From 17caa7cb1ba400cb1ca6c9eea59afe68d0198bc5 Mon Sep 17 00:00:00 2001
From: Matthew Kaito Juyuan Fu <matthewfu.tw@gmail.com>
Date: Mon, 13 Feb 2012 17:33:48 +0800
Subject: [PATCH 1/5] Exp with object_auth

---
 app/controllers/admin/app_auths_controller.rb |  4 +-
 .../admin/module_apps_controller.rb           |  4 ++
 .../admin/object_auths_controller.rb          |  1 +
 app/models/prototype_auth.rb                  |  6 +--
 .../admin/attributes/_app_selector.html.erb   |  1 +
 app/views/admin/module_apps/show.html.erb     | 37 ++++++++++++++
 app/views/admin/object_auths/new.html.erb     |  3 +-
 .../back_end/bulletins_controller.rb          |  2 +-
 .../back_end/fact_checks_controller.rb        | 29 +++++++++++
 .../announcement/app/models/bulletin.rb       |  1 +
 .../app/models/bulletin_category.rb           |  4 ++
 .../_bulletin_category.html.erb               |  6 +++
 .../back_end/bulletins/_bulletins.html.erb    | 15 +++++-
 .../back_end/bulletins/index.html.erb         |  2 +
 .../back_end/fact_checks/_list_table.html.erb | 15 ++++++
 .../back_end/fact_checks/index.html.erb       | 51 +++++++++++++++++++
 .../announcement/config/routes.rb             |  1 +
 17 files changed, 174 insertions(+), 8 deletions(-)
 create mode 100644 app/views/admin/attributes/_app_selector.html.erb
 create mode 100644 app/views/admin/module_apps/show.html.erb
 create mode 100644 vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb
 create mode 100644 vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/_list_table.html.erb
 create mode 100644 vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb

diff --git a/app/controllers/admin/app_auths_controller.rb b/app/controllers/admin/app_auths_controller.rb
index cb3340fd9..56d0ae23d 100644
--- a/app/controllers/admin/app_auths_controller.rb
+++ b/app/controllers/admin/app_auths_controller.rb
@@ -66,6 +66,8 @@ class Admin::AppAuthsController < ApplicationController
     @module_app = ModuleApp.find(params[:id])
   end
   
-  
+  def show
+    @module_app = ModuleApp.find(params[:id])
+  end
 
 end
\ No newline at end of file
diff --git a/app/controllers/admin/module_apps_controller.rb b/app/controllers/admin/module_apps_controller.rb
index 56c2523fe..a350c28b1 100644
--- a/app/controllers/admin/module_apps_controller.rb
+++ b/app/controllers/admin/module_apps_controller.rb
@@ -20,6 +20,10 @@ class Admin::ModuleAppsController < ApplicationController
     @module_app = ModuleApp.find(params[:id])
   end
   
+  def show
+    @module_app = ModuleApp.find(params[:id])
+    
+  end
   
   def update
     @module_app = ModuleApp.find(params[:id])
diff --git a/app/controllers/admin/object_auths_controller.rb b/app/controllers/admin/object_auths_controller.rb
index ce404e53c..3bff43742 100644
--- a/app/controllers/admin/object_auths_controller.rb
+++ b/app/controllers/admin/object_auths_controller.rb
@@ -14,6 +14,7 @@ class Admin::ObjectAuthsController < ApplicationController
   def new
     obj = eval(params[:type]).find params[:obj_id]
     @object_auth=obj.object_auths.build
+    @object_auth_title_option = eval(params[:type]+"::ObjectAuthTitlesOptions")
     respond_to do |format|
       format.html # new.html.erb
       format.xml  { render :xml => @post }
diff --git a/app/models/prototype_auth.rb b/app/models/prototype_auth.rb
index 734268c43..893f402b0 100644
--- a/app/models/prototype_auth.rb
+++ b/app/models/prototype_auth.rb
@@ -68,7 +68,7 @@ class PrototypeAuth
     end
   end
   
-  def auth_users
+  def auth_users_before_block_list
     if self.all?
       User.all.entries
     else
@@ -83,8 +83,8 @@ class PrototypeAuth
     end
   end
   
-  def auth_users_after_block_list
-    auth_users - self.blocked_users
+  def auth_users
+    auth_users_before_block_list - self.blocked_users
   end
   
  # protected
diff --git a/app/views/admin/attributes/_app_selector.html.erb b/app/views/admin/attributes/_app_selector.html.erb
new file mode 100644
index 000000000..c20a38858
--- /dev/null
+++ b/app/views/admin/attributes/_app_selector.html.erb
@@ -0,0 +1 @@
+<%= f.select :module_app_id, @apps.collect { |t| [t.title.capitalize, t.id] }, {:include_blank => true} ,{:rel => admin_module_apps_path }  %>
diff --git a/app/views/admin/module_apps/show.html.erb b/app/views/admin/module_apps/show.html.erb
new file mode 100644
index 000000000..27cfbc1a0
--- /dev/null
+++ b/app/views/admin/module_apps/show.html.erb
@@ -0,0 +1,37 @@
+<br /><br /><br /><br />
+<%=@module_app.key %><br />
+<%=@module_app.title %><br />
+<%=@module_app.version %><br />
+<%=@module_app.organization %><br />
+<%=@module_app.author %><br />
+<%=@module_app.intro %><br />
+<%=@module_app.update_info %><br />
+<%=@module_app.create_date %><br />
+<%=@module_app.enable_frontend%><br />
+<%=@module_app.app_pages%><br />
+<%=@module_app.widgets%><br />
+
+Mangers:
+<ul>
+	<% @module_app.managers.each do |manager|%>
+		<li><%= manager.user.name %></li>
+	<%end%>
+</ul>
+
+
+SubManagers:
+<div>
+	<% @module_app.sub_managers.each do |manager|%>
+		<%= manager.user.name %>
+	<%end%>
+</div>
+<br />
+
+All User?:<%= @module_app.app_auth.all %><br />
+Blocked Users:<%= @module_app.app_auth.blocked_users.collect{|t| t.name} %><br />
+Privilege Users:<%= @module_app.app_auth.privilege_users.collect{|t| t.name}%><br />
+User Roles:<%= @module_app.app_auth.roles.collect{|t| t.key} %><br />
+User Sub Roles:<%= @module_app.app_auth.sub_roles.collect{|t| t.key} %><br />
+
+Available users after calculation:
+<%= @module_app.app_auth.auth_users.collect{|user| user.name}.join(',') %>
diff --git a/app/views/admin/object_auths/new.html.erb b/app/views/admin/object_auths/new.html.erb
index 25fd6fd5e..b5b381fb5 100644
--- a/app/views/admin/object_auths/new.html.erb
+++ b/app/views/admin/object_auths/new.html.erb
@@ -12,7 +12,8 @@
 <h1><%= t('object_auth.new_object_auth') %></h1>
 <%= form_for @object_auth, :url => admin_object_auths_path do |f| %>
 	<%= f.label :title   %>
-	<%= f.text_field :title, :class => 'text'   %>
+	<%= f.select :title,@object_auth_title_option  %>
+	
 	<%= f.hidden_field :obj_id, :value => params[:obj_id]   %>
 	<%= f.hidden_field :type, :value => params[:type]   %>
 
diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
index c28e7e547..02135d66d 100644
--- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
+++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
@@ -99,7 +99,7 @@ class Panel::Announcement::BackEnd::BulletinsController < ApplicationController
 	end
 
     respond_to do |format|
-      if @bulletin.update_attributes(params[:bulletin])
+      if @bulletin.update_attributes(params[:bulletin]) && @bulletin.save
         # format.html { redirect_to(panel_announcement_back_end_bulletin_url(@bulletin), :notice => t('bulletin.update_bulletin_success')) }
         format.html { redirect_to(panel_announcement_back_end_bulletins_url, :notice => t('bulletin.update_bulletin_success')) }
 		format.js  { render 'toggle_enable' }
diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb
new file mode 100644
index 000000000..ef7e1943e
--- /dev/null
+++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb
@@ -0,0 +1,29 @@
+class Panel::Announcement::BackEnd::FactChecksController  < ApplicationController
+  layout 'admin'
+  
+  def index
+    @bulletin_categorys_preview = BulletinCategory.authed_for_user(current_user,'preview')
+    @bulletin_categorys_check = BulletinCategory.authed_for_user(current_user,'check')
+  end
+  
+  def new
+    
+  end
+  
+  def create
+    
+  end
+  
+  def update
+    
+  end
+  
+  def edit
+    
+  end
+  
+  def destroy
+    
+  end
+  
+end
diff --git a/vendor/built_in_modules/announcement/app/models/bulletin.rb b/vendor/built_in_modules/announcement/app/models/bulletin.rb
index 4b621fafc..6246f50c8 100644
--- a/vendor/built_in_modules/announcement/app/models/bulletin.rb
+++ b/vendor/built_in_modules/announcement/app/models/bulletin.rb
@@ -7,6 +7,7 @@ class Bulletin
   
