From 3a8dbd6af4baebcda062f264df80b41ccd6aeb56 Mon Sep 17 00:00:00 2001
From: Matthew Kaito Juyuan Fu <matthewfu.tw@gmail.com>
Date: Tue, 7 Feb 2012 16:16:48 +0800
Subject: [PATCH 1/3] first commit for object auth,will take new_blog for
 experiment

---
 .../admin/object_auths_controller.rb          | 71 ++++++++++++++
 app/models/app_auth.rb                        | 93 +------------------
 app/models/object_auth.rb                     | 11 +++
 app/models/prototype_auth.rb                  | 93 +++++++++++++++++++
 .../components/_user_role_management.html.erb | 34 +++++++
 app/views/admin/module_apps/edit.html.erb     | 33 +------
 .../admin/object_auths/_auth_unit.html.erb    |  3 +
 app/views/admin/object_auths/edit.html.erb    | 13 +++
 app/views/admin/object_auths/index.html.erb   | 39 ++++++++
 config/routes.rb                              |  2 +
 .../new_blog/app/models/post.rb               |  1 +
 11 files changed, 271 insertions(+), 122 deletions(-)
 create mode 100644 app/controllers/admin/object_auths_controller.rb
 create mode 100644 app/models/object_auth.rb
 create mode 100644 app/models/prototype_auth.rb
 create mode 100644 app/views/admin/components/_user_role_management.html.erb
 create mode 100644 app/views/admin/object_auths/_auth_unit.html.erb
 create mode 100644 app/views/admin/object_auths/edit.html.erb
 create mode 100644 app/views/admin/object_auths/index.html.erb

diff --git a/app/controllers/admin/object_auths_controller.rb b/app/controllers/admin/object_auths_controller.rb
new file mode 100644
index 000000000..2b54cc5ef
--- /dev/null
+++ b/app/controllers/admin/object_auths_controller.rb
@@ -0,0 +1,71 @@
+class Admin::ObjectAuthsController < ApplicationController
+  layout "admin"
+  before_filter :authenticate_user!
+#  before_filter :is_admin? ,:only => :index
+  
+  def index
+    # @roles = Role.all.entries
+    # apps = Purchase.where(:type =>"App")
+    # @app_auth_data = apps.entries.map do |app|
+    #   app_c = eval(app.app_controller)
+    #   obj = app_c.new
+    #   obj_auth = obj.send  "auth"
+    #   [:app_obj => app,:auth_field => obj_auth]
+    # end
+    # if current_user.admin?
+      @object_auths = ObjectAuth.all
+    # else
+    #       @module_apps = current_user.managing_apps.collect{|t| t.managing_app}
+    #     end
+  end
+
+  def create
+    # app_auth = AppAuth.find_or_create_by(module_app_id: params[:module_app_id])
+    #    params[:new].each do |item|
+    #      field = item[0]
+    #      field_value = item[1]
+    #      if field_value!=''
+    #        case field
+    #        when 'role'
+    #          app_auth.send("add_#{field}",(Role.find field_value)) rescue nil
+    #        when 'sub_role'
+    #          app_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil
+    #        when 'privilege_user'
+    #          app_auth.add_user_to_privilege_list (User.find field_value) rescue nil
+    #        when 'blocked_user'  
+    #          app_auth.add_user_to_black_list (User.find field_value) rescue nil
+    #        end
+    #      end
+    #    end
+    #    app = ModuleApp.find params[:module_app_id] rescue nil
+    #    redirect_to edit_admin_module_app_path(app)
+  end
+  
+  def remove
+    # app_auth = AppAuth.find( params[:id] )
+    #      type = params[:type]
+    #      field_value = params[:target_id]
+    #      if field_value!=''
+    #        case type
+    #        when 'role'
+    #          app_auth.remove_role(Role.find field_value) rescue nil
+    #        when 'sub_role'
+    #          app_auth.remove_sub_role(SubRole.find field_value) rescue nil
+    #        when 'privilege_user'
+    #          app_auth.remove_user_from_privilege_list (User.find field_value) rescue nil
+    #        when 'blocked_user'  
+    #          app_auth.remove_user_from_black_list (User.find field_value) rescue nil
+    #        end
+    #      end
+    #    
+    #    app = ModuleApp.find params[:module_app_id] rescue nil
+    #    redirect_to edit_admin_module_app_path(app)
+  end
+
+  def edit
+    @object_auth = ObjectAuth.find(params[:id])
+  end
+  
+  
+
+end
\ No newline at end of file
diff --git a/app/models/app_auth.rb b/app/models/app_auth.rb
index b31add3c0..5a3de60c5 100644
--- a/app/models/app_auth.rb
+++ b/app/models/app_auth.rb
@@ -1,94 +1,5 @@
-class AppAuth
-  include Mongoid::Document
-  include Mongoid::Timestamps
- # after_save :update_block_list,:update_privilage_list
-  
-  field :title
-  field :token
-  field :all ,type: Boolean,default: false
+class AppAuth < PrototypeAuth
+
   belongs_to :module_app
   
