notice] = "Access Denied for you are not Admin"
+    auth_failed_in_backend
+    end
+  end
+  
+  def for_app_manager
+    if is_manager?
+      true
+    else
+    flash[:notice] = "Access Denied for you are not Manager for this app"
+    auth_failed_in_backend
+  end
+  end
+  
+  def for_app_sub_manager
+    if (@module_app.sub_managing_users.include?(current_user) || is_manager?)
+      true
+    else
+    flash[:notice] = "Access Denied for you are not SubManager for this app"    
+    auth_failed_in_backend
+  end
+  end
+
+  def for_app_user
+    if (@module_app.app_auth.auth_users.include?(current_user) || for_app_sub_manager )
+      true
+    else
+    flash[:notice] = "Access Denied for you are not User for this app"
+    auth_failed_in_backend
+  end
+  end
+
+  def check_object_premission(obj,title)
+    flash[:notice] = "Access Denied for you don't have permission for this object"
+    auth_failed_in_backend unless (obj.get_object_auth_by_title(title).auth_users.include?(current_user) || is_manager? || is_admin? )
  end
  
  # Render the page
--- a/app/views/admin/dashboards/index.html.erb
+++ b/app/views/admin/dashboards/index.html.erb
@ -1,3 +1,5 @@
+<%= flash_messages %>
+
 <div id="isotope">
    <div class="item element">
        <h3><i class="icons-member"></i><a href="">Member</a></h3>
--- a/app/views/layouts/_side_bar.html.erb
+++ b/app/views/layouts/_side_bar.html.erb
@ -1,6 +1,10 @@
 <%#= content_tag :li, :class => active_for_controllers('purchases') do -%>
 	<%#= link_to content_tag(:i, nil, :class => 'icons-purchase') + t('admin.purchase'), admin_purchases_path %>
 <%# end -%>
+<% content_for :page_specific_javascript do %>
+	<%= javascript_include_tag "/static/kernel.js"  %>
+<% end %>
+<%= flash_messages %>

 <%= content_tag :li, :class => active_for_controllers('bulletins', '/panel/announcement/back_end/tags', 'bulletin_categorys','module_apps', 'approvals') do -%>
 	<%= link_to content_tag(:i, nil, :class => 'icons-announcement') + t('admin.announcement'), panel_announcement_back_end_bulletins_path %>
--- a/public/static/kernel.js
+++ b/public/static/kernel.js
@ -1,4 +1,5 @@
 $(document).ready(function() {
+	$.each($(".notice"),function(k,v){ alert("EMPTY Cate");});
 	
 	$.each($(".dymanic_load"),function(){
 		if($(this).attr("path")==''){$(this).html("App setting Failed");} 
--- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/approvals_controller.rb
+++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/approvals_controller.rb
@ -1,5 +1,6 @@
 class Panel::Announcement::BackEnd::ApprovalsController  < OrbitBackendController
  before_filter :authenticate_user!
+  before_filter :is_admin?
  include AdminHelper
  # layout 'admin'
  
--- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletin_categorys_controller.rb
+++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletin_categorys_controller.rb
@ -1,4 +1,6 @@
 class Panel::Announcement::BackEnd::BulletinCategorysController < OrbitBackendController
+  before_filter :for_app_manager,:except => [:index] 
+

  def index
    @bulletin_categorys = BulletinCategory.all
--- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
+++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
@ -1,8 +1,9 @@
 class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
  
  before_filter :authenticate_user!
-  before_filter :is_admin?
-
+#  before_filter :for_admin_only,:only => [:]
+#  before_filter :for_app_manager,:only => [:index,:show,] 
+  before_filter :for_app_sub_manager,:except => [:index,:show,:get_sorted_and_filtered_bulletins]
  def index
    # @bulletins = Bulletin.all
    # @bulletins = Bulletin.desc("postdate desc")
@ -39,6 +40,10 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
    @bulletin_file = BulletinFile.new
    @file_url = panel_announcement_back_end_bulletins_path
 	
+	  @bulletins.delete_if{ |bulletin|
+	    bulletin.is_pending == true && (!bulletin.bulletin_category.authed_users('fact_check').include?(current_user) || bulletin.create_user_id!=current_user.id)
+	    }
+
    respond_to do |format|
      format.html # index.html.erb
      format.js { }
@ -77,14 +82,17 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
 	# @bulletin.bulletin_files.build
 	# @bulletin.bulletin_files.new

-	get_categorys
+	if get_categorys.empty?
+	  flash[:notice] = "You dont have any permission for post on cate"
+    redirect_to :action => :index
+  else
 	  get_tags
-
      respond_to do |format|
        format.html # new.html.erb
        format.xml  { render :xml => @bulletin }
      end
  	end
+  end