   # field :category_id, :type => Integer
   field :title
+  field :status , :type=> Boolean
   # has_one :title_variable, :class_name => "I18nVariable", :as => :language_value, :autosave => true, :dependent => :destroy
   # has_one :subtitle_variable, :class_name => "I18nVariable", :as => :language_value, :autosave => true, :dependent => :destroy
   # has_one :text_variable, :class_name => "I18nVariable", :as => :language_value, :autosave => true, :dependent => :destroy
diff --git a/vendor/built_in_modules/announcement/app/models/bulletin_category.rb b/vendor/built_in_modules/announcement/app/models/bulletin_category.rb
index f5da3ad7a..152a6b57f 100644
--- a/vendor/built_in_modules/announcement/app/models/bulletin_category.rb
+++ b/vendor/built_in_modules/announcement/app/models/bulletin_category.rb
@@ -3,6 +3,10 @@
 class BulletinCategory
   include Mongoid::Document
   include Mongoid::Timestamps
+  include OrbitCoreLib::ObjectAuthable
+  
+  ObjectAuthTitlesOptions = %W{preview fact_check}
+  
   # include Mongoid::MultiParameterAttributes
   
   PAYMENT_TYPES = [ "List", "Picture" ]
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb
index 579987700..2e0e7ddf0 100644
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb
@@ -6,6 +6,12 @@
 	<% end %>
 	<td><%= bulletin_category.display %></td>
 	<td>
+	<%= link_to t('blog.new_auth'), init_admin_object_auths_path("BulletinCategory",bulletin_category) %>  <br/ >
+	<% bulletin_category.object_auths.each do |obj_auth| %>
+		 <%= link_to obj_auth.title,edit_admin_object_auth_url(obj_auth)  %><br />
+	<% end %>
+	</td>
+	<td>
 	<%= link_to t('bulletin_category.edit'), edit_panel_announcement_back_end_bulletin_category_path(bulletin_category), :remote => true %> |
 	<%= link_to t('bulletin_category.quick_edit'), panel_announcement_back_end_bulletin_category_quick_edit_path(bulletin_category), :remote => true %> |
 	<%= link_to t('bulletin_category.delete'), panel_announcement_back_end_bulletin_category_path(bulletin_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %>
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletins.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletins.html.erb
index f94cac5b8..e7f17709a 100644
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletins.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletins.html.erb
@@ -1,12 +1,23 @@
 
 <tr id="<%= dom_id post %>">
-	<td></td>
+	<td><% if (fact_check_allow rescue false) %>
+		<%#= link_to("#{post?? 'Check': 'Checked'}",panel_announcement_back_end_bulletin_path ) %>
+		<% attribute_type = "post"   %>
+		<% attribute = post %>
+		<%= link_to t(:ClickToCheck), panel_announcement_back_end_bulletin_path(attribute, :authenticity_token => form_authenticity_token, :bulletin => {:status => true}), :remote => true, :method => :put, :id => "disable_#{attribute.id}", :style => "display:#{attribute.status ? 'none' : ''}", :class => 'switch' %>
+	  <%= link_to t(:ClickToUnCheck), panel_announcement_back_end_bulletin_path(attribute, :authenticity_token => form_authenticity_token, :bulletin => {:status => false}), :remote => true, :method => :put, :id => "enable_#{attribute.id}", :style => "display:#{attribute.status ? '' : 'none'}", :class => 'switch' %>
+		
+		<% end %>
+		
+	</td>
 	<td><%= post.bulletin_category.i18n_variable[I18n.locale] %></td>
 	<td><%#= link_to post.title, panel_announcement_front_end_bulletin_path(post) %>
 	<%= link_to post.title, panel_announcement_back_end_bulletin_path(post) %>
 	</td>
 	<td><%= post.postdate %></td>
-	<td><%= (post.deadline) ? post.deadline : t('bulletin.no_deadline') %></td>
+	<td>
+	<%= (post.deadline) ? post.deadline : t('bulletin.no_deadline') %>
+	</td>
 	<td>
 	<%= link_to t('bulletin.edit'), edit_panel_announcement_back_end_bulletin_path(post) %> | 
 	
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb
index 3de0b1c22..59f126a03 100644
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb
@@ -8,6 +8,8 @@
 	  <li><%= link_to t('bulletin.new_announcement'), new_panel_announcement_back_end_bulletin_path %></li>
 	  <li><%= link_to t('bulletin.announcement_list'), panel_announcement_back_end_bulletins_path %></li>
 	  <li><%= link_to t('bulletin.new_announcement_class'), panel_announcement_back_end_bulletin_categorys_path %></li>
+	  <li><%= link_to t('bulletin.my_announcement_fact_check'), panel_announcement_back_end_fact_checks_path %></li>
+	
   </ul>
 <% end -%>
 
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/_list_table.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/_list_table.html.erb
new file mode 100644
index 000000000..59bac03aa
--- /dev/null
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/_list_table.html.erb
@@ -0,0 +1,15 @@
+<h1><%= bulletin_category.key %></h1>
+<table>
+  <tr>
+	<th><%= t('bulletin.status') %></th>
+	<th><%= t('bulletin.category') %></th>
+	<th><%= t('bulletin.title') %></th>
+	<th><%= t('bulletin.postdate') %></th>
+	<th><%= t('bulletin.deadline') %></th>
+	<th><%= t('bulletin.action') %></th>
+  </tr>
+
+<% bulletin_category.bulletins.each do |post| %>
+	<%= render :partial => 'panel/announcement/back_end/bulletins/bulletins', :locals => {:post => post,:fact_check_allow=>true} %>
+<% end %>	
+</table>
\ No newline at end of file
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb
new file mode 100644
index 000000000..65ebeb286
--- /dev/null
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb
@@ -0,0 +1,51 @@
+<% content_for :secondary do %>
+<br />
+<br />
+<br />
+<br />
+<br />
+  <ul class="list">
+	  <li><%= link_to t('bulletin.new_announcement'), new_panel_announcement_back_end_bulletin_path %></li>
+	  <li><%= link_to t('bulletin.announcement_list'), panel_announcement_back_end_bulletins_path %></li>
+	  <li><%= link_to t('bulletin.new_announcement_class'), panel_announcement_back_end_bulletin_categorys_path %></li>
+	  <li><%= link_to t('bulletin.my_announcement_fact_check'), panel_announcement_back_end_fact_checks_path %></li>
+	
+  </ul>
+<% end -%>
+
+<%= flash_messages %>
+
+<br />
+<br />
+<br />
+<br />
+<br />
+  
+  <fieldset><legend><%= t('bulletin.search') %></legend>	
+
+  <%= form_for :bulletin, :action => 'search', :method => 'get', :url => panel_announcement_back_end_bulletins_path do |f| %>
+  
+  <%#= f.select :bulletin_category_id, @bulletin_categorys.collect {|t| [ t.i18n_variable[I18n.locale], t.id ] },{ :include_blank => t('bulletin.select') }%>
+  
+  Category <%#= select_tag "category_id", options_for_select(@bulletin_categorys.collect{|t| [t.i18n_variable[I18n.locale], t.id]}), :prompt => t('bulletin.select') %>
+  
+  KeyWord <%#= text_field_tag :search, params[:search], :id => 'search_field' %>
+  
+  <%= submit_tag "Search", :name => nil %> 
+  
+  <% end %>
+
+  
+  </fieldset>
+
+<br />
+<br />
+
+<h1><%= t('bulletin.list_announcement') %></h1>
+
+	<%= render :partial => "list_table", :collection => @bulletin_categorys_preview,:as => :bulletin_category%>
+	
+	<%= render :partial => "list_table", :collection => @bulletin_categorys_check,:as => :bulletin_category%>
+
+<br />
+
diff --git a/vendor/built_in_modules/announcement/config/routes.rb b/vendor/built_in_modules/announcement/config/routes.rb
index 05554bab6..88bc3ae27 100644
--- a/vendor/built_in_modules/announcement/config/routes.rb
+++ b/vendor/built_in_modules/announcement/config/routes.rb
@@ -3,6 +3,7 @@ Rails.application.routes.draw do
   namespace :panel do
     namespace :announcement do
       namespace :back_end do
+        resources :fact_checks
         root :to => "bulletins#index"
         resources :bulletins
 		resources :bulletin_categorys, :controller => 'bulletin_categorys' do

From 5640e07733834099d76c5a89def137f8ea2de451 Mon Sep 17 00:00:00 2001
From: Matthew Kaito Juyuan Fu <matthewfu.tw@gmail.com>
Date: Wed, 15 Feb 2012 18:20:44 +0800
Subject: [PATCH 2/5] First version for App and Object auth.Taking Announcement
 as experiment

