From 7b40706aedd94d61ae158a57354c68089d88a55d Mon Sep 17 00:00:00 2001 From: Matthew Fu Date: Thu, 5 Jan 2012 16:20:51 +0800 Subject: [PATCH] fixing for app_auth --- app/controllers/admin/app_auths_controller.rb | 2 +- app/controllers/application_controller.rb | 7 + app/models/app_auth.rb | 71 ++++-- app/models/module_app.rb | 4 + app/models/user/user.rb | 5 +- app/views/admin/designs/_form.html.erb | 2 +- app/views/admin/designs/_new.html.erb | 2 +- spec/models/app_auth_basic.rb | 241 ++++++++++++------ vendor/built_in_modules/NewBlog/NewBlog.json | 3 +- 9 files changed, 225 insertions(+), 112 deletions(-) diff --git a/app/controllers/admin/app_auths_controller.rb b/app/controllers/admin/app_auths_controller.rb index 6f3f1c3d8..f2c014514 100644 --- a/app/controllers/admin/app_auths_controller.rb +++ b/app/controllers/admin/app_auths_controller.rb @@ -4,7 +4,7 @@ class Admin::AppAuthsController < ApplicationController before_filter :is_admin? def index - @user_roles = UserRole.all.entries + @roles = Role.all.entries apps = Purchase.where(:type =>"App") @app_auth_data = apps.entries.map do |app| app_c = eval(app.app_controller) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d9c0156c4..7c964ff58 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,6 +5,13 @@ class ApplicationController < ActionController::Base helper :all before_filter :set_locale, :set_site + + def front_end_available(module_app_title='') + app_controller = ModuleApp.first(conditions: {:title => module_app_title} ) + unless app_controller.enable_frontend? + render :text => 'View not available' + end + end def get_all_app_engines ary = ["vender/plugins/NewBlog"] diff --git a/app/models/app_auth.rb b/app/models/app_auth.rb index 9602fda0b..b31add3c0 100644 --- a/app/models/app_auth.rb +++ b/app/models/app_auth.rb @@ -15,55 +15,72 @@ class AppAuth has_and_belongs_to_many :roles + has_and_belongs_to_many :sub_roles + + attr_protected :roles,:sub_roles,:privilege_users,:blocked_users,:users + + def add_role role + add_operation(:roles,role) + end + + def add_sub_role role + add_operation(:sub_roles,role) + end + + def remove_role role + remove_operation(:roles,role) + end + + def remove_sub_role role + remove_operation(:sub_roles,role) + end def add_user_to_black_list user - unless self.blocked_users.include?(user) - self.blocked_users << user - self.save! - else - false #should put error message for user existed in list already - end + add_operation(:blocked_users,user) end - def remove_user_from_black_list user - if self.blocked_users.include? user - self.blocked_users.delete user + remove_operation(:blocked_users,user) + end + + def add_user_to_privilege_list user + add_operation(:privilege_users,user) + end + + def remove_user_from_privilege_list user + remove_operation(:privilege_users,user) + end + + def remove_operation(item,obj) + if (self.send item).include? obj + (self.send item).delete obj self.save! else false #should put error message for user not existed in list - end + end end - - def add_user_to_privilege_list user - unless self.privilege_users.include? user - self.privilege_users << user + def add_operation(item,obj) + unless (self.send item).include?