First version for App and Object auth.Taking Announcement as experiment

app/controllers/admin/object_auths_controller.rb

@@ -1,8 +1,12 @@
 class Admin::ObjectAuthsController < ApplicationController
+  include OrbitCoreLib::PermissionUnility
   layout "admin"
   before_filter :authenticate_user!
+  before_filter :check_if_user_can_do_object_auth
 #  before_filter :is_admin? ,:only => :index
   
+
+  
   def index
     # if current_user.admin?
       @object_auths = ObjectAuth.all
@@ -70,7 +74,11 @@ class Admin::ObjectAuthsController < ApplicationController
   def edit
     @object_auth = ObjectAuth.find(params[:id])
   end
-  
-
 
+private
+  def check_if_user_can_do_object_auth
+    unless  check_permission(:manager)
+      render :nothing => true, :status => 403 
+    end
+  end
 end

app/controllers/obit_frontend_controller.rb

@@ -1,3 +0,0 @@
-class ObitFrontendController< ObitFrontendComponentController
-
-end

app/controllers/obit_widget_controller.rb

@@ -1,3 +0,0 @@
-class ObitWidgetController< ObitFrontendComponentController
-
-end

app/controllers/orbit_backend_controller.rb

@@ -0,0 +1,24 @@
+class OrbitBackendController< ApplicationController
+  before_filter :authenticate_user!
+  before_filter :setup_vars
+ # before_filter {|c| c.front_end_available(@app_title)}
+  before_filter :check_user_can_use,:except => [:public]
+  include OrbitCoreLib::PermissionUnility
+  
+  layout 'admin'
+  
+  def setup_vars
+    @app_title = request.fullpath.split('/')[2]
+    @module_app = ModuleApp.first(conditions: {:key => @app_title} )
+    
+  end
+  
+  private
+  
+  def check_user_can_use 
+    unless check_permission
+      redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
+    end
+  end
+  
+end

app/controllers/orbit_frontend_component_controller.rb

@@ -1,4 +1,4 @@
-class ObitFrontendComponentController< ApplicationController
+class OrbitFrontendComponentController< ApplicationController
   before_filter :setup_vars
   before_filter {|c| c.front_end_available(@app_title)}
   layout 'production'

app/controllers/orbit_frontend_controller.rb

@@ -0,0 +1,3 @@
+class OrbitFrontendController< OrbitFrontendComponentController
+
+end

app/controllers/orbit_widget_controller.rb

@@ -0,0 +1,3 @@
+class ObitWidgetController< OrbitFrontendComponentController
+
+end

app/helpers/admin/app_auth_helper.rb

@@ -3,4 +3,9 @@ module Admin::AppAuthHelper
     link_to t(:enable), eval("admin_#{attribute_type}_path(attribute, :authenticity_token => form_authenticity_token, :#{attribute_type} => {:disabled => true})"), :remote => true, :method => :put, :id => "disable_#{attribute.id}", :style => "display:#{attribute.is_disabled? ? 'none' : ''}", :class => 'switch' 
     link_to t(:disable), eval("admin_#{attribute_type}_path(attribute, :authenticity_token => form_authenticity_token, :#{attribute_type} => {:disabled => false})"), :remote => true, :method => :put, :id => "enable_#{attribute.id}", :style => "display:#{attribute.is_disabled? ? '' : 'none'}", :class => 'switch'
   end
+  
+  def if_permitted_to(user,role)
+    
+  end
+  
 end

app/helpers/admin_helper.rb

@@ -5,4 +5,17 @@ module AdminHelper
     link_to('/' , admin_items_path) + ( @parent_items.map{ |i| link_to(i.name, admin_items_path(:parent_id=>i.id) ) } << @parent_item.name ).join("/").html_safe
   end
   
+  # Check if the current_user is manager in current module app
+  def is_manager?
+    @module_app.is_manager?(current_user) || is_admin?
+  end
+
+  # Check if the current_user is sub manager in current module app
+  def is_sub_manager?
+    @module_app.is_sub_manager?(current_user)|| is_admin?
+  end
+  
+  def is_admin?
+    current_user.admin?
+  end
 end

app/models/app_auth.rb

@@ -2,4 +2,5 @@ class AppAuth < PrototypeAuth
 
   belongs_to :module_app
   
+  
 end

app/models/module_app.rb

@@ -22,6 +22,14 @@ class ModuleApp
   
   before_save :set_key
   
+  def is_manager?(user)
+    managing_users.include?(user)
+  end
+  
+  def is_sub_manager?(user)
+    sub_managing_users.include?(user) || is_manager?(user)
+  end
+  
   def managing_users
     self.managers.collect{ |t| t.user }
   end

app/models/prototype_auth.rb

@@ -16,7 +16,7 @@ class PrototypeAuth
   has_and_belongs_to_many :roles
   has_and_belongs_to_many :sub_roles
   