-  belongs_to :users
-  # belongs_to :users,as: :block_users, :inverse_of => :privilege_apps
-  has_and_belongs_to_many :blocked_users,  :inverse_of => nil, :class_name => "User"
-  has_and_belongs_to_many :privilege_users,  :inverse_of => nil, :class_name => "User"
-
-
-  has_and_belongs_to_many :roles
-  has_and_belongs_to_many :sub_roles
-  
-  attr_protected :roles,:sub_roles,:privilege_users,:blocked_users,:users
-
-  def add_role role
-    add_operation(:roles,role)
-  end
-  
-  def add_sub_role role
-    add_operation(:sub_roles,role)
-  end
-  
-  def remove_role role
-    remove_operation(:roles,role)
-  end
-  
-  def remove_sub_role role
-    remove_operation(:sub_roles,role)
-  end
-  
-  def add_user_to_black_list user
-    add_operation(:blocked_users,user)
-  end
-  
-  def remove_user_from_black_list user
-    remove_operation(:blocked_users,user)
-  end
-  
-  def add_user_to_privilege_list user
-    add_operation(:privilege_users,user)
-  end
-  
-  def remove_user_from_privilege_list user
-    remove_operation(:privilege_users,user)
-  end
-  
-  def remove_operation(item,obj)
-    if (self.send item).include? obj
-       (self.send item).delete obj
-      self.save!
-    else
-      false #should put error message for user not existed in list
-    end    
-  end
-  
-  def add_operation(item,obj)
-    unless (self.send item).include?(obj)
-      (self.send item) << obj
-      self.save!
-    else
-      false #should put error message for user existed in list already
-    end
-  end
-  
-  def auth_users
-    if self.all?
-      User.all.entries
-    else
-      ary=[]
-      [:roles,:sub_roles].each do |t_role|
-        ary += (self.send t_role).collect do |role|
-          role.users
-        end        
-      end
-      ary << self.privilege_users
-      ary.flatten!.uniq  
-    end
-  end
-  
-  def auth_users_after_block_list
-    auth_users - self.blocked_users
-  end
-  
- # protected
-  
-
 end
\ No newline at end of file
diff --git a/app/models/object_auth.rb b/app/models/object_auth.rb
new file mode 100644
index 000000000..dab7acc73
--- /dev/null
+++ b/app/models/object_auth.rb
@@ -0,0 +1,11 @@
+class ObjectAuth  < PrototypeAuth
+
+  belongs_to :obj_authable, polymorphic: true
+  # > - Something.find_with_auth(query)
+  # > - or Something.find(query).auth
+  def auth_obj
+    class_obj = eval(self.obj_authable_type)
+    class_obj.find self.obj_authable_id
+  end
+
+end
\ No newline at end of file
diff --git a/app/models/prototype_auth.rb b/app/models/prototype_auth.rb
new file mode 100644
index 000000000..734268c43
--- /dev/null
+++ b/app/models/prototype_auth.rb
@@ -0,0 +1,93 @@
+class PrototypeAuth
+  include Mongoid::Document
+  include Mongoid::Timestamps
+ # after_save :update_block_list,:update_privilage_list
+  
+  field :title
+  field :token
+  field :all ,type: Boolean,default: false
+  
+  belongs_to :users
+  # belongs_to :users,as: :block_users, :inverse_of => :privilege_apps
+  has_and_belongs_to_many :blocked_users,  :inverse_of => nil, :class_name => "User"
+  has_and_belongs_to_many :privilege_users,  :inverse_of => nil, :class_name => "User"
+
+
+  has_and_belongs_to_many :roles
+  has_and_belongs_to_many :sub_roles
+  
+  attr_protected :roles,:sub_roles,:privilege_users,:blocked_users,:users
+
+  def add_role role
+    add_operation(:roles,role)
+  end
+  
+  def add_sub_role role
+    add_operation(:sub_roles,role)
+  end
+  
+  def remove_role role
+    remove_operation(:roles,role)
+  end
+  
+  def remove_sub_role role
+    remove_operation(:sub_roles,role)
+  end
+  
+  def add_user_to_black_list user
+    add_operation(:blocked_users,user)
+  end
+  
+  def remove_user_from_black_list user
+    remove_operation(:blocked_users,user)
+  end
+  
+  def add_user_to_privilege_list user
+    add_operation(:privilege_users,user)
+  end
+  
+  def remove_user_from_privilege_list user
+    remove_operation(:privilege_users,user)
+  end
+  
+  def remove_operation(item,obj)
+    if (self.send item).include? obj
+       (self.send item).delete obj
