New authorization
This commit is contained in:
parent
d24bd176cc
commit
c474fa063f
|
@ -1,13 +1,13 @@
|
|||
class Admin::AuthorizationsController < OrbitBackendController
|
||||
|
||||
before_filter :admin_or_manager
|
||||
prepend_before_filter :admin_or_manager
|
||||
|
||||
def index
|
||||
@module_apps ||= ModuleApp.where(is_authorizable: true).order_by([:title, :asc])
|
||||
@module_apps ||= ModuleApp.any_of({is_authorizable: true}, {is_approvable: true}).order_by([:title, :asc])
|
||||
if @module_apps && @module_apps.include?(@module_app)
|
||||
if @type
|
||||
case @type
|
||||
when 'category', 'approval'
|
||||
when 'category_authorization', 'category_approval'
|
||||
if @module_app.has_category
|
||||
@objects = @module_app.categories
|
||||
else
|
||||
|
@ -18,12 +18,12 @@ class Admin::AuthorizationsController < OrbitBackendController
|
|||
end
|
||||
unless @objects.blank?
|
||||
@object ||= @objects.first
|
||||
@users = @object.get_object_auth_by_title("#{@type}_#{@module_app.key}").auth_users
|
||||
@users = @object.get_authorization_by_title("#{@type}_#{@module_app.key}").authorized_users rescue nil
|
||||
else
|
||||
@error = t(:no_data)
|
||||
end
|
||||
else
|
||||
@users = @module_app.managing_users
|
||||
@users = @module_app.managers
|
||||
end
|
||||
elsif @module_apps
|
||||
@module_app = @module_apps.first
|
||||
|
@ -33,35 +33,42 @@ class Admin::AuthorizationsController < OrbitBackendController
|
|||
end
|
||||
end
|
||||
|
||||
def add(users)
|
||||
unless users.blank?
|
||||
if @type
|
||||
if @object
|
||||
object_auth = @object.get_object_auth_by_title("#{@type}_#{@module_app.key}")
|
||||
add_users_to_object_auth(object_auth, users)
|
||||
else
|
||||
@error = t(:no_data)
|
||||
def add_roles
|
||||
roles = Role.find(params[:role_ids]) rescue []
|
||||
users = []
|
||||
roles.each do |role|
|
||||
users += role.users.all.entries
|
||||
end
|
||||
else
|
||||
add_managers(users) unless users.blank?
|
||||
unless roles.blank?
|
||||
authorization = get_or_create_authorization
|
||||
add_roles_to_auth(authorization, roles) unless @error
|
||||
end
|
||||
@users = authorization.authorized_users
|
||||
render 'admin/authorizations/reload_users'
|
||||
end
|
||||
@users = users
|
||||
render 'admin/authorizations/insert_users'
|
||||
|
||||
def add_sub_roles
|
||||
sub_roles = SubRole.find(params[:sub_role_ids]) rescue []
|
||||
users = []
|
||||
sub_roles.each do |sub_role|
|
||||
users += sub_role.users.all.entries
|
||||
end
|
||||
unless sub_roles.blank?
|
||||
authorization = get_or_create_authorization
|
||||
add_sub_roles_to_auth(authorization, sub_roles) unless @error
|
||||
end
|
||||
@users = authorization.authorized_users
|
||||
render 'admin/authorizations/reload_users'
|
||||
end
|
||||
|
||||
def add_users
|
||||
users = User.find(params[:user_ids]) rescue []
|
||||
add(users)
|
||||
unless users.blank?
|
||||
authorization = get_or_create_authorization
|
||||
add_users_to_auth(authorization, users) unless @error
|
||||
end
|
||||
|
||||
def add_roles
|
||||
roles = Role.find(params[:role_ids]) rescue []
|
||||
users = roles.inject([]) do |users, role|
|
||||
users += role.users.all.entries
|
||||
users
|
||||
end
|
||||
add(users)
|
||||
@users = authorization.authorized_users
|
||||
render 'admin/authorizations/reload_users'
|
||||
end
|
||||
|
||||
def modal_select
|
||||
|
@ -70,63 +77,111 @@ class Admin::AuthorizationsController < OrbitBackendController
|
|||
if @type
|
||||
@object_id = @object.id if @object
|
||||
@sorted_users = roles.inject({}) do |users, role|
|
||||
users[role] = role.users.where(admin: false).not_guest_user - existing_users - @module_app.managing_users
|
||||
users[role] = role.users.where(admin: false) - existing_users - @module_app.managers
|
||||
users
|
||||
end
|
||||
else
|
||||
@sorted_users = roles.inject({}) do |users, role|
|
||||
users[role] = role.users.where(admin: false).not_guest_user - existing_users
|
||||
users[role] = role.users.where(admin: false) - existing_users
|
||||
users
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def remove_roles
|
||||
roles = Role.find(params[:role_ids]) rescue []
|
||||
unless roles.blank?