-  attr_protected :roles,:sub_roles,:privilege_users,:blocked_users,:users
+  attr_protected :roles,:sub_roles,:privilege_users,:blocked_users
 
   def add_role role
     add_operation(:roles,role)

app/views/admin/module_apps/_app_selector.html.erb

@@ -1 +0,0 @@
-<%= f.select :module_app_id, @apps.collect { |t| [t.title.capitalize, t.id] }, {:include_blank => true} ,{:rel => admin_module_apps_path }  %>

app/views/admin/object_auths/edit.html.erb

@@ -11,4 +11,4 @@
 <%= render :partial => "admin/components/user_role_management", :locals => { 
 	:object => @object_auth.auth_obj ,:auth=>@object_auth,:submit_url=>create_role_admin_object_auth_path(@object_auth),:ploy_route_ary=>['remove',:admin,@object_auth] } %>
 
-
+<%= link_to 'Back to object',eval(@object_auth.obj_authable.class.to_s+"::AfterObjectAuthUrl")  %>

config/routes.rb

@@ -14,7 +14,7 @@ PrototypeR4::Application.routes.draw do
     resources :app_auths 
     resources :object_auths  do
       collection do
-        match 'new/:type/:obj_id',:action => 'new',:via => "get",:as => :init
+        match 'new/:type/:obj_id/:module_app_id',:action => 'new',:via => "get",:as => :init
       end
       member do
         match ':id/create_role',:action => 'create_role',:via => "post",:as => :create_role

lib/orbit_core_lib.rb

@@ -31,4 +31,26 @@ module  OrbitCoreLib
     end
     
   end
+  
+  module PermissionUnility
+  private
+    def check_permission(type = :use)
+      permission_grant =  current_user.admin?? true : false
+      module_app = @module_app.nil?? ModuleApp.find(params[:module_app_id]) : @module_app
+      unless permission_grant
+        permission_grant = case type
+        when :use
+          users_ary = module_app.app_auth.auth_users rescue nil
+          users_ary = [] if users_ary.nil?
+          (users_ary.include?(current_user) || module_app.is_manager?(current_user) || module_app.is_sub_manager?(current_user))
+        when :manager
+          module_app.is_manager?(current_user)
+        when :sub_manager  
+          module_app.is_manager?(current_user) || module_app.is_sub_manager?(current_user)
+        end  
+      end
+      permission_grant
+    end
+    
+  end
 end

lib/tasks/anc_tasks.rake

@@ -0,0 +1,22 @@
+# encoding: utf-8 
+
+namespace :anc do
+  
+  task :build => :environment do
+    bulletin_category_1 = BulletinCategory.create(:key => "C1ChrisCheckANDPreivew",:display => "List" )
+    bulletin_category_1.create_i18n_variable(:en => "ChrisCheckANDPreivew", :zh_tw => 'ChrisCheckANDPreivew')
+    bulletin_category_2 = BulletinCategory.create(:key => "C2MattCheckANDPreivew",:display => "List"  )
+    bulletin_category_2.create_i18n_variable(:en => "MattCheckANDPreivew", :zh_tw => 'MattCheckANDPreivew')
+    bulletin_category_3 = BulletinCategory.create(:key => "C3MattCheckChrisPreview",:display => "List"  )
+    bulletin_category_3.create_i18n_variable(:en => "MattCheckChrisPreview", :zh_tw => 'MattCheckChrisPreview')
+    
+  
+    bulletin_1 = Bulletin.create(:title => "C1P1",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category =>   bulletin_category_1  )
+    bulletin_2 = Bulletin.create(:title => "C1P2",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category =>   bulletin_category_1  )
+    bulletin_3 = Bulletin.create(:title => "C2P1",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category =>   bulletin_category_2  )
+    bulletin_4 = Bulletin.create(:title => "C2P2",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category =>   bulletin_category_2  )
+    bulletin_5 = Bulletin.create(:title => "C3P1",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category =>   bulletin_category_3  )
+    bulletin_6 = Bulletin.create(:title => "C3P2",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category =>   bulletin_category_3  )
+  
+  end
+end