(obj) + (self.send item) << obj self.save! else false #should put error message for user existed in list already end end - - def remove_user_from_privilege_list user - if self.privilege_users.include? user - self.privilege_users.delete user - self.save! - else - false #should put error message for user not existed in list - end - end - def auth_users if self.all? User.all.entries else - ary= self.roles.collect do |role| - role.users + ary=[] + [:roles,:sub_roles].each do |t_role| + ary += (self.send t_role).collect do |role| + role.users + end end ary << self.privilege_users - ary.flatten! + ary.flatten!.uniq end end diff --git a/app/models/module_app.rb b/app/models/module_app.rb index 31a02025e..18e8a6d7b 100644 --- a/app/models/module_app.rb +++ b/app/models/module_app.rb @@ -9,9 +9,13 @@ class ModuleApp field :intro field :update_info field :create_date + field :enable_frontend,type: Boolean field :app_pages ,type: Array + field :widgets ,type: Array has_one :app_auth,dependent: :delete + + end diff --git a/app/models/user/user.rb b/app/models/user/user.rb index 1e956b803..60199ce7f 100644 --- a/app/models/user/user.rb +++ b/app/models/user/user.rb @@ -19,7 +19,10 @@ class User accepts_nested_attributes_for :attribute_values, :allow_destroy => true def avb_apps - query = AppAuth.any_of({all: true},{privilege_user_ids: self.id},{roles: self.role.id}).excludes(blocked_user_ids: self.id) + sub_role_ids_ary=self.sub_roles.collect{|t| t.id} + query1 = AppAuth.any_in({sub_role_ids: sub_role_ids_ary}).excludes(blocked_user_ids: self.id) + query2 = AppAuth.any_of({all: true},{privilege_user_ids: self.id},{role_ids: self.role.id}).excludes(blocked_user_ids: self.id) + (query1 + query2).uniq end def name diff --git a/app/views/admin/designs/_form.html.erb b/app/views/admin/designs/_form.html.erb index b6ba7cb2c..fd579e5e3 100644 --- a/app/views/admin/designs/_form.html.erb +++ b/app/views/admin/designs/_form.html.erb @@ -38,7 +38,7 @@ <%= f.hidden_field :to_save, :value => true %> <% end %> <% else %> - <%= File.basename (@design.default_css.file.url) %> + <%= File.basename (@design.default_css.file.url) rescue "" %> <% end %>

diff --git a/app/views/admin/designs/_new.html.erb b/app/views/admin/designs/_new.html.erb index ded2237a4..a4aba6c9f 100644 --- a/app/views/admin/designs/_new.html.erb +++ b/app/views/admin/designs/_new.html.erb @@ -1,6 +1,6 @@

<%= t('admin.new_design') %>

-<%= form_for :design, :url => admin_designs_path do |f| %> +<%= form_for @design, :url => admin_design_path(@design),:html => {:multipart => true} do |f| %> <%= f.error_messages %> <%= render :partial => "form", :locals => { :f => f } %> diff --git a/spec/models/app_auth_basic.rb b/spec/models/app_auth_basic.rb index 3a2ae0f2f..0f6291195 100644 --- a/spec/models/app_auth_basic.rb +++ b/spec/models/app_auth_basic.rb @@ -6,129 +6,210 @@ describe AppAuth do before do User.all.destroy - UserRole.all.destroy + Role.all.destroy + SubRole.all.destroy AppAuth.all.destroy ModuleApp.all.destroy #Create some fixtures of Main Role main_role_key = ["Stud","Teacher","Staff"] @new_main_role_list = main_role_key.each do |role| - new_role = UserRole.new :key => role - + new_role = Role.new :key => role new_role.save end + #Create Some SubRoles + sub_role_key = ["graduated_school","undergraduated_school","TA","Senior"] + @new_main_role_list = sub_role_key.each do |role| + new_role = SubRole.new :key => role + new_role.save + end + #Create some users of User - user_emails = ["a_good_stud","a_bad_stud","a_teacher","a_staff"] + user_emails = ["a_good_ug_stud_1","a_good_ug_stud_2","a_bad_ug_stud","a_good_g_stud","a_bad_g_stud","a_teacher","a_staff"] user_emails.each