---
 .../admin/object_auths_controller.rb          | 12 ++++++++--
 app/controllers/obit_frontend_controller.rb   |  3 ---
 app/controllers/obit_widget_controller.rb     |  3 ---
 app/controllers/orbit_backend_controller.rb   | 24 +++++++++++++++++++
 ...=> orbit_frontend_component_controller.rb} |  2 +-
 app/controllers/orbit_frontend_controller.rb  |  3 +++
 app/controllers/orbit_widget_controller.rb    |  3 +++
 app/helpers/admin/app_auth_helper.rb          |  5 ++++
 app/helpers/admin_helper.rb                   | 13 ++++++++++
 app/models/app_auth.rb                        |  1 +
 app/models/module_app.rb                      |  8 +++++++
 app/models/prototype_auth.rb                  |  2 +-
 .../admin/module_apps/_app_selector.html.erb  |  1 -
 app/views/admin/object_auths/edit.html.erb    |  2 +-
 config/routes.rb                              |  2 +-
 lib/orbit_core_lib.rb                         | 22 +++++++++++++++++
 lib/tasks/anc_tasks.rake                      | 22 +++++++++++++++++
 lib/tasks/dev.rake                            |  6 +++++
 .../announcement/announcement.json            |  2 +-
 .../back_end/announcements_controller.rb      | 13 ++++++----
 .../back_end/bulletin_categorys_controller.rb |  6 ++---
 .../back_end/bulletins_controller.rb          |  9 +++----
 .../back_end/fact_checks_controller.rb        |  5 ++--
 .../app/models/bulletin_category.rb           |  2 +-
 .../_bulletin_category.html.erb               | 16 +++++++------
 .../back_end/bulletins/index.html.erb         |  5 ++--
 .../back_end/fact_checks/index.html.erb       | 10 +++++---
 .../announcement/config/routes.rb             |  3 ++-
 .../lib/tasks/announcement_tasks.rake         |  4 ----
 .../new_blog/front_end/comments_controller.rb |  2 +-
 .../new_blog/front_end/posts_controller.rb    |  2 +-
 31 files changed, 161 insertions(+), 52 deletions(-)
 delete mode 100644 app/controllers/obit_frontend_controller.rb
 delete mode 100644 app/controllers/obit_widget_controller.rb
 create mode 100644 app/controllers/orbit_backend_controller.rb
 rename app/controllers/{obit_frontend_component_controller.rb => orbit_frontend_component_controller.rb} (73%)
 create mode 100644 app/controllers/orbit_frontend_controller.rb
 create mode 100644 app/controllers/orbit_widget_controller.rb
 delete mode 100644 app/views/admin/module_apps/_app_selector.html.erb
 create mode 100644 lib/tasks/anc_tasks.rake
 delete mode 100644 vendor/built_in_modules/announcement/lib/tasks/announcement_tasks.rake

diff --git a/app/controllers/admin/object_auths_controller.rb b/app/controllers/admin/object_auths_controller.rb
index 3bff43742..573409b65 100644
--- a/app/controllers/admin/object_auths_controller.rb
+++ b/app/controllers/admin/object_auths_controller.rb
@@ -1,8 +1,12 @@
 class Admin::ObjectAuthsController < ApplicationController
+  include OrbitCoreLib::PermissionUnility
   layout "admin"
   before_filter :authenticate_user!
+  before_filter :check_if_user_can_do_object_auth
 #  before_filter :is_admin? ,:only => :index
   
+
+  
   def index
     # if current_user.admin?
       @object_auths = ObjectAuth.all
@@ -70,7 +74,11 @@ class Admin::ObjectAuthsController < ApplicationController
   def edit
     @object_auth = ObjectAuth.find(params[:id])
   end
-  
-
 
+private
+  def check_if_user_can_do_object_auth
+    unless  check_permission(:manager)
+      render :nothing => true, :status => 403 
+    end
+  end
 end
\ No newline at end of file
diff --git a/app/controllers/obit_frontend_controller.rb b/app/controllers/obit_frontend_controller.rb
deleted file mode 100644
index fb42ac781..000000000
--- a/app/controllers/obit_frontend_controller.rb
+++ /dev/null
@@ -1,3 +0,0 @@
-class ObitFrontendController< ObitFrontendComponentController
-
-end
\ No newline at end of file
diff --git a/app/controllers/obit_widget_controller.rb b/app/controllers/obit_widget_controller.rb
deleted file mode 100644
index e0a9746d9..000000000
--- a/app/controllers/obit_widget_controller.rb
+++ /dev/null
@@ -1,3 +0,0 @@
-class ObitWidgetController< ObitFrontendComponentController
-
-end
\ No newline at end of file
diff --git a/app/controllers/orbit_backend_controller.rb b/app/controllers/orbit_backend_controller.rb
new file mode 100644
index 000000000..49505c8f4
--- /dev/null
+++ b/app/controllers/orbit_backend_controller.rb
@@ -0,0 +1,24 @@
+class OrbitBackendController< ApplicationController
+  before_filter :authenticate_user!
+  before_filter :setup_vars
+ # before_filter {|c| c.front_end_available(@app_title)}
+  before_filter :check_user_can_use,:except => [:public]
+  include OrbitCoreLib::PermissionUnility
+  
+  layout 'admin'
+  
+  def setup_vars
+    @app_title = request.fullpath.split('/')[2]
+    @module_app = ModuleApp.first(conditions: {:key => @app_title} )
+    
+  end
+  
+  private
+  
+  def check_user_can_use 
+    unless check_permission
+      redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
+    end
+  end
+  
+end
\ No newline at end of file
diff --git a/app/controllers/obit_frontend_component_controller.rb b/app/controllers/orbit_frontend_component_controller.rb
similarity index 73%
rename from app/controllers/obit_frontend_component_controller.rb
rename to app/controllers/orbit_frontend_component_controller.rb
index 06bb06a52..0650c16f9 100644
--- a/app/controllers/obit_frontend_component_controller.rb
+++ b/app/controllers/orbit_frontend_component_controller.rb
@@ -1,4 +1,4 @@
-class ObitFrontendComponentController< ApplicationController
+class OrbitFrontendComponentController< ApplicationController
   before_filter :setup_vars
   before_filter {|c| c.front_end_available(@app_title)}
   layout 'production'
diff --git a/app/controllers/orbit_frontend_controller.rb b/app/controllers/orbit_frontend_controller.rb
new file mode 100644
index 000000000..e1be81677
--- /dev/null
+++ b/app/controllers/orbit_frontend_controller.rb
@@ -0,0 +1,3 @@
+class OrbitFrontendController< OrbitFrontendComponentController
+
+end
\ No newline at end of file
diff --git a/app/controllers/orbit_widget_controller.rb b/app/controllers/orbit_widget_controller.rb
new file mode 100644
index 000000000..c2be4691e
--- /dev/null
+++ b/app/controllers/orbit_widget_controller.rb
@@ -0,0 +1,3 @@
+class ObitWidgetController< OrbitFrontendComponentController
+
+end
\ No newline at end of file
diff --git a/app/helpers/admin/app_auth_helper.rb b/app/helpers/admin/app_auth_helper.rb
index fe63a2a6a..1a022e948 100644
--- a/app/helpers/admin/app_auth_helper.rb
+++ b/app/helpers/admin/app_auth_helper.rb
@@ -3,4 +3,9 @@ module Admin::AppAuthHelper
     link_to t(:enable), eval("admin_#{attribute_type}_path(attribute, :authenticity_token => form_authenticity_token, :#{attribute_type} => {:disabled => true})"), :remote => true, :method => :put, :id => "disable_#{attribute.id}", :style => "display:#{attribute.is_disabled? ? 'none' : ''}", :class => 'switch' 
     link_to t(:disable), eval("admin_#{attribute_type}_path(attribute, :authenticity_token => form_authenticity_token, :#{attribute_type} => {:disabled => false})"), :remote => true, :method => :put, :id => "enable_#{attribute.id}", :style => "display:#{attribute.is_disabled? ? '' : 'none'}", :class => 'switch'
   end
+  
+  def if_permitted_to(user,role)
+    
+  end
+  
 end
\ No newline at end of file
diff --git a/app/helpers/admin_helper.rb b/app/helpers/admin_helper.rb
index 6ae3a213a..021687da8 100644
--- a/app/helpers/admin_helper.rb
+++ b/app/helpers/admin_helper.rb
@@ -5,4 +5,17 @@ module AdminHelper
     link_to('/' , admin_items_path) + ( @parent_items.map{ |i| link_to(i.name, admin_items_path(:parent_id=>i.id) ) } << @parent_item.name ).join("/").html_safe
   end
   