lib/tasks/dev.rake

@@ -125,6 +125,12 @@ namespace :dev do
     AttributeValue.create( :user_id => user.id, :attribute_field_id => i_1.attribute_fields[1].id, :key => 'last_name', :en => 'Fu', :zh_tw => '傅' )
     AttributeValue.create( :user_id => user.id, :attribute_field_id => sr_2_1.attribute_fields[0].id, :key => 'major', :en => 'Information management', :zh_tw => '信息化管理' )
     AttributeValue.create( :user_id => user.id, :attribute_field_id => sr_2_1.attribute_fields[1].id, :key => 'department', :en => 'Computer Science', :zh_tw => '計算機科學' )
+
+    user = User.create( :email => 'manager@rulingcom.com', :password => 'password', :password_confirmation => 'password', :admin => false, :role_id => r_2.id, :sub_role_ids => [sr_2_1.id ] )
+    AttributeValue.create( :user_id => user.id, :attribute_field_id => i_1.attribute_fields[0].id, :key => 'first_name', :en => 'Manager', :zh_tw => '管理員' )
+    AttributeValue.create( :user_id => user.id, :attribute_field_id => i_1.attribute_fields[1].id, :key => 'last_name', :en => 'Chen', :zh_tw => '陳' )
+    AttributeValue.create( :user_id => user.id, :attribute_field_id => sr_2_1.attribute_fields[0].id, :key => 'major', :en => 'Information management', :zh_tw => '信息化管理' )
+    AttributeValue.create( :user_id => user.id, :attribute_field_id => sr_2_1.attribute_fields[1].id, :key => 'department', :en => 'Computer Science', :zh_tw => '計算機科學' )
     
     
     ad_banner = AdBanner.new(:title => 'banner_1',:post_date => Date.today,:context=> "context",:ad_fx=>'zoom',:direct_to_after_click=>true)

vendor/built_in_modules/announcement/announcement.json

@@ -1,5 +1,5 @@
 {
-	"title": "Announcement",
+	"title": "announcement",
   "version": "0.1",
   "organization": "Rulingcom",
   "author": "RD dep",

vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/announcements_controller.rb

@@ -1,11 +1,12 @@
-class Panel::Announcement::BackEnd::AnnouncementsController < ApplicationController
-  
-  layout 'admin'
-  
-  def index
+class Panel::Announcement::BackEnd::AnnouncementsController < OrbitBackendController  
   
+  def public
+    render  :text => "This is an public_page need to be build"
   end
 
+  def index
+    
+  end
   # GET /announcements/1
   # GET /announcements/1.xml
   def show
@@ -76,4 +77,6 @@ class Panel::Announcement::BackEnd::AnnouncementsController < ApplicationControl
       format.xml  { head :ok }
     end
   end
+  
+
 end

vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletin_categorys_controller.rb

@@ -1,7 +1,5 @@
-class Panel::Announcement::BackEnd::BulletinCategorysController < ApplicationController
-  
-  layout 'admin'
-  
+class Panel::Announcement::BackEnd::BulletinCategorysController < OrbitBackendController
+    
   def index
     @bulletin_categorys = BulletinCategory.all
     @bulletin_category = BulletinCategory.new(:display => 'List')

vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb

@@ -1,9 +1,6 @@
-class Panel::Announcement::BackEnd::BulletinsController < ApplicationController
-  
-  layout 'admin'
-  
-  before_filter :authenticate_user!
-  before_filter :is_admin?
+class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
+    
+  #before_filter :is_admin?
 
   def index
     # @bulletins = Bulletin.all

vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb

@@ -1,9 +1,10 @@
-class Panel::Announcement::BackEnd::FactChecksController  < ApplicationController
+class Panel::Announcement::BackEnd::FactChecksController  < OrbitBackendController
+  before_filter :authenticate_user!
   layout 'admin'
   
   def index
     @bulletin_categorys_preview = BulletinCategory.authed_for_user(current_user,'preview')
-    @bulletin_categorys_check = BulletinCategory.authed_for_user(current_user,'check')
+    @bulletin_categorys_check = BulletinCategory.authed_for_user(current_user,'fact_check')
   end
   
   def new

vendor/built_in_modules/announcement/app/models/bulletin_category.rb

@@ -6,7 +6,7 @@ class BulletinCategory
   include OrbitCoreLib::ObjectAuthable
   
   ObjectAuthTitlesOptions = %W{preview fact_check}
-  
+  AfterObjectAuthUrl = '/panel/announcement/back_end/bulletin_categorys'
   # include Mongoid::MultiParameterAttributes
   