|
||||
authorization = get_or_create_authorization
|
||||
remove_roles_form_auth(authorization, roles)
|
||||
end
|
||||
@users = authorization.authorized_users
|
||||
render 'admin/authorizations/reload_users'
|
||||
end
|
||||
|
||||
def remove_sub_roles
|
||||
sub_roles = SubRole.find(params[:sub_role_ids]) rescue []
|
||||
unless sub_roles.blank?
|
||||
authorization = get_or_create_authorization
|
||||
remove_sub_roles_from_auth(authorization, sub_roles)
|
||||
end
|
||||
@users = authorization.authorized_users
|
||||
render 'admin/authorizations/reload_users'
|
||||
end
|
||||
|
||||
def remove_users
|
||||
@users = User.find(params[:ids]) rescue []
|
||||
unless @users.blank?
|
||||
if @type
|
||||
if @object
|
||||
object_auth = @object.get_object_auth_by_title("#{@type}_#{@module_app.key}")
|
||||
remove_users_form_object_auth(object_auth, @users)
|
||||
else
|
||||
@error = t(:no_data)
|
||||
authorization = get_or_create_authorization
|
||||
remove_users_from_auth(authorization, @users)
|
||||
end
|
||||
else
|
||||
remove_managers(@users)
|
||||
end
|
||||
end
|
||||
render 'admin/authorizations/remove_users'
|
||||
@users = authorization.authorized_users
|
||||
render 'admin/authorizations/reload_users'
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def add_managers(users)
|
||||
users.each do |user|
|
||||
@module_app.assign_manager(user, current_user)
|
||||
def add_managers_to_auth(users)
|
||||
@module_app.add_managers(users)
|
||||
end
|
||||
|
||||
def add_roles_to_auth(authorization, roles)
|
||||
authorization.add_roles(roles)
|
||||
end
|
||||
|
||||
def add_sub_roles_to_auth(authorization, sub_roles)
|
||||
authorization.add_sub_roles(sub_roles)
|
||||
end
|
||||
|
||||
def add_users_to_auth(authorization, users)
|
||||
authorization.add_users(users)
|
||||
end
|
||||
|
||||
def get_or_create_authorization
|
||||
case @type
|
||||
when 'category_approval'
|
||||
if @object
|
||||
@object.auth_approval || @object.create_auth_approval(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}")
|
||||
else
|
||||
@error = t(:no_data)
|
||||
end
|
||||
when 'category_authorization'
|
||||
if @object
|
||||
@object.auth_sub_manager || @object.create_auth_sub_manager(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}")
|
||||
else
|
||||
@error = t(:no_data)
|
||||
end
|
||||
when nil
|
||||
@module_app.auth_manager || @module_app.create_auth_manager(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}")
|
||||
else
|
||||
auth = @object.get_authorization_by_title("#{@type}_#{@module_app.key}")
|
||||
unless auth
|
||||
auth = @object.create_auth_approval(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}") if @type.include?('approval')
|
||||
auth = @object.create_auth_sub_manager(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}") if @type.include?('authorization')
|
||||
end
|
||||
auth
|
||||
end
|
||||
end
|
||||
|
||||
def add_users_to_object_auth(object_auth, users)
|
||||
users.each do |user|
|
||||
object_auth.add_user_to_privilege_list(user)
|
||||
end
|
||||
def remove_managers_from_auth(users)
|
||||
@module_app.remove_manager(users)
|
||||
end
|
||||
|
||||
def remove_managers(users)
|
||||
users.each do |user|
|
||||
@module_app.remove_manager(user)
|
||||
end
|
||||
def remove_roles_form_auth(authorization, roles)
|
||||
authorization.remove_roles(roles)
|
||||
end
|
||||
|
||||
def remove_users_form_object_auth(object_auth, users)
|
||||
users.each do |user|
|
||||
object_auth.remove_user_from_privilege_list(user)
|
||||
def remove_sub_roles_from_auth(authorization, sub_roles)
|
||||
authorization.remove_sub_roles(sub_roles)
|
||||
end
|
||||
|
||||
def remove_users_from_auth(authorization, users)
|
||||
authorization.remove_users(users)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def admin_or_manager
|
||||
@override_can_use = true
|
||||
setup_vars
|
||||
authenticate_user!
|
||||
user_is_manager?