+  # Check if the current_user is manager in current module app
+  def is_manager?
+    @module_app.is_manager?(current_user) || is_admin?
+  end
+
+  # Check if the current_user is sub manager in current module app
+  def is_sub_manager?
+    @module_app.is_sub_manager?(current_user)|| is_admin?
+  end
+  
+  def is_admin?
+    current_user.admin?
+  end
 end
\ No newline at end of file
diff --git a/app/models/app_auth.rb b/app/models/app_auth.rb
index 5a3de60c5..94af40bbb 100644
--- a/app/models/app_auth.rb
+++ b/app/models/app_auth.rb
@@ -2,4 +2,5 @@ class AppAuth < PrototypeAuth
 
   belongs_to :module_app
   
+  
 end
\ No newline at end of file
diff --git a/app/models/module_app.rb b/app/models/module_app.rb
index d98ea206a..6a6784609 100644
--- a/app/models/module_app.rb
+++ b/app/models/module_app.rb
@@ -22,6 +22,14 @@ class ModuleApp
   
   before_save :set_key
   
+  def is_manager?(user)
+    managing_users.include?(user)
+  end
+  
+  def is_sub_manager?(user)
+    sub_managing_users.include?(user) || is_manager?(user)
+  end
+  
   def managing_users
     self.managers.collect{ |t| t.user }
   end
diff --git a/app/models/prototype_auth.rb b/app/models/prototype_auth.rb
index 893f402b0..6b22a1b39 100644
--- a/app/models/prototype_auth.rb
+++ b/app/models/prototype_auth.rb
@@ -16,7 +16,7 @@ class PrototypeAuth
   has_and_belongs_to_many :roles
   has_and_belongs_to_many :sub_roles
   
-  attr_protected :roles,:sub_roles,:privilege_users,:blocked_users,:users
+  attr_protected :roles,:sub_roles,:privilege_users,:blocked_users
 
   def add_role role
     add_operation(:roles,role)
diff --git a/app/views/admin/module_apps/_app_selector.html.erb b/app/views/admin/module_apps/_app_selector.html.erb
deleted file mode 100644
index c20a38858..000000000
--- a/app/views/admin/module_apps/_app_selector.html.erb
+++ /dev/null
@@ -1 +0,0 @@
-<%= f.select :module_app_id, @apps.collect { |t| [t.title.capitalize, t.id] }, {:include_blank => true} ,{:rel => admin_module_apps_path }  %>
diff --git a/app/views/admin/object_auths/edit.html.erb b/app/views/admin/object_auths/edit.html.erb
index 67fb026e1..fc824a649 100644
--- a/app/views/admin/object_auths/edit.html.erb
+++ b/app/views/admin/object_auths/edit.html.erb
@@ -11,4 +11,4 @@
 <%= render :partial => "admin/components/user_role_management", :locals => { 
 	:object => @object_auth.auth_obj ,:auth=>@object_auth,:submit_url=>create_role_admin_object_auth_path(@object_auth),:ploy_route_ary=>['remove',:admin,@object_auth] } %>
 
-
+<%= link_to 'Back to object',eval(@object_auth.obj_authable.class.to_s+"::AfterObjectAuthUrl")  %>
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 9b653d7fb..0d01eccb0 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -14,7 +14,7 @@ PrototypeR4::Application.routes.draw do
     resources :app_auths 
     resources :object_auths  do
       collection do
-        match 'new/:type/:obj_id',:action => 'new',:via => "get",:as => :init
+        match 'new/:type/:obj_id/:module_app_id',:action => 'new',:via => "get",:as => :init
       end
       member do
         match ':id/create_role',:action => 'create_role',:via => "post",:as => :create_role
diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb
index bf1d66a39..2520e04c6 100644
--- a/lib/orbit_core_lib.rb
+++ b/lib/orbit_core_lib.rb
@@ -31,4 +31,26 @@ module  OrbitCoreLib
     end
     
   end
+  
+  module PermissionUnility
+  private
+    def check_permission(type = :use)
+      permission_grant =  current_user.admin?? true : false
+      module_app = @module_app.nil?? ModuleApp.find(params[:module_app_id]) : @module_app
+      unless permission_grant
+        permission_grant = case type
+        when :use
+          users_ary = module_app.app_auth.auth_users rescue nil
+          users_ary = [] if users_ary.nil?
+          (users_ary.include?(current_user) || module_app.is_manager?(current_user) || module_app.is_sub_manager?(current_user))
+        when :manager
+          module_app.is_manager?(current_user)
+        when :sub_manager  
+          module_app.is_manager?(current_user) || module_app.is_sub_manager?(current_user)
+        end  
+      end
+      permission_grant
+    end
+    
+  end
 end
diff --git a/lib/tasks/anc_tasks.rake b/lib/tasks/anc_tasks.rake
new file mode 100644
index 000000000..3145d1192
--- /dev/null
+++ b/lib/tasks/anc_tasks.rake
@@ -0,0 +1,22 @@
+# encoding: utf-8 
+
+namespace :anc do
+  
+  task :build => :environment do
+    bulletin_category_1 = BulletinCategory.create(:key => "C1ChrisCheckANDPreivew",:display => "List" )
+    bulletin_category_1.create_i18n_variable(:en => "ChrisCheckANDPreivew", :zh_tw => 'ChrisCheckANDPreivew')
+    bulletin_category_2 = BulletinCategory.create(:key => "C2MattCheckANDPreivew",:display => "List"  )
+    bulletin_category_2.create_i18n_variable(:en => "MattCheckANDPreivew", :zh_tw => 'MattCheckANDPreivew')
+    bulletin_category_3 = BulletinCategory.create(:key => "C3MattCheckChrisPreview",:display => "List"  )
+    bulletin_category_3.create_i18n_variable(:en => "MattCheckChrisPreview", :zh_tw => 'MattCheckChrisPreview')
+    
+  
+    bulletin_1 = Bulletin.create(:title => "C1P1",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category =>   bulletin_category_1  )
+    bulletin_2 = Bulletin.create(:title => "C1P2",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category =>   bulletin_category_1  )
+    bulletin_3 = Bulletin.create(:title => "C2P1",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category =>   bulletin_category_2  )
+    bulletin_4 = Bulletin.create(:title => "C2P2",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category =>   bulletin_category_2  )
+    bulletin_5 = Bulletin.create(:title => "C3P1",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category =>   bulletin_category_3  )
+    bulletin_6 = Bulletin.create(:title => "C3P2",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category =>   bulletin_category_3  )
+  
+  end
+end
\ No newline at end of file
diff --git a/lib/tasks/dev.rake b/lib/tasks/dev.rake
index e6eabe1b0..f1d1d78e0 100644
--- a/lib/tasks/dev.rake
+++ b/lib/tasks/dev.rake
@@ -125,6 +125,12 @@ namespace :dev do
     AttributeValue.create( :user_id => user.id, :attribute_field_id => i_1.attribute_fields[1].id, :key => 'last_name', :en => 'Fu', :zh_tw => '傅' )
     AttributeValue.create( :user_id => user.id, :attribute_field_id => sr_2_1.attribute_fields[0].id, :key => 'major', :en => 'Information management', :zh_tw => '信息化管理' )
     AttributeValue.create( :user_id => user.id, :attribute_field_id => sr_2_1.attribute_fields[1].id, :key => 'department', :en => 'Computer Science', :zh_tw => '計算機科學' )
+
+    user = User.create( :email => 'manager@rulingcom.com', :password => 'password', :password_confirmation => 'password', :admin => false, :role_id => r_2.id, :sub_role_ids => [sr_2_1.id ] )
+    AttributeValue.create( :user_id => user.id, :attribute_field_id => i_1.attribute_fields[0].id, :key => 'first_name', :en => 'Manager', :zh_tw => '管理員' )
+    AttributeValue.create( :user_id => user.id, :attribute_field_id => i_1.attribute_fields[1].id, :key => 'last_name', :en => 'Chen', :zh_tw => '陳' )
+    AttributeValue.create( :user_id => user.id, :attribute_field_id => sr_2_1.attribute_fields[0].id, :key => 'major', :en => 'Information management', :zh_tw => '信息化管理' )
+    AttributeValue.create( :user_id => user.id, :attribute_field_id => sr_2_1.attribute_fields[1].id, :key => 'department', :en => 'Computer Science', :zh_tw => '計算機科學' )
     
     
     ad_banner = AdBanner.new(:title => 'banner_1',:post_date => Date.today,:context=> "context",:ad_fx=>'zoom',:direct_to_after_click=>true)
diff --git a/vendor/built_in_modules/announcement/announcement.json b/vendor/built_in_modules/announcement/announcement.json
index 9ad6951e5..13e7e62c4 100644
--- a/vendor/built_in_modules/announcement/announcement.json
+++ b/vendor/built_in_modules/announcement/announcement.json
@@ -1,5 +1,5 @@
 {
-	"title": "Announcement",
+	"title": "announcement",
   "version": "0.1",
   "organization": "Rulingcom",
   "author": "RD dep",
diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/announcements_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/announcements_controller.rb
index 8f88da9a5..8faf23f6c 100644
--- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/announcements_controller.rb
+++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/announcements_controller.rb
@@ -1,11 +1,12 @@
-class Panel::Announcement::BackEnd::AnnouncementsController < ApplicationController
-  
-  layout 'admin'
-  
-  def index
+class Panel::Announcement::BackEnd::AnnouncementsController < OrbitBackendController  
   