  # GET /bulletins/1/edit
  def edit
@ -311,7 +319,7 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
    if(is_manager? || is_admin?)
      @bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.excludes('disabled' => true))
    elsif is_sub_manager?
-      @bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit_new')
+      @bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit')
    end
  end
  
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb
@ -4,10 +4,13 @@
 			<%= bulletin_category.key %>
 			<div class="quick-edit">
 				<ul class="nav nav-pills hide">
-					<li><%= link_to t('bulletin_category.edit'), edit_panel_announcement_back_end_bulletin_category_path(bulletin_category), :remote => true %></li>
+					<%if is_manager? || is_admin? %>
 						<li><%= show_submit_permission_link(bulletin_category) %></li>
+					<% end %>
+					<% if is_admin?%>
+						<li><%= link_to t('bulletin_category.edit'), edit_panel_announcement_back_end_bulletin_category_path(bulletin_category), :remote => true %></li>
 						<li><%= link_to t('bulletin_category.delete'), panel_announcement_back_end_bulletin_category_path(bulletin_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
-					
+					<% end %>
 					
 				</ul>
 			</div>
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb
@ -17,7 +17,7 @@
 	</tbody>
 </table>

-<div id="form"><%= render :partial => "form" %></div>
+<div id="form"><%= render :partial => "form" if is_manager?%></div>



--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb
@ -1,5 +1,8 @@
 <tr id="<%= dom_id bulletin %>" class="with_action">
-	<td><%= check_box_tag 'to_delete[]', bulletin.id, false, :class => "checkbox_in_list" %></td>
+	<td>
+		<% if (bulletin.create_user_id ==  current_user.id) || is_manager? %>
+			<%= check_box_tag 'to_delete[]', bulletin.id, false, :class => "checkbox_in_list" %>
+		<% end -%>
 	<td>
 		<% if bulletin.is_top? %>
 			<span class="label label-success"><%= t(:top) %></span>
@ -23,8 +26,11 @@
 	<td><%= bulletin.bulletin_category.i18n_variable[I18n.locale] %></td>
 	<td>
 		<%= link_to bulletin.title[I18n.locale], panel_announcement_front_end_bulletin_path(bulletin, :category_id => bulletin.bulletin_category.id) rescue ''%>
+		
 		<div class="quick-edit">
 			<ul class="nav nav-pills hide">
+				<% if (bulletin.create_user_id ==  current_user.id) || is_manager? %>
+				
 				<% if current_user.admin? || (!bulletin.is_rejected? && !bulletin.is_checked?) %>
 					<li><%= link_to t('bulletin.edit'), edit_panel_announcement_back_end_bulletin_path(bulletin) %></li>
 					<li class="dropdown">
@ -39,11 +45,13 @@
 					</li>
 					<%#= debugger  %>
 					<%#= a=1 %>
+	
+				<% end %>
+				<li class="dropdown"><%= link_to t('bulletin.delete'), panel_announcement_back_end_bulletin_path(bulletin), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
+				<% end -%>
 				<% if show_approval_link(bulletin) %>
 				<li><%= link_to t('announcement.bulletin.approval'), edit_panel_announcement_back_end_bulletin_path(bulletin)   %></li><%#= #TODO add ancher so user can quick access into that part %>
 				<% end %>
-				<% end %>
-				<li class="dropdown"><%= link_to t('bulletin.delete'), panel_announcement_back_end_bulletin_path(bulletin), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
 			</ul>
 		</div>
 	</td>
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_sort_headers.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_sort_headers.html.erb
@ -2,8 +2,10 @@
 	<thead>
 		<tr class="sort-header">
 			<th class="span1 strong">
+				<% if is_manager? %>
 					<input id="check_all_bulletins" type="checkbox">
 					<a href='#' class="list-remove"><i class="icon-trash"></i></a>
+				<% end -%>
 			</th>
 			<th class="sort span1-2 <%= is_sort_active?('status') %>">
 				<%= link_to (t('bulletin.status') + content_tag(:b, nil, :class => is_sort?('status'))).html_safe, panel_announcement_back_end_bulletins_path({:filter => @filter}.merge(sortable('status'))), :class => 'js_history' %>
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb
@ -1,3 +1,5 @@
+
+
 <%= form_for :bulletins, :url => delete_panel_announcement_back_end_bulletins_path(:direction => params[:direction], :sort => params[:sort], :filter => @filter, :new_filter => nil), :html => {:id => 'delete_bulletins'}, :remote => true do %>
 	<%= render 'filter' %>
 	<table id="bulettin_sort_list" class="table main-list">