|
||||
|
@ -136,7 +191,7 @@ class Admin::AuthorizationsController < OrbitBackendController
|
|||
@module_app = ModuleApp.first(conditions: {:key => params[:module]} ) if params[:module]
|
||||
@type = params[:type].underscore if params[:type]
|
||||
if @type
|
||||
@klass = @type.classify.constantize rescue nil
|
||||
@klass = @type.gsub('_authorization', '').gsub('_approval', '').classify.constantize rescue nil
|
||||
@object = @klass.find(params[:id]) rescue nil
|
||||
end
|
||||
end
|
||||
|
|
|
@ -4,6 +4,8 @@ class Admin::DashboardsController < OrbitBackendController
|
|||
#before_filter :authenticate_user!, :except => [:index]
|
||||
# before_filter :is_admin?
|
||||
|
||||
prepend_before_filter :set_public
|
||||
|
||||
layout "basic_back_end"
|
||||
|
||||
def index
|
||||
|
|
|
@ -2,18 +2,9 @@ class Admin::UsersNewInterfaceController < OrbitMemberController
|
|||
|
||||
helper MemberHelper
|
||||
|
||||
# before_filter :authenticate_user!
|
||||
# before_filter :set_attribute, :only => [:index, :show, :new, :edit]
|
||||
|
||||
before_filter :force_order_for_visitor,:only=>[:index,:show]
|
||||
before_filter :force_order_for_user,:except => [:index,:show]
|
||||
before_filter :set_attribute,:except => [:index,:show]
|
||||
prepend_filter :set_public, :only => [:index, :show]
|
||||
|
||||
def setup_vars
|
||||
# @app_title ||= controller_path.split('/')[1].singularize
|
||||
# @module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
|
||||
# raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil?
|
||||
end
|
||||
|
||||
def index
|
||||
get_tags
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
class OrbitBackendController < ApplicationController
|
||||
include OrbitCategory::Categorizing
|
||||
include OrbitCoreLib::AppBackendUtility
|
||||
include OrbitCoreLib::PermissionUtility
|
||||
include OrbitCoreLib::Authorization
|
||||
include OrbitTag::Tagging
|
||||
include AdminHelper
|
||||
include ApplicationHelper
|
||||
|
@ -10,12 +9,6 @@ class OrbitBackendController < ApplicationController
|
|||
|
||||
layout "back_end"
|
||||
|
||||
def setup_vars
|
||||
@app_title ||= controller_path.split('/')[1].singularize
|
||||
@module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
|
||||
raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil?
|
||||
end
|
||||
|
||||
def get_statuses
|
||||
status = []
|
||||
status << 'is_top'
|
||||
|
@ -28,27 +21,4 @@ class OrbitBackendController < ApplicationController
|
|||
end
|
||||
status
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def force_order_for_visitor
|
||||
check_backend_openness
|
||||
setup_vars
|
||||
set_current_user
|
||||
end
|
||||
|
||||
|
||||
def force_order_for_user
|
||||
setup_vars
|
||||
set_current_user
|
||||
authenticate_user!
|
||||
check_user_can_use
|
||||
end
|
||||
|
||||
def check_user_can_use
|
||||
unless check_permission
|
||||
#redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
|
||||
redirect_to root_url
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
class OrbitMemberController < ApplicationController
|
||||
include OrbitCategory::Categorizing
|
||||
include OrbitCoreLib::AppBackendUtility
|
||||
include OrbitCoreLib::PermissionUtility
|
||||
include OrbitCoreLib::Authorization
|
||||
include OrbitTag::Tagging
|
||||
include AdminHelper
|
||||
include ApplicationHelper
|
||||
|
@ -10,12 +9,6 @@ class OrbitMemberController < ApplicationController
|
|||
|
||||
layout "member"
|
||||
|
||||
def setup_vars
|
||||
@app_title ||= controller_path.split('/')[1].singularize
|
||||
@module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
|
||||
raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil?
|
||||
end
|
||||
|
||||
def get_statuses
|
||||
status = []
|
||||
status << 'is_top'
|
||||
|
@ -28,27 +21,4 @@ class OrbitMemberController < ApplicationController
|
|||
end
|
||||
status
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def force_order_for_visitor
|
||||
check_backend_openness
|
||||
setup_vars
|
||||
set_current_user
|
||||
end
|
||||
|
||||
|
||||
def force_order_for_user
|
||||
setup_vars
|
||||
set_current_user
|
||||
authenticate_user!