+  def public
+    render  :text => "This is an public_page need to be build"
   end
 
+  def index
+    
+  end
   # GET /announcements/1
   # GET /announcements/1.xml
   def show
@@ -76,4 +77,6 @@ class Panel::Announcement::BackEnd::AnnouncementsController < ApplicationControl
       format.xml  { head :ok }
     end
   end
+  
+
 end
diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletin_categorys_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletin_categorys_controller.rb
index 3bb7d54be..a9d26eb95 100644
--- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletin_categorys_controller.rb
+++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletin_categorys_controller.rb
@@ -1,7 +1,5 @@
-class Panel::Announcement::BackEnd::BulletinCategorysController < ApplicationController
-  
-  layout 'admin'
-  
+class Panel::Announcement::BackEnd::BulletinCategorysController < OrbitBackendController
+    
   def index
     @bulletin_categorys = BulletinCategory.all
     @bulletin_category = BulletinCategory.new(:display => 'List')
diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
index 02135d66d..2731ee39b 100644
--- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
+++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
@@ -1,9 +1,6 @@
-class Panel::Announcement::BackEnd::BulletinsController < ApplicationController
-  
-  layout 'admin'
-  
-  before_filter :authenticate_user!
-  before_filter :is_admin?
+class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
+    
+  #before_filter :is_admin?
 
   def index
     # @bulletins = Bulletin.all
diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb
index ef7e1943e..1ef3b3007 100644
--- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb
+++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb
@@ -1,9 +1,10 @@
-class Panel::Announcement::BackEnd::FactChecksController  < ApplicationController
+class Panel::Announcement::BackEnd::FactChecksController  < OrbitBackendController
+  before_filter :authenticate_user!
   layout 'admin'
   
   def index
     @bulletin_categorys_preview = BulletinCategory.authed_for_user(current_user,'preview')
-    @bulletin_categorys_check = BulletinCategory.authed_for_user(current_user,'check')
+    @bulletin_categorys_check = BulletinCategory.authed_for_user(current_user,'fact_check')
   end
   
   def new
diff --git a/vendor/built_in_modules/announcement/app/models/bulletin_category.rb b/vendor/built_in_modules/announcement/app/models/bulletin_category.rb
index 152a6b57f..1a086ebfb 100644
--- a/vendor/built_in_modules/announcement/app/models/bulletin_category.rb
+++ b/vendor/built_in_modules/announcement/app/models/bulletin_category.rb
@@ -6,7 +6,7 @@ class BulletinCategory
   include OrbitCoreLib::ObjectAuthable
   
   ObjectAuthTitlesOptions = %W{preview fact_check}
-  
+  AfterObjectAuthUrl = '/panel/announcement/back_end/bulletin_categorys'
   # include Mongoid::MultiParameterAttributes
   
   PAYMENT_TYPES = [ "List", "Picture" ]
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb
index 2e0e7ddf0..2cd097ed2 100644
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb
@@ -5,13 +5,15 @@
 	<td><%= bulletin_category.i18n_variable[locale] rescue nil %></td>
 	<% end %>
 	<td><%= bulletin_category.display %></td>
-	<td>
-	<%= link_to t('blog.new_auth'), init_admin_object_auths_path("BulletinCategory",bulletin_category) %>  <br/ >
-	<% bulletin_category.object_auths.each do |obj_auth| %>
-		 <%= link_to obj_auth.title,edit_admin_object_auth_url(obj_auth)  %><br />
-	<% end %>
-	</td>
-	<td>
+	<% if is_manager? %>
+		<td>
+		<%= link_to t('blog.new_auth'), init_admin_object_auths_path("BulletinCategory",bulletin_category,@module_app) %>  <br/ >
+		<% bulletin_category.object_auths.each do |obj_auth| %>
+			 <%= link_to obj_auth.title,edit_admin_object_auth_url(obj_auth)  %><br />
+		<% end %>
+		</td>
+		<td>
+	<% end %>	
 	<%= link_to t('bulletin_category.edit'), edit_panel_announcement_back_end_bulletin_category_path(bulletin_category), :remote => true %> |
 	<%= link_to t('bulletin_category.quick_edit'), panel_announcement_back_end_bulletin_category_quick_edit_path(bulletin_category), :remote => true %> |
 	<%= link_to t('bulletin_category.delete'), panel_announcement_back_end_bulletin_category_path(bulletin_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %>
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb
index 59f126a03..728910958 100644
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb
@@ -7,9 +7,8 @@
   <ul class="list">
 	  <li><%= link_to t('bulletin.new_announcement'), new_panel_announcement_back_end_bulletin_path %></li>
 	  <li><%= link_to t('bulletin.announcement_list'), panel_announcement_back_end_bulletins_path %></li>
-	  <li><%= link_to t('bulletin.new_announcement_class'), panel_announcement_back_end_bulletin_categorys_path %></li>
-	  <li><%= link_to t('bulletin.my_announcement_fact_check'), panel_announcement_back_end_fact_checks_path %></li>
-	
+	  <li><%= link_to t('bulletin.new_announcement_class'), panel_announcement_back_end_bulletin_categorys_path if is_manager?%></li>
+	  <li><%= link_to t('bulletin.my_announcement_fact_check'), panel_announcement_back_end_fact_checks_path if is_sub_manager?%></li>
   </ul>
 <% end -%>
 
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb
index 65ebeb286..0f42ed4b1 100644
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb
@@ -42,10 +42,14 @@
 <br />
 
 <h1><%= t('bulletin.list_announcement') %></h1>
-
+<div id="preview_block">
+	<h1>Preview</h1>
 	<%= render :partial => "list_table", :collection => @bulletin_categorys_preview,:as => :bulletin_category%>
-	
+</div>
+===================================================================================================================
+<div id="check_block">	
+	<h1>Check Please</h1>
 	<%= render :partial => "list_table", :collection => @bulletin_categorys_check,:as => :bulletin_category%>
-
+</div>
 <br />
 
diff --git a/vendor/built_in_modules/announcement/config/routes.rb b/vendor/built_in_modules/announcement/config/routes.rb
index 88bc3ae27..f0fd89d64 100644
--- a/vendor/built_in_modules/announcement/config/routes.rb
+++ b/vendor/built_in_modules/announcement/config/routes.rb
@@ -3,6 +3,7 @@ Rails.application.routes.draw do
   namespace :panel do
     namespace :announcement do
       namespace :back_end do
+        match 'public' => "announcements#public",:as => :public
         resources :fact_checks
         root :to => "bulletins#index"
         resources :bulletins
@@ -14,7 +15,7 @@ Rails.application.routes.draw do
         root :to => "bulletins#index"
         resources :bulletins
       end
-      namespace :widget do
+      namespace :widget do 
         root :to => "bulletins#index"
       end
     end
diff --git a/vendor/built_in_modules/announcement/lib/tasks/announcement_tasks.rake b/vendor/built_in_modules/announcement/lib/tasks/announcement_tasks.rake
deleted file mode 100644
index f097b1fa4..000000000
--- a/vendor/built_in_modules/announcement/lib/tasks/announcement_tasks.rake
+++ /dev/null
@@ -1,4 +0,0 @@
-# desc "Explaining what the task does"
-# task :announcement do
-#   # Task goes here
-# end
diff --git a/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/comments_controller.rb b/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/comments_controller.rb
index 769f46659..9bb61778d 100644
--- a/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/comments_controller.rb
+++ b/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/comments_controller.rb
@@ -1,4 +1,4 @@
-class Panel::NewBlog::FrontEnd::CommentsController < ObitFrontendController
+class Panel::NewBlog::FrontEnd::CommentsController < OrbitFrontendController
   def create
     @post = Post.find(params[:post_id])
     @comment = @post.comments.create!(params[:comment])
diff --git a/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/posts_controller.rb b/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/posts_controller.rb
index 1aeb34b2b..48b0c1c55 100644
--- a/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/posts_controller.rb
+++ b/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/posts_controller.rb
@@ -1,4 +1,4 @@
-class Panel::NewBlog::FrontEnd::PostsController < ObitFrontendController
+class Panel::NewBlog::FrontEnd::PostsController < OrbitFrontendController
   # GET /posts
   # GET /posts.xml
   def index

From d2689bc59c05a464626543fd8183a65e997337c2 Mon Sep 17 00:00:00 2001
From: Matthew Kaito Juyuan Fu <matthewfu.tw@gmail.com>
Date: Thu, 16 Feb 2012 13:57:28 +0800
Subject: [PATCH 3/5] fix bugs with token