+      self.save!
+    else
+      false #should put error message for user not existed in list
+    end    
+  end
+  
+  def add_operation(item,obj)
+    unless (self.send item).include?(obj)
+      (self.send item) << obj
+      self.save!
+    else
+      false #should put error message for user existed in list already
+    end
+  end
+  
+  def auth_users
+    if self.all?
+      User.all.entries
+    else
+      ary=[]
+      [:roles,:sub_roles].each do |t_role|
+        ary += (self.send t_role).collect do |role|
+          role.users
+        end        
+      end
+      ary << self.privilege_users
+      ary.flatten!.uniq  
+    end
+  end
+  
+  def auth_users_after_block_list
+    auth_users - self.blocked_users
+  end
+  
+ # protected
+  
+
+end
\ No newline at end of file
diff --git a/app/views/admin/components/_user_role_management.html.erb b/app/views/admin/components/_user_role_management.html.erb
new file mode 100644
index 000000000..7afca0a4d
--- /dev/null
+++ b/app/views/admin/components/_user_role_management.html.erb
@@ -0,0 +1,34 @@
+<div id="user_role_management">
+	<%#= debugger %>
+	<h1>User Role</h1>
+	<%= debugger %>
+	<%= form_tag(polymorphic_path([controller_path.split('/')[0],object,auth.class.name.underscore]),:method => :post) do %>
+		<%= collection_select(:new,:role, Role.all, :id, :key, :prompt => true) %>
+		<%= submit_tag 'Add Role' %><br/>
+		<%= collection_select(:new,:sub_role, SubRole.all, :id, :key, :prompt => true) %>
+		<%= submit_tag 'Add SubRole' %><br/>
+		<%= collection_select(:new,:privilege_user, User.all, :id, :name, :prompt => true) %>	
+		<%= submit_tag 'Add PrivilegeList' %><br/>
+		<%= collection_select(:new,:blocked_user, User.all, :id, :name, :prompt => true) %>
+		<%= submit_tag 'Add BlockedList' %><br/>
+	<% end %>
+	<ul>Roles </ul>
+	<% unless auth.nil? %>
+		<% auth.roles.each do |role| %>
+			<li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %>
+				<%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'role',:target_id=>role.id),:method => :delete %></li>
+		<% end %>
+	<ul>Sub Roles </ul>
+		<% auth.sub_roles.each do |role| %>
+			<li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %> </li><%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'sub_role',:target_id=>role.id),:method => :delete %>
+			<% end %>
+	<ul>PrivilegeList </ul>
+			<% auth.privilege_users.each do |user| %>
+				<li> <%= user.name %> <%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'privilege_user',:target_id=>user.id),:method => :delete %> </li>
+			<% end %>
+	<ul>BlockedList </ul>
+			<% auth.blocked_users.each do |user| %>
+				<li> <%= user.name %><%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'blocked_user',:target_id=>user.id),:method => :delete %> </li>
+			<% end %>
+<% end %>
+</div>
\ No newline at end of file
diff --git a/app/views/admin/module_apps/edit.html.erb b/app/views/admin/module_apps/edit.html.erb
index 9429e963d..5a2d56ec2 100644
--- a/app/views/admin/module_apps/edit.html.erb
+++ b/app/views/admin/module_apps/edit.html.erb
@@ -36,34 +36,5 @@
 		</dd>
 	</dl>
 </div>
-<div id="user_role_management">
-	<h1>User Role</h1>
-	<%= form_tag(admin_module_app_app_auths_path(@module_app),:method => :post) do %>
-		<%= collection_select(:new,:role, Role.all, :id, :key, :prompt => true) %>
-		<%= submit_tag 'Add Role' %><br/>
-		<%= collection_select(:new,:sub_role, SubRole.all, :id, :key, :prompt => true) %>
-		<%= submit_tag 'Add SubRole' %><br/>
-		<%= collection_select(:new,:privilege_user, User.all, :id, :name, :prompt => true) %>	
-		<%= submit_tag 'Add PrivilegeList' %><br/>
-		<%= collection_select(:new,:blocked_user, User.all, :id, :name, :prompt => true) %>
-		<%= submit_tag 'Add BlockedList' %><br/>
-	<% end %>
-	<ul>Roles </ul>
-	<% unless @module_app.app_auth.nil? %>
-		<% @module_app.app_auth.roles.each do |role| %>
-			<li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %> <%= link_to '[X]',remove_admin_module_app_app_auth_path(@module_app,@module_app.app_auth,'role',role),:method => :delete %></li>
-		<% end %>