|
||||
check_user_can_use
|
||||
end
|
||||
|
||||
def check_user_can_use
|
||||
unless check_permission
|
||||
#redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
|
||||
redirect_to root_url
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -321,9 +321,9 @@ module OrbitBackendHelper
|
|||
def is_authorized(object)
|
||||
autorized = @module_app.authorizable_models.inject(false) do |autorized, klass|
|
||||
if object.is_a?(klass.constantize)
|
||||
autorized ||= object.cur_user_is_sub_manager_of("#{klass.underscore}_#{@module_app.key}")
|
||||
autorized ||= object.user_can_sub_manage?(current_user)
|
||||
else
|
||||
autorized ||= object.category.cur_user_is_sub_manager_of("category_#{@module_app.key}")
|
||||
autorized ||= object.category.user_can_sub_manage?(current_user)
|
||||
end
|
||||
autorized
|
||||
end
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
class AuthApproval < Authorization
|
||||
field :title
|
||||
|
||||
belongs_to :approval_authorizable, polymorphic: true
|
||||
has_and_belongs_to_many :authorized_users, class_name: 'User', inverse_of: 'approving_apps'
|
||||
end
|
|
@ -0,0 +1,4 @@
|
|||
class AuthManager < Authorization
|
||||
# belongs_to :manager_authorizable, polymorphic: true
|
||||
has_and_belongs_to_many :authorized_users, class_name: 'User', inverse_of: 'managing_apps'
|
||||
end
|
|
@ -0,0 +1,6 @@
|
|||
class AuthSubManager < Authorization
|
||||
field :title
|
||||
|
||||
belongs_to :sub_manager_authorizable, polymorphic: true
|
||||
has_and_belongs_to_many :authorized_users, class_name: 'User', inverse_of: 'sub_managing_apps'
|
||||
end
|
|
@ -0,0 +1,108 @@
|
|||
class Authorization
|
||||
include Mongoid::Document
|
||||
include Mongoid::Timestamps
|
||||
|
||||
field :title
|
||||
|
||||
belongs_to :module_app
|
||||
|
||||
has_and_belongs_to_many :roles
|
||||
has_and_belongs_to_many :sub_roles
|
||||
|
||||
delegate :update_auth_approval_users, :update_auth_manager_users, :update_auth_sub_manager_users, to: :module_app, prefix: true, allow_nil: true
|
||||
|
||||
after_save :update_module_app
|
||||
|
||||
|
||||
def add_roles(roles)
|
||||
users = []
|
||||
roles = Array(roles)
|
||||
add_operation(:roles, roles)
|
||||
sub_roles = []
|
||||
roles.each{|role| role.sub_roles.each{|sub_role| sub_roles << sub_role.id}}
|
||||
add_operation(:sub_roles, sub_roles)
|
||||
roles.each{|role| role.users.where(admin: false).each{|user| users << user}}
|
||||
add_users(users, false)
|
||||
end
|
||||
|
||||
def add_sub_roles(sub_roles)
|
||||
users = []
|
||||
sub_roles = Array(sub_roles)
|
||||
add_operation(:sub_roles, sub_roles)
|
||||
sub_roles.each do |sub_role|
|
||||
self.roles << sub_role.role unless self.roles.include?(sub_role.role)
|
||||
sub_role.users.where(admin: false).each{|user| users << user}
|
||||
end
|
||||
add_users(users, false)
|
||||
end
|
||||
|
||||
def add_users(users, with_parents = true)
|
||||
users = Array(users)
|
||||
add_operation(:authorized_users, users)
|
||||
users.each do |user|
|
||||
user.roles.each do |role|
|
||||
self.roles << role unless self.roles.include?(role)
|
||||
end
|
||||
user.sub_roles.each do |sub_role|
|
||||
self.sub_roles << sub_role unless self.sub_roles.include?(sub_role)
|
||||
end
|
||||
end if with_parents
|
||||
self.save
|
||||
end
|
||||
|
||||
def remove_roles(roles)
|
||||
users = []
|
||||
sub_roles = []
|
||||
roles = Array(roles)
|
||||
remove_operation(:roles, roles)
|
||||
roles.each do |role|
|
||||
role.sub_roles.each{|sub_role| sub_roles << sub_role}
|
||||
role.users.where(admin: false).each{|user| users << user}
|
||||
end
|
||||
remove_operation(:sub_role_ids, sub_roles)
|
||||
remove_operation(:authorized_user_ids, users)
|
||||
add_roles(self.roles)
|
||||
end
|
||||
|
||||
def remove_sub_roles(sub_roles)
|
||||
users = []
|
||||
sub_roles = Array(sub_roles)
|
||||
remove_operation(:sub_roles, sub_roles)
|
||||
sub_roles.each do |sub_role|
|
||||
users << sub_role.users.where(admin: false)
|
||||
end
|
||||
remove_operation(:authorized_user_ids, users)
|
||||
add_roles(self.roles)
|
||||
end
|
||||
|
||||
def remove_users(users)
|
||||
users = Array(users)
|
||||