---
 app/controllers/orbit_backend_controller.rb   |  1 -
 app/models/module_app.rb                      |  4 ++-
 app/models/object_auth.rb                     |  2 +-
 app/models/prototype_auth.rb                  |  5 ++--
 .../components/_user_role_management.html.erb |  3 +-
 config/environments/development.rb            | 30 +++++++++----------
 config/routes.rb                              |  2 +-
 lib/orbit_core_lib.rb                         | 22 ++++++++++++--
 .../_bulletin_category.html.erb               |  4 +--
 9 files changed, 46 insertions(+), 27 deletions(-)

diff --git a/app/controllers/orbit_backend_controller.rb b/app/controllers/orbit_backend_controller.rb
index 49505c8f4..d3639ebe3 100644
--- a/app/controllers/orbit_backend_controller.rb
+++ b/app/controllers/orbit_backend_controller.rb
@@ -10,7 +10,6 @@ class OrbitBackendController< ApplicationController
   def setup_vars
     @app_title = request.fullpath.split('/')[2]
     @module_app = ModuleApp.first(conditions: {:key => @app_title} )
-    
   end
   
   private
diff --git a/app/models/module_app.rb b/app/models/module_app.rb
index 6a6784609..b1b1237cc 100644
--- a/app/models/module_app.rb
+++ b/app/models/module_app.rb
@@ -1,6 +1,7 @@
 class ModuleApp
   include Mongoid::Document
   include Mongoid::Timestamps
+  include OrbitCoreLib::ObjectTokenUnility
 
   field :key
 	field :title
@@ -14,7 +15,7 @@ class ModuleApp
   
   field :app_pages ,type: Array
   field :widgets ,type: Array
-  
+    
   has_many :managers,as: :managing_app ,:class_name => "AppManager" #,:dependent => :destroy,:foreign_key => "managing_app_id",:inverse_of => :managing_app
   has_many :sub_managers,as: :sub_managing_app ,:class_name => "AppManager"#, :dependent => :destroy,:foreign_key => "sub_managing_app_id",:inverse_of => :sub_managing_app
   
@@ -77,5 +78,6 @@ class ModuleApp
   def set_key
     self.key = self.title.underscore if self.title
   end
+
   
 end
diff --git a/app/models/object_auth.rb b/app/models/object_auth.rb
index dab7acc73..f67f99843 100644
--- a/app/models/object_auth.rb
+++ b/app/models/object_auth.rb
@@ -1,5 +1,5 @@
 class ObjectAuth  < PrototypeAuth
-
+  include OrbitCoreLib::ObjectTokenUnility
   belongs_to :obj_authable, polymorphic: true
   # > - Something.find_with_auth(query)
   # > - or Something.find(query).auth
diff --git a/app/models/prototype_auth.rb b/app/models/prototype_auth.rb
index 6b22a1b39..666bc7a89 100644
--- a/app/models/prototype_auth.rb
+++ b/app/models/prototype_auth.rb
@@ -4,7 +4,6 @@ class PrototypeAuth
  # after_save :update_block_list,:update_privilage_list
   
   field :title
-  field :token
   field :all ,type: Boolean,default: false
   
   belongs_to :users
@@ -12,12 +11,13 @@ class PrototypeAuth
   has_and_belongs_to_many :blocked_users,  :inverse_of => nil, :class_name => "User"
   has_and_belongs_to_many :privilege_users,  :inverse_of => nil, :class_name => "User"
 
-
   has_and_belongs_to_many :roles
   has_and_belongs_to_many :sub_roles
   
   attr_protected :roles,:sub_roles,:privilege_users,:blocked_users
 
+
+
   def add_role role
     add_operation(:roles,role)
   end
@@ -87,7 +87,6 @@ class PrototypeAuth
     auth_users_before_block_list - self.blocked_users
   end
   
- # protected
   
 
 end
\ No newline at end of file
diff --git a/app/views/admin/components/_user_role_management.html.erb b/app/views/admin/components/_user_role_management.html.erb
index 593073516..ed7c34765 100644
--- a/app/views/admin/components/_user_role_management.html.erb
+++ b/app/views/admin/components/_user_role_management.html.erb
@@ -1,5 +1,7 @@
 <div id="user_role_management">
 	<h1>User Role</h1>
+	All User
+
 	<%= form_tag(submit_url) do %>
 		<%= collection_select(:new,:role, Role.all, :id, :key, :prompt => true) %>
 		<%= submit_tag 'Add Role' %><br/>
@@ -10,7 +12,6 @@
 		<%= collection_select(:new,:blocked_user, User.all, :id, :name, :prompt => true) %>
 		<%= submit_tag 'Add BlockedList' %><br/>
 	<% end %>
-	<ul>Roles </ul>
 	<% unless auth.nil? %>
 		<% auth.roles.each do |role| %>
 			<li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %>
diff --git a/config/environments/development.rb b/config/environments/development.rb
index d1b671e55..549fc11e6 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -24,21 +24,21 @@ PrototypeR4::Application.configure do
   config.action_dispatch.best_standards_support = :builtin  
 
 
-  config.middleware.use ExceptionNotifier,
-    :email_prefix => "[R4_error]",
-    :sender_address => %{"notifier" <redmine@rulingcom.com>},
-    :exception_recipients => %w{chris@rulingcom.com}
-    
-  config.action_mailer.delivery_method = :smtp
-  config.action_mailer.smtp_settings = {
-    :tls => true,
-    :enable_starttls_auto => true,
-    :address => "smtp.gmail.com",
-    :port => '587',
-    :domain => "smtp.gmail.com",
-    :authentication => "plain",
-    :user_name => "redmine@rulingcom.com",
-    :password => "rulingredmine" }
+  # config.middleware.use ExceptionNotifier,
+  #   :email_prefix => "[R4_error]",
+  #   :sender_address => %{"notifier" <redmine@rulingcom.com>},
+  #   :exception_recipients => %w{chris@rulingcom.com}
+  #   
+  # config.action_mailer.delivery_method = :smtp
+  # config.action_mailer.smtp_settings = {
+  #   :tls => true,
+  #   :enable_starttls_auto => true,
+  #   :address => "smtp.gmail.com",
+  #   :port => '587',
+  #   :domain => "smtp.gmail.com",
+  #   :authentication => "plain",
+  #   :user_name => "redmine@rulingcom.com",
+  #   :password => "rulingredmine" }
 
 end
 
diff --git a/config/routes.rb b/config/routes.rb
index 0d01eccb0..9b653d7fb 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -14,7 +14,7 @@ PrototypeR4::Application.routes.draw do
     resources :app_auths 
     resources :object_auths  do
       collection do
-        match 'new/:type/:obj_id/:module_app_id',:action => 'new',:via => "get",:as => :init
+        match 'new/:type/:obj_id',:action => 'new',:via => "get",:as => :init
       end
       member do
         match ':id/create_role',:action => 'create_role',:via => "post",:as => :create_role
diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb
index 2520e04c6..561fceba0 100644
--- a/lib/orbit_core_lib.rb
+++ b/lib/orbit_core_lib.rb
@@ -31,12 +31,28 @@ module  OrbitCoreLib
     end
     
   end
+  module  ObjectTokenUnility
+    def self.included(base)
+      base.instance_eval("field :s_token")
+      base.instance_eval("after_create :generate_token")
+    end
+    
+    def token
+      return self.s_token
+    end
+    
+    protected
+     def generate_token
+       self.s_token = ActiveSupport::SecureRandom.hex(16)
+       self.save!
+     end
+  end
   
   module PermissionUnility
   private
     def check_permission(type = :use)
       permission_grant =  current_user.admin?? true : false
-      module_app = @module_app.nil?? ModuleApp.find(params[:module_app_id]) : @module_app
+      module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app
       unless permission_grant
         permission_grant = case type
         when :use
@@ -51,6 +67,8 @@ module  OrbitCoreLib
       end
       permission_grant
     end
-    
+    def find_module_app_by_token(token)
+      ModuleApp.first(conditions: {s_token: token})
+    end
   end
 end
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb
index 2cd097ed2..e834ec606 100644
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb
@@ -7,9 +7,9 @@
 	<td><%= bulletin_category.display %></td>
 	<% if is_manager? %>
 		<td>
-		<%= link_to t('blog.new_auth'), init_admin_object_auths_path("BulletinCategory",bulletin_category,@module_app) %>  <br/ >
+		<%= link_to t('blog.new_auth'), init_admin_object_auths_path("BulletinCategory",bulletin_category,:token => @module_app.token) %>  <br/ >
 		<% bulletin_category.object_auths.each do |obj_auth| %>
-			 <%= link_to obj_auth.title,edit_admin_object_auth_url(obj_auth)  %><br />
+			 <%= link_to obj_auth.title,edit_admin_object_auth_url(obj_auth,:token => @module_app.token)  %><br />
 		<% end %>
 		</td>
 		<td>

From 9305c2045cd28f69330a31d207a0e61f8db8053b Mon Sep 17 00:00:00 2001
From: Matthew Kaito Juyuan Fu <matthewfu.tw@gmail.com>
Date: Thu, 16 Feb 2012 14:59:26 +0800
Subject: [PATCH 4/5] add "all_user" for app&object auth