-	<ul>Sub Roles </ul>
-		<% @module_app.app_auth.sub_roles.each do |role| %>
-			<li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %> </li><%= link_to '[X]',remove_admin_module_app_app_auth_path(@module_app,@module_app.app_auth,'sub_role',role),:method => :delete %>
-			<% end %>
-	<ul>PrivilegeList </ul>
-			<% @module_app.app_auth.privilege_users.each do |user| %>
-				<li> <%= user.name %> <%= link_to '[X]',remove_admin_module_app_app_auth_path(@module_app,@module_app.app_auth,'privilege_user',user),:method => :delete %> </li>
-			<% end %>
-	<ul>BlockedList </ul>
-			<% @module_app.app_auth.blocked_users.each do |user| %>
-				<li> <%= user.name %><%= link_to '[X]',remove_admin_module_app_app_auth_path(@module_app,@module_app.app_auth,'blocked_user',user),:method => :delete %> </li>
-			<% end %>
-<% end %>
-</div>
+<%= render :partial => "admin/components/user_role_management", :locals => { :object => @module_app ,:auth=> @module_app.app_auth } %>
+
diff --git a/app/views/admin/object_auths/_auth_unit.html.erb b/app/views/admin/object_auths/_auth_unit.html.erb
new file mode 100644
index 000000000..5a246fc3a
--- /dev/null
+++ b/app/views/admin/object_auths/_auth_unit.html.erb
@@ -0,0 +1,3 @@
+<div class="auth_unit">
+	<%= unit%>
+<div>
\ No newline at end of file
diff --git a/app/views/admin/object_auths/edit.html.erb b/app/views/admin/object_auths/edit.html.erb
new file mode 100644
index 000000000..62e9b4657
--- /dev/null
+++ b/app/views/admin/object_auths/edit.html.erb
@@ -0,0 +1,13 @@
+<% content_for :secondary do %>
+<% end %>
+
+<!-- Remove if CSS done-->
+<br />
+<br />
+<br />
+<!-- Remove if CSS done-->
+<h3><%= @object_auth.title %></h3>
+
+<%= render :partial => "admin/components/user_role_management", :locals => { :object => @object_auth.auth_obj ,:auth=> @object_auth } %>
+
+
diff --git a/app/views/admin/object_auths/index.html.erb b/app/views/admin/object_auths/index.html.erb
new file mode 100644
index 000000000..7db021e54
--- /dev/null
+++ b/app/views/admin/object_auths/index.html.erb
@@ -0,0 +1,39 @@
+<% content_for :secondary do %>
+	<% #render 'side_bar' %>
+<% end %>
+
+<div class="main_list">
+	<%= flash_messages %>
+	<div class="button_bar up">
+		<%  #link_to t('admin.new_user'), new_admin_user_path, :class => 'new' %>
+	</div>
+	<table>
+		<thead>
+			<tr>
+				 <td><%= t('admin.object_auth.title') %></td>
+		      <td><%= t('admin.object_auth.obj_type') %></td>
+		      
+			</tr>
+		</thead>
+		<tbody>
+			<% @object_auths.each do |object_auth| %>
+			<tr>
+				<td class="name"><%= object_auth.title %></td>
+				<td class="name"><%= object_auth.obj_authable_type.to_s %></td>
+			
+				<td class="action">
+					<%= link_to t(:show), admin_object_auth_path(object_auth), :class => 'show' %>
+					<%= link_to t(:edit), edit_admin_object_auth_path(object_auth), :class => 'edit' %>
+					<%= link_to t(:delete), admin_object_auth_path(object_auth), :class => 'delete', :confirm => t('sure?'), :method => :delete %>
+				</td>
+			</tr>
+			<tr>
+				<td colspan="5"></td>
+			</tr>
+			<% end %>
+		</tbody>
+	</table>
+	<div class="button_bar">
+		<%# link_to t('admin.new_user'), new_admin_user_path, :class => 'new' %>
+	</div>	
+</div>
diff --git a/config/routes.rb b/config/routes.rb
index 3d483d08a..275ef2020 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -13,6 +13,8 @@ PrototypeR4::Application.routes.draw do
   namespace :admin do
     resources :assets
     resources :app_auths 
+    resources :object_auths 
+
     resources :ad_banners
     resources :designs do
       collection do
diff --git a/vendor/built_in_modules/new_blog/app/models/post.rb b/vendor/built_in_modules/new_blog/app/models/post.rb
index f60c1c196..2926c3051 100644
--- a/vendor/built_in_modules/new_blog/app/models/post.rb
+++ b/vendor/built_in_modules/new_blog/app/models/post.rb
@@ -5,4 +5,5 @@ class Post
   field :body, :type => String
   embeds_many :comments
   validates_presence_of :title, :body
+  has_one :object_auth,as: :obj_authable,dependent: :delete
 end
\ No newline at end of file