remove_operation(:authorized_user_ids, users)
|
||||
self.save
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def add_operation(db_field, objs)
|
||||
objs.each do |obj|
|
||||
self.send(db_field) << obj unless self.send(db_field).include?(obj)
|
||||
end
|
||||
end
|
||||
|
||||
def remove_operation(db_field, obj)
|
||||
self.write_attribute(db_field, self.send(db_field) - obj.map{|y| y.id})
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def update_module_app
|
||||
case self._type
|
||||
when "AuthApproval"
|
||||
self.module_app_update_auth_approval_users
|
||||
when "AuthManager"
|
||||
self.module_app_update_auth_manager_users
|
||||
when "AuthSubManager"
|
||||
self.module_app_update_auth_sub_manager_users
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,7 +1,7 @@
|
|||
class Category
|
||||
include Mongoid::Document
|
||||
include Mongoid::Timestamps
|
||||
include OrbitCoreLib::ObjectAuthable
|
||||
include OrbitModel::Authorizable
|
||||
|
||||
field :disable, type: Boolean, default: false
|
||||
field :title, localize: true
|
||||
|
|
|
@ -1,16 +1,26 @@
|
|||
class ModuleApp
|
||||
include Mongoid::Document
|
||||
include Mongoid::Timestamps
|
||||
include OrbitCoreLib::ObjectTokenUtility
|
||||
include OrbitApp::ModuleAppMembershipTools
|
||||
# include OrbitCoreLib::ObjectTokenUtility
|
||||
# include OrbitApp::ModuleAppMembershipTools
|
||||
|
||||
field :auth_approval_users, type: Array, default: nil
|
||||
field :auth_manager_users, type: Array, default: nil
|
||||
field :auth_sub_manager_users, type: Array, default: nil
|
||||
field :key
|
||||
field :title
|
||||
field :sidebar_order,type: Integer,default: 0
|
||||
|
||||
has_one :auth_manager, dependent: :destroy
|
||||
has_many :auth_approvals, dependent: :destroy
|
||||
has_many :auth_sub_managers, dependent: :destroy
|
||||
has_many :categories, dependent: :destroy
|
||||
has_many :module_tags, dependent: :destroy
|
||||
|
||||
has_many :approvals #to remove
|
||||
|
||||
delegate :authorized_users, to: :auth_manager, prefix: true, allow_nil: true
|
||||
|
||||
def refetch_setting!(reg)
|
||||
# %w{module_label category base_url version organization author intro update_info create_date}.each do |field|
|
||||
# self[field.to_sym] = reg.send field
|
||||
|
@ -24,6 +34,7 @@ class ModuleApp
|
|||
self[:has_category] = reg.get_has_category
|
||||
self[:is_approvable] = reg.get_is_approvable
|
||||
self[:is_authorizable] = reg.get_is_authorizable
|
||||
self[:approvable_models] = reg.get_approvable_models
|
||||
self[:authorizable_models] = reg.get_authorizable_models
|
||||
end
|
||||
|
||||
|
@ -168,4 +179,71 @@ class ModuleApp
|
|||
self.module_tags.map{|t| t.tag }
|
||||
end
|
||||
|
||||
|
||||
# authorization
|
||||
def update_auth_approval_users
|
||||
user_ids = self.auth_approvals.inject([]) do |users, auth|
|
||||
users += auth.authorized_users.map{|user| user.id}
|
||||
end
|
||||
update_attribute(:auth_approval_users, user_ids.uniq)
|
||||
end
|
||||
|
||||
def update_auth_manager_users
|
||||
update_attribute(:auth_manager_users, self.auth_manager_authorized_users.map{|user| user.id})
|
||||
end
|
||||
|
||||
def update_auth_sub_manager_users
|
||||
user_ids = self.auth_sub_managers.inject([]) do |users, auth|
|
||||
users += auth.authorized_users.map{|user| user.id}
|
||||
end
|
||||
update_attribute(:auth_sub_manager_users, user_ids.uniq)
|
||||
end
|
||||
|
||||
def managers
|
||||
auth_manager_authorized_users || []
|
||||
end
|
||||
|
||||
def user_can_manage?(user)
|
||||
managers.include?(user)
|
||||
end
|
||||
|
||||
def add_managers(users)
|
||||
users = Array(users)
|
||||
if auth_manager = self.auth_manager
|
||||
auth_manager.update_attribute(:authorized_users, (auth_manager.authorized_users + users).uniq)
|
||||
else
|
||||
self.create_auth_manager(authorized_users: users)
|
||||
end
|
||||
end
|
||||
|
||||
def remove_managers(users)
|
||||
users = Array(users)
|
||||
users = users.delete_if{|user| user == current_user || is_admin?}
|
||||
self.auth_manager.update_attribute(:authorized_users, auth_manager.authorized_users - users)
|
||||
end
|
||||
|
||||
def is_manager?(user)
|
||||
if user && !auth_manager_users.blank?