---
 app/controllers/admin/app_auths_controller.rb            | 5 ++++-
 app/controllers/admin/object_auths_controller.rb         | 5 ++++-
 .../admin/components/_user_role_management.html.erb      | 9 +++++++--
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/app/controllers/admin/app_auths_controller.rb b/app/controllers/admin/app_auths_controller.rb
index 56d0ae23d..9e980e53d 100644
--- a/app/controllers/admin/app_auths_controller.rb
+++ b/app/controllers/admin/app_auths_controller.rb
@@ -21,7 +21,10 @@ class Admin::AppAuthsController < ApplicationController
 
   def create
     app_auth = AppAuth.find_or_create_by(module_app_id: params[:module_app_id])
-    params[:new].each do |item|
+    auth_all = params[:auth_all] || false
+    app_auth.update_attribute(:all,auth_all)
+    new_array = params[:new] || []
+    new_array.each do |item|
       field = item[0]
       field_value = item[1]
       if field_value!=''
diff --git a/app/controllers/admin/object_auths_controller.rb b/app/controllers/admin/object_auths_controller.rb
index 573409b65..a7a8dc419 100644
--- a/app/controllers/admin/object_auths_controller.rb
+++ b/app/controllers/admin/object_auths_controller.rb
@@ -33,7 +33,10 @@ class Admin::ObjectAuthsController < ApplicationController
 
   def create_role
     object_auth = ObjectAuth.find(params[:id])
-    params[:new].each do |item|
+    auth_all = params[:auth_all] || false
+    object_auth.update_attribute(:all,auth_all)
+    new_array = params[:new] || []
+    new_array.each do |item|
       field = item[0]
       field_value = item[1]
       if field_value!=''
diff --git a/app/views/admin/components/_user_role_management.html.erb b/app/views/admin/components/_user_role_management.html.erb
index ed7c34765..99cd72d71 100644
--- a/app/views/admin/components/_user_role_management.html.erb
+++ b/app/views/admin/components/_user_role_management.html.erb
@@ -1,7 +1,12 @@
+<div id="open_for_all_user">
+	<h1>All User</h1>
+	<%= form_tag(submit_url) do %>
+	<%= check_box_tag 'auth_all',true,auth.all  %><%= submit_tag 'Add Role' %><br/>
+	<% end %>
+</div>
+
 <div id="user_role_management">
 	<h1>User Role</h1>
-	All User
-
 	<%= form_tag(submit_url) do %>
 		<%= collection_select(:new,:role, Role.all, :id, :key, :prompt => true) %>
 		<%= submit_tag 'Add Role' %><br/>

From 26cd6951dba43b1f6eaf5056160309c5c77a8716 Mon Sep 17 00:00:00 2001
From: Matt Fu <matt@rulingcom.com>
Date: Fri, 17 Feb 2012 17:50:23 +0800
Subject: [PATCH 5/5] change view and action for announcement ,Lin checked. 
 Also add validation for object_auth make sure for each object,the object will
 be unique for each action.

---
 .../admin/module_apps_controller.rb           |  4 ++--
 .../admin/object_auths_controller.rb          |  9 ++++++--
 app/models/object_auth.rb                     |  1 +
 .../components/_user_role_management.html.erb |  2 +-
 lib/tasks/user.rake                           |  2 +-
 .../back_end/announcements_controller.rb      |  4 ++--
 .../back_end/bulletins_controller.rb          |  9 ++++++--
 .../back_end/fact_checks_controller.rb        | 12 +++++++++--
 .../app/models/bulletin_category.rb           |  2 +-
 .../bulletin_categorys/index.html.erb         | 21 +++++++------------
 .../back_end/bulletin_categorys/new.html.erb  | 16 +++++++-------
 .../back_end/bulletins/edit.html.erb          | 15 ++++++++-----
 .../back_end/bulletins/index.html.erb         | 12 +----------
 .../back_end/bulletins/new.html.erb           | 15 +++++++------
 .../back_end/bulletins/show.html.erb          | 10 ++++++---
 .../back_end/fact_checks/index.html.erb       | 19 ++---------------
 .../announcement/config/routes.rb             |  1 +
 17 files changed, 76 insertions(+), 78 deletions(-)

diff --git a/app/controllers/admin/module_apps_controller.rb b/app/controllers/admin/module_apps_controller.rb
index a350c28b1..2386a1d19 100644
--- a/app/controllers/admin/module_apps_controller.rb
+++ b/app/controllers/admin/module_apps_controller.rb
@@ -100,7 +100,7 @@ class Admin::ModuleAppsController < ApplicationController
     end
       #user is not permited to do that
       flash[:notice] = t('admin.app_auth.operation_not_permitted')
-      redirect_to :action => "edit"   # [TODO] maybe need to redirect to some other page
+      render :nothing => true, :status => 403 
   end
   
   
@@ -112,7 +112,7 @@ class Admin::ModuleAppsController < ApplicationController
     end
       #user is not permited to do that
       flash[:notice] = t('admin.app_auth.operation_not_permitted')
-      redirect_to :action => "edit"   # [TODO] maybe need to redirect to some other page
+      render :nothing => true, :status => 403 
   end
   
 end
\ No newline at end of file
diff --git a/app/controllers/admin/object_auths_controller.rb b/app/controllers/admin/object_auths_controller.rb
index a7a8dc419..58219acf2 100644
--- a/app/controllers/admin/object_auths_controller.rb
+++ b/app/controllers/admin/object_auths_controller.rb
@@ -27,8 +27,13 @@ class Admin::ObjectAuthsController < ApplicationController
   
   def create
     obj = eval(params[:object_auth][:type]).find params[:object_auth][:obj_id]
-    @object_auth=obj.object_auths.create :title=> params[:object_auth][:title]
-    redirect_to edit_admin_object_auth_path(@object_auth)
+    @object_auth=obj.object_auths.build :title=> params[:object_auth][:title]
+    if @object_auth.save
+      redirect_to edit_admin_object_auth_path(@object_auth)
+    else
+      flash[:error] = t('admin.object.a_object_must_have_only_one_object_auth_profile_for_each_action')
+      redirect_to (:back)
+    end
   end
 
   def create_role
diff --git a/app/models/object_auth.rb b/app/models/object_auth.rb
index f67f99843..8932bb762 100644
--- a/app/models/object_auth.rb
+++ b/app/models/object_auth.rb
@@ -1,5 +1,6 @@
 class ObjectAuth  < PrototypeAuth
   include OrbitCoreLib::ObjectTokenUnility
+  validates_uniqueness_of :obj_authable_type,:scope => :title #{ |c| }
   belongs_to :obj_authable, polymorphic: true
   # > - Something.find_with_auth(query)
   # > - or Something.find(query).auth
diff --git a/app/views/admin/components/_user_role_management.html.erb b/app/views/admin/components/_user_role_management.html.erb
index 99cd72d71..cd9ca8ae7 100644
--- a/app/views/admin/components/_user_role_management.html.erb
+++ b/app/views/admin/components/_user_role_management.html.erb
@@ -1,7 +1,7 @@
 <div id="open_for_all_user">
 	<h1>All User</h1>
 	<%= form_tag(submit_url) do %>
-	<%= check_box_tag 'auth_all',true,auth.all  %><%= submit_tag 'Add Role' %><br/>
+	<%= check_box_tag 'auth_all',true,(auth.all rescue true)  %><%= submit_tag 'Add Role' %><br/>
 	<% end %>
 </div>
 
diff --git a/lib/tasks/user.rake b/lib/tasks/user.rake
index 31ed7c246..5189ee14f 100644
--- a/lib/tasks/user.rake
+++ b/lib/tasks/user.rake
@@ -5,7 +5,7 @@ namespace :user do
     User.all(conditions: {email: /nor/}).destroy_all
     
     username_list = %w{nor1 nor2 nor3 nor4 nor5 nor6 nor7}
-    userfirstname_list_en = %w{ One Two Thre For Fiv Six Sen }
+    userfirstname_list_en = %w{ UserOne UserTwo Thre For Fiv Six Sen }
     userlastname_list_en = %w{ Aa Bb Cc Dd Ee Ff Gg }
     
     userfirstname_list_ct = %w{  一一 二二 三三 四四 五五 六六 七七 }
diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/announcements_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/announcements_controller.rb
index 8faf23f6c..f7f51b4db 100644
--- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/announcements_controller.rb
+++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/announcements_controller.rb
@@ -4,8 +4,8 @@ class Panel::Announcement::BackEnd::AnnouncementsController < OrbitBackendContro
     render  :text => "This is an public_page need to be build"
   end
 
-  def index
-    
+  def list_mine
+    @bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit_new')
   end
   # GET /announcements/1
   # GET /announcements/1.xml
diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
index 2731ee39b..6880f8e64 100644
--- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
+++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
@@ -1,5 +1,5 @@
 class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
-    
+  include AdminHelper
   #before_filter :is_admin?
 