From 31d7cd5b380e65d2e05fe6d7d423515ebc40e7e4 Mon Sep 17 00:00:00 2001
From: Matthew Kaito Juyuan Fu <matthewfu.tw@gmail.com>
Date: Thu, 9 Feb 2012 17:48:51 +0800
Subject: [PATCH 2/3] Object Auth. Now object can be included with "include
 OrbitCoreLib::ObjectAuthable" to use kernel method,such as
 1.Object.authed_for_user(user,title_of_object_auth).  title_of_object_auth is
 optional 2.object.authed_users(user,title_of_object_auth) . 
 title_of_object_auth is optional if title_of_object_auth is not given,then it
 will return calculation across all possiblity.

---
 .../admin/object_auths_controller.rb          | 79 +++++++++----------
 .../components/_user_role_management.html.erb | 12 ++-
 app/views/admin/module_apps/edit.html.erb     |  2 +-
 app/views/admin/object_auths/edit.html.erb    |  3 +-
 config/routes.rb                              |  7 +-
 lib/orbit_core_lib.rb                         | 42 ++++++++++
 .../new_blog/app/models/post.rb               |  3 +-
 7 files changed, 96 insertions(+), 52 deletions(-)
 create mode 100644 lib/orbit_core_lib.rb

diff --git a/app/controllers/admin/object_auths_controller.rb b/app/controllers/admin/object_auths_controller.rb
index 2b54cc5ef..7c6f60f04 100644
--- a/app/controllers/admin/object_auths_controller.rb
+++ b/app/controllers/admin/object_auths_controller.rb
@@ -19,53 +19,50 @@ class Admin::ObjectAuthsController < ApplicationController
     #     end
   end
 
-  def create
-    # app_auth = AppAuth.find_or_create_by(module_app_id: params[:module_app_id])
-    #    params[:new].each do |item|
-    #      field = item[0]
-    #      field_value = item[1]
-    #      if field_value!=''
-    #        case field
-    #        when 'role'
-    #          app_auth.send("add_#{field}",(Role.find field_value)) rescue nil
-    #        when 'sub_role'
-    #          app_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil
-    #        when 'privilege_user'
-    #          app_auth.add_user_to_privilege_list (User.find field_value) rescue nil
-    #        when 'blocked_user'  
-    #          app_auth.add_user_to_black_list (User.find field_value) rescue nil
-    #        end
-    #      end
-    #    end
-    #    app = ModuleApp.find params[:module_app_id] rescue nil
-    #    redirect_to edit_admin_module_app_path(app)
-  end
+  def create_role
+    object_auth = ObjectAuth.find(params[:id])
+          params[:new].each do |item|
+            field = item[0]
+            field_value = item[1]
+            if field_value!=''
+              case field
+              when 'role'
+                object_auth.send("add_#{field}",(Role.find field_value)) rescue nil
+              when 'sub_role'
+                object_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil
+              when 'privilege_user'
+                object_auth.add_user_to_privilege_list (User.find field_value) rescue nil
+              when 'blocked_user'  
+                object_auth.add_user_to_black_list (User.find field_value) rescue nil
+              end
+            end
+          end
+          redirect_to edit_admin_object_auth_path(object_auth)
+   end
   
-  def remove
-    # app_auth = AppAuth.find( params[:id] )
-    #      type = params[:type]
-    #      field_value = params[:target_id]
-    #      if field_value!=''
-    #        case type
-    #        when 'role'
-    #          app_auth.remove_role(Role.find field_value) rescue nil
-    #        when 'sub_role'
-    #          app_auth.remove_sub_role(SubRole.find field_value) rescue nil
-    #        when 'privilege_user'
-    #          app_auth.remove_user_from_privilege_list (User.find field_value) rescue nil
-    #        when 'blocked_user'  
-    #          app_auth.remove_user_from_black_list (User.find field_value) rescue nil
-    #        end
-    #      end
-    #    
-    #    app = ModuleApp.find params[:module_app_id] rescue nil
-    #    redirect_to edit_admin_module_app_path(app)
+  def remove_role
+    object_auth = ObjectAuth.find(params[:id])
+         type = params[:type]
+         field_value = params[:target_id]
+         if field_value!=''
+           case type
+           when 'role'
+             object_auth.remove_role(Role.find field_value) rescue nil
+           when 'sub_role'
+             object_auth.remove_sub_role(SubRole.find field_value) rescue nil
+           when 'privilege_user'
+             object_auth.remove_user_from_privilege_list (User.find field_value) rescue nil
+           when 'blocked_user'  
+             object_auth.remove_user_from_black_list (User.find field_value) rescue nil
+           end
+         end
+       redirect_to edit_admin_object_auth_path(object_auth)
   end
 