|
||||
auth_manager_users.include?(user.id)
|
||||
else
|
||||
false
|
||||
end
|
||||
end
|
||||
|
||||
def is_sub_manager?(user)
|
||||
if user && !auth_sub_manager_users.blank?
|
||||
auth_sub_manager_users.include?(user.id)
|
||||
else
|
||||
false
|
||||
end
|
||||
end
|
||||
|
||||
def can_approve?(user)
|
||||
if user && !auth_approval_users.blank?
|
||||
auth_approval_users.include?(user.id)
|
||||
else
|
||||
false
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -19,12 +19,16 @@ class User
|
|||
field :cache_dept,type: Hash
|
||||
field :status_record,type: Hash
|
||||
|
||||
has_and_belongs_to_many :approving_apps, class_name: 'AuthApproval', inverse_of: 'authorized_users'
|
||||
has_and_belongs_to_many :managing_apps, class_name: 'AuthManager', inverse_of: 'authorized_users'
|
||||
has_and_belongs_to_many :sub_managing_apps, class_name: 'AuthSubManager', inverse_of: 'authorized_users'
|
||||
|
||||
has_many :attribute_values, :autosave => true, :dependent => :destroy
|
||||
has_many :app_auths,as: :privilege_apps,:inverse_of => :privilege_lists
|
||||
has_many :blocked_apps, :inverse_of => :blocked_users, :class_name => "AppAuth", :dependent => :destroy
|
||||
has_many :privilege_apps, :inverse_of => :privilege_users, :class_name => "AppAuth", :dependent => :destroy
|
||||
|
||||
has_many :managing_apps,:class_name => "AppManager", :dependent => :destroy
|
||||
# has_many :managing_apps,:class_name => "AppManager", :dependent => :destroy
|
||||
has_one :desktop, :autosave => true, :dependent => :destroy
|
||||
has_one :facebook, :autosave => true, :dependent => :destroy
|
||||
has_many :other_accounts, :autosave => true, :dependent => :destroy
|
||||
|
@ -273,8 +277,8 @@ class User
|
|||
end
|
||||
|
||||
def managed_module_apps
|
||||
self.managing_apps.inject([]) do |managed_apps, app_manager|
|
||||
managed_apps << app_manager.managing_app unless app_manager.managing_app.blank?
|
||||
self.managing_apps.inject([]) do |managed_apps, auth_manager|
|
||||
managed_apps << auth_manager.module_app
|
||||
managed_apps
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
<li class="filter-item selected_user <%= 'check-item' unless user == current_user || is_admin? %>" id="<%= user.id %>">
|
||||
<li class="filter-item selected_user <%= 'check-item' unless user == current_user || user.admin %>" id="<%= user.id %>">
|
||||
<label>
|
||||
<%= image_tag (user.avatar? ? user.avatar.thumb : 'menber-pic.png'), :class => "user-pic" %>
|
||||
<span class="user-name"><%= user.name %></span>
|
||||
<span><%= get_user_module_role(user) %></span>
|
||||
</label>
|
||||
<% unless user == current_user || is_admin? %>
|
||||
<% unless user == current_user || user.admin %>
|
||||
<input type="checkbox">
|
||||
<% end %>
|
||||
</li>
|
|
@ -13,11 +13,13 @@
|
|||
</div>
|
||||
</div>
|
||||
<div class="mini-layout-body span10">
|
||||
<%= link_to t(:module_authorization), admin_authorizations_path(@module_app.key) %>
|
||||
<%= link_to t(:module_authorization), admin_authorizations_path(@module_app.key) if @module_app.is_authorizable %>
|
||||
<% @module_app.authorizable_models.each do |authorizable_model| %>
|
||||
<%= link_to (authorizable_model.eql?('Category') ? t(:category_auth) : "#{authorizable_model.underscore.humanize.capitalize} #{t(:authorization_)}"), admin_authorizations_path(@module_app.key, type: authorizable_model.underscore) %>
|
||||
<%= link_to (authorizable_model.eql?('Category') ? t(:category_auth) : "#{authorizable_model.underscore.humanize.capitalize} #{t(:authorization_)}"), admin_authorizations_path(@module_app.key, type: "#{authorizable_model.underscore}_authorization") %>
|
||||
<% end %>
|
||||
<% @module_app.approvable_models.each do |approvable_model| %>
|
||||
<%= link_to (approvable_model.eql?('Category') ? t(:approval_) : "#{approvable_model.underscore.humanize.capitalize} #{t(:approval_)}"), admin_authorizations_path(@module_app.key, type: "#{approvable_model.underscore}_approval") %>
|
||||
<% end %>
|
||||
<%= link_to t(:approval_), admin_authorizations_path(@module_app.key, type: 'approval') if @module_app.is_approvable %>
|
||||
<% if @error %>
|
||||
<%= @error %>
|
||||
<% else %>
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
$("#card-list").append("<%= j render partial: 'user', collection: @users %>");
|
||||
$("#member-filter").modal('hide');
|
|
@ -0,0 +1,2 @@
|
|||
$("#card-list").html("<%= j render partial: 'user', collection: @users %>");
|
||||
$("#member-filter").modal('hide');