   def index
@@ -136,7 +136,12 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
   protected
   
   def get_categorys(id = nil)
-    @bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.excludes('disabled' => true))
+    @bulletin_categorys = []
+    if(is_manager? || is_admin?)
+      @bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.excludes('disabled' => true))
+    elsif is_sub_manager?
+      @bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit_new')
+    end
   end
   
   
diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb
index 1ef3b3007..dd4719589 100644
--- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb
+++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb
@@ -1,10 +1,18 @@
 class Panel::Announcement::BackEnd::FactChecksController  < OrbitBackendController
   before_filter :authenticate_user!
+  include AdminHelper
   layout 'admin'
   
   def index
-    @bulletin_categorys_preview = BulletinCategory.authed_for_user(current_user,'preview')
-    @bulletin_categorys_check = BulletinCategory.authed_for_user(current_user,'fact_check')
+    @bulletin_categorys_submit_new = []
+    @bulletin_categorys_check =[]
+    if is_admin? || is_manager?
+      #@bulletin_categorys_submit_new = BulletinCategory.all
+      @bulletin_categorys_check = BulletinCategory.all
+    # elsif is_sub_manager?
+    #   @bulletin_categorys_submit_new = BulletinCategory.authed_for_user(current_user,'submit_new')
+    #   @bulletin_categorys_check = BulletinCategory.authed_for_user(current_user,'fact_check')
+    end
   end
   
   def new
diff --git a/vendor/built_in_modules/announcement/app/models/bulletin_category.rb b/vendor/built_in_modules/announcement/app/models/bulletin_category.rb
index 1a086ebfb..ee2767f55 100644
--- a/vendor/built_in_modules/announcement/app/models/bulletin_category.rb
+++ b/vendor/built_in_modules/announcement/app/models/bulletin_category.rb
@@ -5,7 +5,7 @@ class BulletinCategory
   include Mongoid::Timestamps
   include OrbitCoreLib::ObjectAuthable
   
-  ObjectAuthTitlesOptions = %W{preview fact_check}
+  ObjectAuthTitlesOptions = %W{submit_new fact_check}
   AfterObjectAuthUrl = '/panel/announcement/back_end/bulletin_categorys'
   # include Mongoid::MultiParameterAttributes
   
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb
index 87a2993c9..87b30a049 100644
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb
@@ -1,22 +1,17 @@
 <% content_for :secondary do %>
-<br />
-<br />
-<br />
-<br />
-<br />
-  <ul class="list">
-	  <li><%#= link_to t('bulletin_category.new_announcement_class'), new_panel_announcement_back_end_bulletin_category_path, :class => 'seclink1' %></li>
-  </ul>
+<%= render :partial => '/panel/announcement/back_end/announcement_secondary' %>
 <% end -%>
 
 <%= flash_messages %>
 
+<br />
+<br />
+<br />
+<br />
+<br />
+
 <h1><%= t('bulletin_category.list_announcement_class') %></h1>
-<br />
-<br />
-<br />
-<br />
-<br />
+
 <table id="bulletin_categorys">
   <tr>
     <th><%= t('bulletin_category.key') %></th>
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/new.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/new.html.erb
index 5f8d064bc..296afb092 100644
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/new.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/new.html.erb
@@ -1,15 +1,15 @@
-<br />
-<br />
-<br />
-<br />
-
 <% content_for :secondary do %>
-  <ul class="list">
-	  <li><%= link_to t('bulletin_category.index'), panel_announcement_back_end_bulletin_categorys_path, :class => 'seclink2' %></li>
-  </ul>
+<%= render :partial => '/panel/announcement/back_end/announcement_secondary' %>
 <% end -%>
 
 <%= flash_messages %>
+
+<br />
+<br />
+<br />
+<br />
+<br />
+
 <h1><%= t('bulletin_category.new_announcement_class') %></h1>
 <%= form_for @bulletin_category, :url => panel_announcement_back_end_bulletin_categorys_path do |f| %>
 	<%= render :partial => 'form', :locals => {:f => f} %>
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/edit.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/edit.html.erb
index 1bdd80636..9350d0fb9 100644
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/edit.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/edit.html.erb
@@ -1,9 +1,14 @@
-<br />
-<br />
-<br />
-<br />
+<% content_for :secondary do %>
+<%= render :partial => '/panel/announcement/back_end/announcement_secondary' %>
+<% end -%>
 
-<h1><%= t('announcement.editing_announcement') %></h1>
+<%= flash_messages %>
+
+<br />
+<br />
+<br />
+<br />
+<br />
 
 <%= form_for @bulletin, :url => panel_announcement_back_end_bulletin_path(@bulletin) do |f| %>
 	<%= render :partial => 'form', :locals => {:f => f} %>
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb
index 728910958..dd88f5c02 100644
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb
@@ -1,15 +1,5 @@
 <% content_for :secondary do %>
-<br />
-<br />
-<br />
-<br />
-<br />
-  <ul class="list">
-	  <li><%= link_to t('bulletin.new_announcement'), new_panel_announcement_back_end_bulletin_path %></li>
-	  <li><%= link_to t('bulletin.announcement_list'), panel_announcement_back_end_bulletins_path %></li>
-	  <li><%= link_to t('bulletin.new_announcement_class'), panel_announcement_back_end_bulletin_categorys_path if is_manager?%></li>
-	  <li><%= link_to t('bulletin.my_announcement_fact_check'), panel_announcement_back_end_fact_checks_path if is_sub_manager?%></li>
-  </ul>
+<%= render :partial => '/panel/announcement/back_end/announcement_secondary' %>
 <% end -%>
 
 <%= flash_messages %>
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/new.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/new.html.erb
index e23ecfba3..d200bb66a 100644
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/new.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/new.html.erb
@@ -1,15 +1,14 @@
-<br />
-<br />
-<br />
-<br />
-
 <% content_for :secondary do %>
-  <ul class="list">
-	  <li><%= link_to t('bulletin.index'), panel_announcement_back_end_bulletins_path, :class => 'seclink2' %></li>
-  </ul>
+<%= render :partial => '/panel/announcement/back_end/announcement_secondary' %>
 <% end -%>
 
 <%= flash_messages %>
+
+<br />
+<br />
+<br />
+<br />
+<br />
 <h1><%= t('bulletin.new_announcement') %></h1>
 <%= form_for @bulletin, :url => panel_announcement_back_end_bulletins_path do |f| %>
 	<%= render :partial => 'form', :locals => {:f => f} %>
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/show.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/show.html.erb
index c3ba2c09d..5aff4bbdb 100644
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/show.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/show.html.erb
@@ -1,10 +1,14 @@
-<% # encoding: utf-8 %>
+<% content_for :secondary do %>
+<%= render :partial => '/panel/announcement/back_end/announcement_secondary' %>
+<% end -%>
+
+<%= flash_messages %>
 
 <br />
 <br />
 <br />
-
-<p id="notice"><%= flash_messages %></p>
+<br />
+<br />
 
 <ul>
 	<li>
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb
index 0f42ed4b1..6f878b068 100644
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb
@@ -1,16 +1,5 @@
 <% content_for :secondary do %>
-<br />
-<br />
-<br />
-<br />
-<br />
-  <ul class="list">
-	  <li><%= link_to t('bulletin.new_announcement'), new_panel_announcement_back_end_bulletin_path %></li>
-	  <li><%= link_to t('bulletin.announcement_list'), panel_announcement_back_end_bulletins_path %></li>
-	  <li><%= link_to t('bulletin.new_announcement_class'), panel_announcement_back_end_bulletin_categorys_path %></li>
-	  <li><%= link_to t('bulletin.my_announcement_fact_check'), panel_announcement_back_end_fact_checks_path %></li>
-	
-  </ul>
+<%= render :partial => '/panel/announcement/back_end/announcement_secondary' %>
 <% end -%>
 
 <%= flash_messages %>
@@ -42,11 +31,7 @@
 <br />
 
 <h1><%= t('bulletin.list_announcement') %></h1>
-<div id="preview_block">
-	<h1>Preview</h1>
-	<%= render :partial => "list_table", :collection => @bulletin_categorys_preview,:as => :bulletin_category%>
-</div>
-===================================================================================================================
+
 <div id="check_block">	
 	<h1>Check Please</h1>
 	<%= render :partial => "list_table", :collection => @bulletin_categorys_check,:as => :bulletin_category%>
diff --git a/vendor/built_in_modules/announcement/config/routes.rb b/vendor/built_in_modules/announcement/config/routes.rb
index f0fd89d64..a7b23ff03 100644
--- a/vendor/built_in_modules/announcement/config/routes.rb
+++ b/vendor/built_in_modules/announcement/config/routes.rb
@@ -5,6 +5,7 @@ Rails.application.routes.draw do
       namespace :back_end do
         match 'public' => "announcements#public",:as => :public
         resources :fact_checks
+        match 'list_mine' => "announcements#list_mine"
         root :to => "bulletins#index"
         resources :bulletins
 		resources :bulletin_categorys, :controller => 'bulletin_categorys' do