   def edit
     @object_auth = ObjectAuth.find(params[:id])
   end
   
-  
+
 
 end
\ No newline at end of file
diff --git a/app/views/admin/components/_user_role_management.html.erb b/app/views/admin/components/_user_role_management.html.erb
index 7afca0a4d..593073516 100644
--- a/app/views/admin/components/_user_role_management.html.erb
+++ b/app/views/admin/components/_user_role_management.html.erb
@@ -1,8 +1,6 @@
 <div id="user_role_management">
-	<%#= debugger %>
 	<h1>User Role</h1>
-	<%= debugger %>
-	<%= form_tag(polymorphic_path([controller_path.split('/')[0],object,auth.class.name.underscore]),:method => :post) do %>
+	<%= form_tag(submit_url) do %>
 		<%= collection_select(:new,:role, Role.all, :id, :key, :prompt => true) %>
 		<%= submit_tag 'Add Role' %><br/>
 		<%= collection_select(:new,:sub_role, SubRole.all, :id, :key, :prompt => true) %>
@@ -16,19 +14,19 @@
 	<% unless auth.nil? %>
 		<% auth.roles.each do |role| %>
 			<li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %>
-				<%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'role',:target_id=>role.id),:method => :delete %></li>
+				<%= link_to '[X]',polymorphic_path(ploy_route_ary,:type=>'role',:target_id=>role.id),:method => :delete %></li>
 		<% end %>
 	<ul>Sub Roles </ul>
 		<% auth.sub_roles.each do |role| %>
-			<li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %> </li><%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'sub_role',:target_id=>role.id),:method => :delete %>
+			<li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %> </li><%= link_to '[X]',polymorphic_path(ploy_route_ary,:type=>'sub_role',:target_id=>role.id),:method => :delete %>
 			<% end %>
 	<ul>PrivilegeList </ul>
 			<% auth.privilege_users.each do |user| %>
-				<li> <%= user.name %> <%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'privilege_user',:target_id=>user.id),:method => :delete %> </li>
+				<li> <%= user.name %> <%= link_to '[X]',polymorphic_path(ploy_route_ary,:type=>'privilege_user',:target_id=>user.id),:method => :delete %> </li>
 			<% end %>
 	<ul>BlockedList </ul>
 			<% auth.blocked_users.each do |user| %>
-				<li> <%= user.name %><%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'blocked_user',:target_id=>user.id),:method => :delete %> </li>
+				<li> <%= user.name %><%= link_to '[X]',polymorphic_path(ploy_route_ary,:type=>'blocked_user',:target_id=>user.id),:method => :delete %> </li>
 			<% end %>
 <% end %>
 </div>
\ No newline at end of file
diff --git a/app/views/admin/module_apps/edit.html.erb b/app/views/admin/module_apps/edit.html.erb
index 5a2d56ec2..23745806b 100644
--- a/app/views/admin/module_apps/edit.html.erb
+++ b/app/views/admin/module_apps/edit.html.erb
@@ -36,5 +36,5 @@
 		</dd>
 	</dl>
 </div>
-<%= render :partial => "admin/components/user_role_management", :locals => { :object => @module_app ,:auth=> @module_app.app_auth } %>
+<%= render :partial => "admin/components/user_role_management", :locals => { :object => @module_app ,:auth=> @module_app.app_auth ,:submit_url=> admin_module_app_app_auths_path(@module_app),:ploy_route_ary=>['remove',:admin,@module_app,@module_app.app_auth] } %>
 
diff --git a/app/views/admin/object_auths/edit.html.erb b/app/views/admin/object_auths/edit.html.erb
index 62e9b4657..67fb026e1 100644
--- a/app/views/admin/object_auths/edit.html.erb
+++ b/app/views/admin/object_auths/edit.html.erb
@@ -8,6 +8,7 @@
 <!-- Remove if CSS done-->
 <h3><%= @object_auth.title %></h3>
 
-<%= render :partial => "admin/components/user_role_management", :locals => { :object => @object_auth.auth_obj ,:auth=> @object_auth } %>
+<%= render :partial => "admin/components/user_role_management", :locals => { 
+	:object => @object_auth.auth_obj ,:auth=>@object_auth,:submit_url=>create_role_admin_object_auth_path(@object_auth),:ploy_route_ary=>['remove',:admin,@object_auth] } %>
 
 
diff --git a/config/routes.rb b/config/routes.rb
index 275ef2020..abe298248 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -13,7 +13,12 @@ PrototypeR4::Application.routes.draw do
   namespace :admin do
     resources :assets
     resources :app_auths 
-    resources :object_auths 
+    resources :object_auths  do
+      member do
+        match ':id/create_role',:action => 'create_role',:iia => "post",:as => :create_role
+        match 'remove/:type/:target_id' ,:action=> 'remove_role',:via => "delete",:as =>:remove
+      end
+    end
 