|
|
@ -27,6 +27,7 @@ module Orbit
|
|||
|
||||
# Custom directories with classes and modules you want to be autoloadable.
|
||||
# config.autoload_paths += %W(#{config.root}/extras)
|
||||
config.autoload_paths += %W(#{config.root}/app/models/auth)
|
||||
config.autoload_paths += %W(#{config.root}/app/models/ckeditor)
|
||||
config.autoload_paths += %W(#{config.root}/app/models/design)
|
||||
config.autoload_paths += %W(#{config.root}/app/models/desktop)
|
||||
|
|
|
@ -28,7 +28,7 @@ module OrbitApp
|
|||
end
|
||||
|
||||
class DataSheet
|
||||
attr_reader :name,:key,:base_path,:module_label,:data_count, :has_category, :has_tag, :authorizable_models, :is_approvable, :is_authorizable
|
||||
attr_reader :name,:key,:base_path,:module_label,:data_count, :has_category, :has_tag, :approvable_models, :authorizable_models, :is_approvable, :is_authorizable
|
||||
|
||||
def initialize(name, &block)
|
||||
@name = name
|
||||
|
@ -39,6 +39,7 @@ module OrbitApp
|
|||
@data_count = 1..15 # as default
|
||||
@has_category = nil
|
||||
@has_tag = nil
|
||||
@approvable_models = []
|
||||
@authorizable_models = []
|
||||
@is_approvable = nil
|
||||
@is_authorizable = nil
|
||||
|
@ -145,8 +146,13 @@ module OrbitApp
|
|||
define_method(field){|var| instance_variable_set( "@" + field, var)}
|
||||
end
|
||||
|
||||
def approvable(link=true)
|
||||
def approvable(link=true, &block)
|
||||
@is_approvable = {:with_link => link}
|
||||
if block
|
||||
block.call
|
||||
else
|
||||
approvable_on
|
||||
end
|
||||
end
|
||||
|
||||
def authorizable(link=true, &block)
|
||||
|
@ -158,6 +164,10 @@ module OrbitApp
|
|||
end
|
||||
end
|
||||
|
||||
def approvable_on(klass = 'Category')
|
||||
@approvable_models << klass
|
||||
end
|
||||
|
||||
def authorizable_on(klass = 'Category')
|
||||
@authorizable_models << klass
|
||||
end
|
||||
|
@ -170,6 +180,10 @@ module OrbitApp
|
|||
@has_tag = true
|
||||
end
|
||||
|
||||
def get_approvable_models
|
||||
@approvable_models
|
||||
end
|
||||
|
||||
def get_authorizable_models
|
||||
@authorizable_models
|
||||
end
|
||||
|
|
|
@ -9,11 +9,11 @@ module OrbitCategory
|
|||
end
|
||||
end
|
||||
|
||||
def get_categories_for_form(func_authed_for_sub_manager = "category_#{@module_app.key}")
|
||||
def get_categories_for_form
|
||||
categories = if is_manager? || is_admin?
|
||||
@module_app.categories.enabled
|
||||
elsif is_sub_manager?
|
||||
@module_app.categories.enabled.authed_for_user(current_user, func_authed_for_sub_manager)
|
||||
@module_app.categories.enabled.entries.delete_if{|category| !category.user_can_sub_manage?(current_user)}
|
||||
end
|
||||
if categories.empty?
|
||||
flash[:alert] = t(:no_category)
|
||||
|
|
|
@ -140,30 +140,39 @@ module OrbitCoreLib
|
|||
end
|
||||
end
|
||||
|
||||
module AppBackendUtility
|
||||
module Authorization
|
||||
def self.included(base)
|
||||
base.class_eval do
|
||||
before_filter :can_use
|
||||
end
|
||||
end
|
||||
|
||||
def setup_vars
|
||||
@app_title ||= controller_path.split('/')[1].singularize
|
||||
@module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
|
||||
# raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil?
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def force_order_for_visitor
|
||||
setup_vars
|
||||
set_current_user
|
||||
end
|
||||
|
||||
|
||||
def force_order_for_user
|
||||
def can_use
|
||||
unless @override_can_use
|
||||
check_backend_openness if @public
|
||||
setup_vars
|
||||
set_current_user
|
||||
unless @public
|
||||
authenticate_user!