   PAYMENT_TYPES = [ "List", "Picture" ]

vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb

@@ -5,13 +5,15 @@
 	<td><%= bulletin_category.i18n_variable[locale] rescue nil %></td>
 	<% end %>
 	<td><%= bulletin_category.display %></td>
-	<td>
-	<%= link_to t('blog.new_auth'), init_admin_object_auths_path("BulletinCategory",bulletin_category) %>  <br/ >
-	<% bulletin_category.object_auths.each do |obj_auth| %>
-		 <%= link_to obj_auth.title,edit_admin_object_auth_url(obj_auth)  %><br />
-	<% end %>
-	</td>
-	<td>
+	<% if is_manager? %>
+		<td>
+		<%= link_to t('blog.new_auth'), init_admin_object_auths_path("BulletinCategory",bulletin_category,@module_app) %>  <br/ >
+		<% bulletin_category.object_auths.each do |obj_auth| %>
+			 <%= link_to obj_auth.title,edit_admin_object_auth_url(obj_auth)  %><br />
+		<% end %>
+		</td>
+		<td>
+	<% end %>	
 	<%= link_to t('bulletin_category.edit'), edit_panel_announcement_back_end_bulletin_category_path(bulletin_category), :remote => true %> |
 	<%= link_to t('bulletin_category.quick_edit'), panel_announcement_back_end_bulletin_category_quick_edit_path(bulletin_category), :remote => true %> |
 	<%= link_to t('bulletin_category.delete'), panel_announcement_back_end_bulletin_category_path(bulletin_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %>

vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb

@@ -7,9 +7,8 @@
   <ul class="list">
 	  <li><%= link_to t('bulletin.new_announcement'), new_panel_announcement_back_end_bulletin_path %></li>
 	  <li><%= link_to t('bulletin.announcement_list'), panel_announcement_back_end_bulletins_path %></li>
-	  <li><%= link_to t('bulletin.new_announcement_class'), panel_announcement_back_end_bulletin_categorys_path %></li>
-	  <li><%= link_to t('bulletin.my_announcement_fact_check'), panel_announcement_back_end_fact_checks_path %></li>
-	
+	  <li><%= link_to t('bulletin.new_announcement_class'), panel_announcement_back_end_bulletin_categorys_path if is_manager?%></li>
+	  <li><%= link_to t('bulletin.my_announcement_fact_check'), panel_announcement_back_end_fact_checks_path if is_sub_manager?%></li>
   </ul>
 <% end -%>
 

vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb

@@ -42,10 +42,14 @@
 <br />
 
 <h1><%= t('bulletin.list_announcement') %></h1>
-
+<div id="preview_block">
+	<h1>Preview</h1>
 	<%= render :partial => "list_table", :collection => @bulletin_categorys_preview,:as => :bulletin_category%>
-	
+</div>
+===================================================================================================================
+<div id="check_block">	
+	<h1>Check Please</h1>
 	<%= render :partial => "list_table", :collection => @bulletin_categorys_check,:as => :bulletin_category%>
-
+</div>
 <br />
 

vendor/built_in_modules/announcement/config/routes.rb

@@ -3,6 +3,7 @@ Rails.application.routes.draw do
   namespace :panel do
     namespace :announcement do
       namespace :back_end do
+        match 'public' => "announcements#public",:as => :public
         resources :fact_checks
         root :to => "bulletins#index"
         resources :bulletins
@@ -14,7 +15,7 @@ Rails.application.routes.draw do
         root :to => "bulletins#index"
         resources :bulletins
       end
-      namespace :widget do
+      namespace :widget do 
         root :to => "bulletins#index"
       end
     end

vendor/built_in_modules/announcement/lib/tasks/announcement_tasks.rake

@@ -1,4 +0,0 @@
-# desc "Explaining what the task does"
-# task :announcement do
-#   # Task goes here
-# end

vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/comments_controller.rb

@@ -1,4 +1,4 @@
-class Panel::NewBlog::FrontEnd::CommentsController < ObitFrontendController
+class Panel::NewBlog::FrontEnd::CommentsController < OrbitFrontendController
   def create
     @post = Post.find(params[:post_id])
     @comment = @post.comments.create!(params[:comment])

vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/posts_controller.rb

@@ -1,4 +1,4 @@
-class Panel::NewBlog::FrontEnd::PostsController < ObitFrontendController
+class Panel::NewBlog::FrontEnd::PostsController < OrbitFrontendController
   # GET /posts
   # GET /posts.xml
   def index