     resources :ad_banners
     resources :designs do
diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb
new file mode 100644
index 000000000..8056f4f97
--- /dev/null
+++ b/lib/orbit_core_lib.rb
@@ -0,0 +1,42 @@
+module  OrbitCoreLib
+  module  ObjectAuthable
+    def self.included(base)
+      base.instance_eval("has_many :object_auths,as: :obj_authable,dependent: :delete")
+      
+      base.define_singleton_method :authed_for_user do |user,title = nil|
+        sub_role_ids_ary=user.sub_roles.collect{|t| t.id}
+        if title.nil?
+          auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s)
+        else
+          auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s,title: title)
+        end
+        
+        query1 = auth_object_space.any_in({sub_role_ids: sub_role_ids_ary}).excludes(blocked_user_ids: user.id)
+        query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id},{role_ids: user.role.id}).excludes(blocked_user_ids: user.id)
+        result = (query1 + query2).uniq
+        result.collect{|t| t.obj_authable}
+      end
+        
+    end
+    
+    def authed_users(title=nil)
+      users = []
+      unless title.nil?
+        users = self.object_auths.where(title: title )[0].auth_users_after_block_list rescue []
+      else
+        users = self.object_auths.collect{|t| t.auth_users_after_block_list} rescue []
+        users.flatten!.uniq!
+      end
+      users
+    end
+    
+    def tell_me_class
+      self.class.name
+    end
+    
+    def search_object_db
+      ObjectAuth.where(obj_authable_type: self.class.name)
+    end
+    
+  end
+end
diff --git a/vendor/built_in_modules/new_blog/app/models/post.rb b/vendor/built_in_modules/new_blog/app/models/post.rb
index 2926c3051..ef882a6dd 100644
--- a/vendor/built_in_modules/new_blog/app/models/post.rb
+++ b/vendor/built_in_modules/new_blog/app/models/post.rb
@@ -1,9 +1,10 @@
 class Post
   include Mongoid::Document
   include Mongoid::Timestamps
+  include OrbitCoreLib::ObjectAuthable
+  
   field :title, :type => String
   field :body, :type => String
   embeds_many :comments
   validates_presence_of :title, :body
-  has_one :object_auth,as: :obj_authable,dependent: :delete
 end
\ No newline at end of file

From 32159564cd83a5c64812109e0bf921f57b29d111 Mon Sep 17 00:00:00 2001
From: Matthew Kaito Juyuan Fu <matthewfu.tw@gmail.com>
Date: Thu, 9 Feb 2012 19:04:06 +0800
Subject: [PATCH 3/3] build interface to work with object auth. Go to
 panel/new_blog/back_end/posts/   ,click New Auth link

---
 .../admin/object_auths_controller.rb          | 57 +++++++++++--------
 app/views/admin/object_auths/new.html.erb     | 23 ++++++++
 config/routes.rb                              |  5 +-
 lib/orbit_core_lib.rb                         |  8 ---
 .../new_blog/back_end/posts/index.html.erb    |  1 +
 .../new_blog/back_end/posts/new.html.erb      |  2 +-
 6 files changed, 61 insertions(+), 35 deletions(-)
 create mode 100644 app/views/admin/object_auths/new.html.erb

diff --git a/app/controllers/admin/object_auths_controller.rb b/app/controllers/admin/object_auths_controller.rb
index 7c6f60f04..ce404e53c 100644
--- a/app/controllers/admin/object_auths_controller.rb
+++ b/app/controllers/admin/object_auths_controller.rb
@@ -4,40 +4,47 @@ class Admin::ObjectAuthsController < ApplicationController
 #  before_filter :is_admin? ,:only => :index
   
   def index
-    # @roles = Role.all.entries
-    # apps = Purchase.where(:type =>"App")
-    # @app_auth_data = apps.entries.map do |app|
-    #   app_c = eval(app.app_controller)
-    #   obj = app_c.new
-    #   obj_auth = obj.send  "auth"
-    #   [:app_obj => app,:auth_field => obj_auth]
-    # end
     # if current_user.admin?
       @object_auths = ObjectAuth.all
     # else
     #       @module_apps = current_user.managing_apps.collect{|t| t.managing_app}
     #     end
   end
+  
+  def new
+    obj = eval(params[:type]).find params[:obj_id]
+    @object_auth=obj.object_auths.build
+    respond_to do |format|
+      format.html # new.html.erb
+      format.xml  { render :xml => @post }
+    end
+  end
+  
+  def create
+    obj = eval(params[:object_auth][:type]).find params[:object_auth][:obj_id]
+    @object_auth=obj.object_auths.create :title=> params[:object_auth][:title]
+    redirect_to edit_admin_object_auth_path(@object_auth)
+  end
 