|
||||
check_user_can_use
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def set_public
|
||||
@public = true
|
||||
end
|
||||
|
||||
def check_user_can_use
|
||||
unless check_permission
|
||||
#redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
|
||||
unless current_or_guest_user.admin? || @module_app.is_manager?(current_or_guest_user) || @module_app.is_sub_manager?(current_or_guest_user) || @module_app.can_approve?(current_or_guest_user)
|
||||
redirect_to root_url
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
module OrbitModel
|
||||
|
||||
module Authorizable
|
||||
|
||||
def self.included(base)
|
||||
base.class_eval do
|
||||
has_one :auth_approval, as: :approval_authorizable, dependent: :destroy
|
||||
has_one :auth_sub_manager, as: :sub_manager_authorizable, dependent: :destroy
|
||||
delegate :authorized_users, to: :auth_approval, prefix: true, allow_nil: true
|
||||
delegate :authorized_users, to: :auth_sub_manager, prefix: true, allow_nil: true
|
||||
send :include, InstanceMethods
|
||||
end
|
||||
end
|
||||
|
||||
module InstanceMethods
|
||||
|
||||
# Normal case
|
||||
# Use of categories to define approval and sub-manager
|
||||
def approval_users
|
||||
auth_approval_authorized_users
|
||||
end
|
||||
|
||||
def sub_managers
|
||||
auth_sub_manager_authorized_users
|
||||
end
|
||||
|
||||
def user_can_approve?(user)
|
||||
approval_users.include?(user) if approval_users
|
||||
end
|
||||
|
||||
def user_can_sub_manage?(user)
|
||||
sub_managers.include?(user) if sub_managers
|
||||
end
|
||||
|
||||
# Specific case
|
||||
# Approval or sub-manager is defined on something else than categories
|
||||
def authorized_users_by_title(title)
|
||||
approval_users if auth_approval && auth_approval.title.eql?(title)
|
||||
sub_managers if auth_sub_manager && auth_sub_manager.title.eql?(title)
|
||||
end
|
||||
|
||||
def get_authorization_by_title(title)
|
||||
auth_approval if auth_approval && auth_approval.title.eql?(title)
|
||||
auth_sub_manager if auth_sub_manager && auth_sub_manager.title.eql?(title)
|
||||
end
|
||||
|
||||
def user_is_authorized_by_title?(user, title)
|
||||
authorized_users_by_title(title).include?(user)
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
|
@ -3,11 +3,7 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
|
|||
|
||||
before_filter :clean_values, :only => [:create, :update]
|
||||
|
||||
# before_filter :for_admin_only,:only => [:]
|
||||
# before_filter :for_app_manager,:only => [:index,:show,]
|
||||
before_filter :force_order_for_visitor,:only=>[:index,:show,:get_sorted_and_filtered_bulletins]
|
||||
before_filter :force_order_for_user,:except => [:index,:show,:get_sorted_and_filtered_bulletins]
|
||||
before_filter :for_app_sub_manager,:except => [:index,:show,:get_sorted_and_filtered_bulletins]
|
||||
prepend_before_filter :set_public, :only => [:index, :show, :get_sorted_and_filtered_bulletins]
|
||||
|
||||
before_filter :only => [ :new, :create, :edit, :update ] do |controller|
|
||||
@categories = get_categories_for_form
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
class Panel::PageContent::BackEnd::PageContextsController < OrbitBackendController
|
||||
before_filter :force_order_for_visitor,:only=>[:index]
|
||||
before_filter :force_order_for_user,:except => [:index]
|
||||
|
||||
before_filter :for_app_manager,:except => [:index]
|
||||
before_filter :for_app_sub_manager,:except => [:index]
|
||||
prepend_before_filter :set_public, :only => [:index]
|
||||
|
||||
#before_filter :is_admin?
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ class PageContext
|
|||
include Mongoid::Timestamps
|
||||
include Mongoid::MultiParameterAttributes
|
||||
include Impressionist::Impressionable
|
||||
include OrbitCoreLib::ObjectAuthable
|
||||
include OrbitModel::Authorizable
|
||||
|
||||
is_impressionable :counter_cache => { :column_name => :view_count }
|
||||
|
||||
|
|
Loading…
Reference in New Issue