do |user_email| email=user_email+"@rulingcom.com" new_user = User.new :email=> email new_user.save end - - @stud_MRK = UserRole.first(conditions:{key:"Stud"}) - @teacher_MRK = UserRole.first(conditions:{key:"Teacher"}) - @staff_MRK = UserRole.first(conditions:{key:"Staff"}) - - @good_stu = User.first(conditions:{email:"a_good_stud@rulingcom.com"}) - @bad_stu = User.first(conditions:{email:"a_bad_stud@rulingcom.com"}) + #MRK = Member Role Key SRK=Sub Role Key + @stud_MRK = Role.first(conditions:{key:"Stud"}) + @teacher_MRK = Role.first(conditions:{key:"Teacher"}) + @staff_MRK = Role.first(conditions:{key:"Staff"}) + + @graduated_SRK = SubRole.first(conditions:{key:"graduated_school"}) + @under_graduated_SRK = SubRole.first(conditions:{key:"undergraduated_school"}) + @ta_SRK = SubRole.first(conditions:{key:"TA"}) + @senior_SRK = SubRole.first(conditions:{key:"Senior"}) + + @stud_MRK.sub_roles += [@graduated,@under_graduated,@ta] + @stud_MRK.save! + + @teacher_MRK.sub_roles = [@senior] + @teacher_MRK.save! + + @good_ug_stu_1 = User.first(conditions:{email:"a_good_ug_stud_1@rulingcom.com"}) + @good_ug_stu_2 = User.first(conditions:{email:"a_good_ug_stud_2@rulingcom.com"}) + @bad_ug_stu = User.first(conditions:{email:"a_bad_ug_stud@rulingcom.com"}) + + @good_g_stu = User.first(conditions:{email:"a_good_g_stud@rulingcom.com"}) + @bad_g_stu = User.first(conditions:{email:"a_bad_g_stud@rulingcom.com"}) @teacher = User.first(conditions:{email:"a_teacher@rulingcom.com"}) @staff = User.first(conditions:{email:"a_staff@rulingcom.com"}) #setting Roles for users - @good_stu.user_role = @stud_MRK - @bad_stu.user_role = @stud_MRK - @teacher.user_role = @teacher_MRK - @staff.user_role = @staff_MRK + @good_g_stu.role = @stud_MRK + @bad_g_stu.role = @stud_MRK + @good_ug_stu_1.role = @stud_MRK + @good_ug_stu_2.role = @stud_MRK + @bad_ug_stu.role = @stud_MRK + + @good_g_stu.sub_roles = [@graduated_SRK,@ta_SRK] + @bad_g_stu.sub_roles << @graduated_SRK + @good_ug_stu_1.sub_roles << @under_graduated_SRK + @good_ug_stu_2.sub_roles << @under_graduated_SRK + @bad_ug_stu.sub_roles << @under_graduated_SRK - @good_stu.save! - @bad_stu.save! + @teacher.role = @teacher_MRK + @staff.role = @staff_MRK + + @good_g_stu.save! + @bad_g_stu.save! + @good_ug_stu_1.save! + @good_ug_stu_2.save! + @bad_ug_stu.save! + @teacher.save! @staff.save! end - describe "Testing basic structure" do + describe "Starting a ClassBulletin Auth for teacher , staff and ta" do before do - @app_auth = AppAuth.new() - #all stud has access right - @app_auth.user_roles << @stud_MRK + @bulletin_app_auth = AppAuth.new() + #all teacher and staff has access right + @bulletin_app_auth.roles = [@teacher_MRK,@staff_MRK] + #all person with TA sub_role has access right + @bulletin_app_auth.sub_roles << @ta_SRK - #a_bad_stud add to block to app_auth - @app_auth.blocked_users << @bad_stu + #a_bad_ug_stud add to block to bulletin_app_auth + #@bulletin_app_auth.blocked_users << @bad_ug_stu #all teacher has access right - @app_auth.user_roles << @teacher_MRK + # @bulletin_app_auth.roles << @teacher_MRK - @app_auth.privilege_users << @staff - @app_auth.save! + # @bulletin_app_auth.privilege_users << @staff + @bulletin_app_auth.save! end context "Should just initialize all obj that is needed" do - it "Testing @app_auth init result" do - @app_auth.user_roles.should have(2).item + it "Testing @bulletin_app_auth init result" do + @bulletin_app_auth.roles.should have(2).item #teacher staff + @bulletin_app_auth.sub_roles.should have(1).item #ta end - it "@app_auth should have UserRoles: Stud , Teacher " do - key_ary = @app_auth.user_roles.collect do |role| + it "@bulletin_app_auth should have Roles: Staff , Teacher " do + key_ary = @bulletin_app_auth.roles.collect do |role| role.key end - key_ary.should == ["Stud","Teacher"] + key_ary.sort.should == ["Staff","Teacher"].sort end - it "@app_auth should have one Privialage user which is belongs to Staff" do - p_user_ary = @app_auth.privilege_users.collect do |p_user| - p_user.user_role.key - end - p_user_ary.should include("Staff") + it "bulletin_app_auth should have 3 auth users" do + user_ary = [@teacher,@staff,@good_g_stu] + @bulletin_app_auth.auth_users.sort.should == user_ary.sort + check_user_has_app user_ary end - it "@app_auth should have one student listed at blocklist" do - @bad_stu = User.first(conditions:{email:"a_bad_stud@rulingcom.com"}) - @app_auth.blocked_users.should have(1).item - @app_auth.blocked_users.should include(@bad_stu) + it "Adding a undergraduate stud into app_auth by privilege list" do + user_ary = [@teacher,@staff,@good_g_stu,@good_ug_stu_1] + @bulletin_app_auth.add_user_to_privilege_list @good_ug_stu_1 + @bulletin_app_auth.auth_users.sort.should == user_ary.sort + check_user_has_app user_ary end + + it "Adding all graudated-stud into app_auth" do + user_ary = [@teacher,@staff,@good_g_stu,@bad_g_stu] + @bulletin_app_auth.add_sub_role @graduated_SRK + @bulletin_app_auth.auth_users.sort.should == user_ary.sort + check_user_has_app user_ary + end + + it "Blocking bad-graduate student" do + user_ary =[@teacher,@staff,@good_g_stu] + @bulletin_app_auth.add_sub_role @graduated_SRK + @bulletin_app_auth.add_user_to_black_list @bad_g_stu + @bulletin_app_auth.auth_users_after_block_list.sort.should == user_ary.sort + check_user_has_app user_ary + end + + it "Removing all graudated-stud from app_auth" do + user_ary =[@teacher,@staff,@good_g_stu] + @bulletin_app_auth.add_sub_role @graduated_SRK + @bulletin_app_auth.remove_sub_role @graduated_SRK + @bulletin_app_auth.auth_users.sort.should == user_ary.sort + check_user_has_app user_ary + end + + + # it "@bulletin_app_auth should have one Privialage user which is belongs to Staff" do + # p_user_ary = @bulletin_app_auth.privilege_users.collect do |p_user| + # p_user.roles.key + # end + # p_user_ary.should include("Staff") + # end + + # it "@bulletin_app_auth should have one student listed at blocklist" do + # @bad_stu = User.first(conditions:{email:"a_bad_g_stud@rulingcom.com"}) + # @bulletin_app_auth.blocked_users.should have(1).item + # @bulletin_app_auth.blocked_users.should include(@bad_stu) + # end - it "[Development #1]-1.Authorizing roles: roles + blocklist" do - @good_stu = User.first(conditions:{email:"a_good_stud@rulingcom.com"}) - @teacher = User.first(conditions:{email:"a_teacher@rulingcom.com"}) - @staff = User.first(conditions:{email:"a_staff@rulingcom.com"}) - ary = [@good_stu,@teacher,@staff] - @app_auth.auth_users_after_block_list.should == ary - end - - it "[Development #1]-2.Authorizing single users: list of users [new_user1~2]" do - user_emails = ["new_user1","new_user2","new_user3","new_user4"] - user_emails.each do |user_email| - email=user_email+"@rulingcom.com" - new_user = User.new :email=> email - new_user.save + # it "[Development #1]-1.Authorizing roles: roles + blocklist" do + # @good_stu = User.first(conditions:{email:"a_good_g_stud@rulingcom.com"}) + # @teacher = User.first(conditions:{email:"a_teacher@rulingcom.com"}) + # @staff = User.first(conditions:{email:"a_staff@rulingcom.com"}) + # ary = [@good_stu,@teacher,@staff] + # @bulletin_app_auth.auth_users_after_block_list.should == ary + # end + # + # it "[Development #1]-2.Authorizing single users: list of users [new_user1~2]" do + # user_emails = ["new_user1","new_user2","new_user3","new_user4"] + # user_emails.each do |user_email| + # email=user_email+"@rulingcom.com" + # new_user = User.new :email=> email + # new_user.save + # end + # user1= User.first(conditions:{email:"new_user1@rulingcom.com"}) + # user2= User.first(conditions:{email:"new_user2@rulingcom.com"}) + # user3= User.first(conditions:{email:"new_user3@rulingcom.com"}) + # user4= User.first(conditions:{email:"new_user4@rulingcom.com"}) + # + # @bulletin_app_auth.privilege_users << user1 + # @bulletin_app_auth.privilege_users << user2 + # + # @bulletin_app_auth.auth_users_after_block_list.should include(user1,user2) + # @bulletin_app_auth.auth_users_after_block_list.should_not include(user3,user4) + # + # end + # + # it "[Development #1]-3.Authorizing roles and single users: roles + blocklist + list of users" do + # @bulletin_app_auth.auth_users.should have(7).item + # end + # + # it "[Development #1]-4.Authorizing all: blocklist" do + # @bad_stu = User.first(conditions:{email:"a_bad_g_stud@rulingcom.com"}) + # @new_bulletin_app_auth = (AppAuth.new :all => true) + # @new_bulletin_app_auth.blocked_users << @bad_stu + # + # @new_bulletin_app_auth.auth_users.should == User.all.entries + # @new_bulletin_app_auth.auth_users_after_block_list.should_not include(@bad_stu) + # @new_bulletin_app_auth.save! + # end + def check_user_has_app(user_ary) + user_ary.each do |user| + user.avb_apps.should include(@bulletin_app_auth) end - user1= User.first(conditions:{email:"new_user1@rulingcom.com"}) - user2= User.first(conditions:{email:"new_user2@rulingcom.com"}) - user3= User.first(conditions:{email:"new_user3@rulingcom.com"}) - user4= User.first(conditions:{email:"new_user4@rulingcom.com"}) - - @app_auth.privilege_users << user1 - @app_auth.privilege_users << user2 - - @app_auth.auth_users_after_block_list.should include(user1,user2) - @app_auth.auth_users_after_block_list.should_not include(user3,user4) - end - - it "[Development #1]-3.Authorizing roles and single users: roles + blocklist + list of users" do - @app_auth.auth_users.should have(4).item - end - - it "[Development #1]-4.Authorizing all: blocklist" do - @bad_stu = User.first(conditions:{email:"a_bad_stud@rulingcom.com"}) - @new_app_auth = (AppAuth.new :all => true) - @new_app_auth.blocked_users << @bad_stu - - @new_app_auth.auth_users.should == User.all.entries - @new_app_auth.auth_users_after_block_list.should_not include(@bad_stu) - @new_app_auth.save! - end - end + end diff --git a/vendor/built_in_modules/NewBlog/NewBlog.json b/vendor/built_in_modules/NewBlog/NewBlog.json index ce9c80d33..32734d3b1 100755 --- a/vendor/built_in_modules/NewBlog/NewBlog.json +++ b/vendor/built_in_modules/NewBlog/NewBlog.json @@ -6,5 +6,6 @@ "intro": "A simple blog……", "update_info": "Some info", "create_date": "11-11-2011", - "app_pages": ["/panel/blog/front_end/"] + "app_pages": ["/panel/blog/front_end/"], + "widgets": ["/panel/blog/widget/latest_post","/panel/blog/widget/"] }