   def create_role
     object_auth = ObjectAuth.find(params[:id])
-          params[:new].each do |item|
-            field = item[0]
-            field_value = item[1]
-            if field_value!=''
-              case field
-              when 'role'
-                object_auth.send("add_#{field}",(Role.find field_value)) rescue nil
-              when 'sub_role'
-                object_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil
-              when 'privilege_user'
-                object_auth.add_user_to_privilege_list (User.find field_value) rescue nil
-              when 'blocked_user'  
-                object_auth.add_user_to_black_list (User.find field_value) rescue nil
-              end
-            end
-          end
-          redirect_to edit_admin_object_auth_path(object_auth)
+    params[:new].each do |item|
+      field = item[0]
+      field_value = item[1]
+      if field_value!=''
+        case field
+        when 'role'
+          object_auth.send("add_#{field}",(Role.find field_value)) rescue nil
+        when 'sub_role'
+          object_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil
+        when 'privilege_user'
+          object_auth.add_user_to_privilege_list (User.find field_value) rescue nil
+        when 'blocked_user'  
+          object_auth.add_user_to_black_list (User.find field_value) rescue nil
+        end
+      end
+    end
+    redirect_to edit_admin_object_auth_path(object_auth)
    end
   
   def remove_role
diff --git a/app/views/admin/object_auths/new.html.erb b/app/views/admin/object_auths/new.html.erb
new file mode 100644
index 000000000..25fd6fd5e
--- /dev/null
+++ b/app/views/admin/object_auths/new.html.erb
@@ -0,0 +1,23 @@
+<% content_for :secondary do %>
+  <ul class="list">
+  </ul>
+<% end -%>
+
+<br/>
+<br/>
+<br/>
+<br/>
+
+<%= flash_messages %>
+<h1><%= t('object_auth.new_object_auth') %></h1>
+<%= form_for @object_auth, :url => admin_object_auths_path do |f| %>
+	<%= f.label :title   %>
+	<%= f.text_field :title, :class => 'text'   %>
+	<%= f.hidden_field :obj_id, :value => params[:obj_id]   %>
+	<%= f.hidden_field :type, :value => params[:type]   %>
+
+	<%= submit_tag 'Add Auth' %><br/>
+	
+<% end %>
+
+<%= link_back %>
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index abe298248..d2fe14b8f 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -14,8 +14,11 @@ PrototypeR4::Application.routes.draw do
     resources :assets
     resources :app_auths 
     resources :object_auths  do
+      collection do
+        match 'new/:type/:obj_id',:action => 'new',:via => "get",:as => :init
+      end
       member do
-        match ':id/create_role',:action => 'create_role',:iia => "post",:as => :create_role
+        match ':id/create_role',:action => 'create_role',:via => "post",:as => :create_role
         match 'remove/:type/:target_id' ,:action=> 'remove_role',:via => "delete",:as =>:remove
       end
     end
diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb
index 8056f4f97..bf1d66a39 100644
--- a/lib/orbit_core_lib.rb
+++ b/lib/orbit_core_lib.rb
@@ -30,13 +30,5 @@ module  OrbitCoreLib
       users
     end
     
-    def tell_me_class
-      self.class.name
-    end
-    
-    def search_object_db
-      ObjectAuth.where(obj_authable_type: self.class.name)
-    end
-    
   end
 end
diff --git a/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/index.html.erb b/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/index.html.erb
index 9473b70b4..54ed9f1ee 100644
--- a/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/index.html.erb
+++ b/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/index.html.erb
@@ -21,6 +21,7 @@
   <tr>
     <td><%= post.title %></td>
     <td><%= truncate(post.body,:length=>15) %></td>
+    <td><%= link_to t('blog.new_auth'), init_admin_object_auths_path("Post",post) %></td>
     <td><%= link_to t('blog.show'), panel_new_blog_back_end_post_path(post) %></td>
     <td><%= link_to t('blog.edit'), edit_panel_new_blog_back_end_post_path(post) %></td>
     <td><%= link_to t('blog.delete'), panel_new_blog_back_end_post_path(post), :confirm => t('blog.sure?'), :method => :delete %></td>
diff --git a/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/new.html.erb b/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/new.html.erb
index af5aa326b..21758da8d 100644
--- a/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/new.html.erb
+++ b/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/new.html.erb
@@ -7,7 +7,7 @@
 <%= flash_messages %>
 <h1><%= t('blog.new_post') %></h1>
 <%= form_for @post, :url => panel_new_blog_back_end_posts_path do |f| %>
-	<%= render :partial => 'form', :locals => {:f => f} %>
+	<%= f.text_field :title, :class => 'text'   %>
 <% end %>
 
 <%= link_back %>