From cc550c57459bdb3efcddc402096a1101a40d35a3 Mon Sep 17 00:00:00 2001 From: Matthew Kaito Juyuan Fu Date: Wed, 15 Feb 2012 18:20:44 +0800 Subject: [PATCH] First version for App and Object auth.Taking Announcement as experiment --- .../admin/object_auths_controller.rb | 12 ++++++++-- app/controllers/obit_frontend_controller.rb | 3 --- app/controllers/obit_widget_controller.rb | 3 --- app/controllers/orbit_backend_controller.rb | 24 +++++++++++++++++++ ...=> orbit_frontend_component_controller.rb} | 2 +- app/controllers/orbit_frontend_controller.rb | 3 +++ app/controllers/orbit_widget_controller.rb | 3 +++ app/helpers/admin/app_auth_helper.rb | 5 ++++ app/helpers/admin_helper.rb | 13 ++++++++++ app/models/app_auth.rb | 1 + app/models/module_app.rb | 8 +++++++ app/models/prototype_auth.rb | 2 +- .../admin/module_apps/_app_selector.html.erb | 1 - app/views/admin/object_auths/edit.html.erb | 2 +- config/routes.rb | 2 +- lib/orbit_core_lib.rb | 22 +++++++++++++++++ lib/tasks/anc_tasks.rake | 22 +++++++++++++++++ lib/tasks/dev.rake | 6 +++++ .../announcement/announcement.json | 2 +- .../back_end/fact_checks_controller.rb | 5 ++-- .../app/models/bulletin_category.rb | 2 +- .../_bulletin_category.html.erb | 16 +++++++------ .../back_end/bulletins/index.html.erb | 2 +- .../back_end/fact_checks/index.html.erb | 10 +++++--- .../announcement/config/routes.rb | 1 + .../lib/tasks/announcement_tasks.rake | 4 ---- .../new_blog/front_end/comments_controller.rb | 2 +- .../new_blog/front_end/posts_controller.rb | 2 +- 28 files changed, 146 insertions(+), 34 deletions(-) delete mode 100644 app/controllers/obit_frontend_controller.rb delete mode 100644 app/controllers/obit_widget_controller.rb create mode 100644 app/controllers/orbit_backend_controller.rb rename app/controllers/{obit_frontend_component_controller.rb => orbit_frontend_component_controller.rb} (74%) create mode 100644 app/controllers/orbit_frontend_controller.rb create mode 100644 app/controllers/orbit_widget_controller.rb delete mode 100644 app/views/admin/module_apps/_app_selector.html.erb create mode 100644 lib/tasks/anc_tasks.rake delete mode 100644 vendor/built_in_modules/announcement/lib/tasks/announcement_tasks.rake diff --git a/app/controllers/admin/object_auths_controller.rb b/app/controllers/admin/object_auths_controller.rb index 3bff43742..573409b65 100644 --- a/app/controllers/admin/object_auths_controller.rb +++ b/app/controllers/admin/object_auths_controller.rb @@ -1,8 +1,12 @@ class Admin::ObjectAuthsController < ApplicationController + include OrbitCoreLib::PermissionUnility layout "admin" before_filter :authenticate_user! + before_filter :check_if_user_can_do_object_auth # before_filter :is_admin? ,:only => :index + + def index # if current_user.admin? @object_auths = ObjectAuth.all @@ -70,7 +74,11 @@ class Admin::ObjectAuthsController < ApplicationController def edit @object_auth = ObjectAuth.find(params[:id]) end - - +private + def check_if_user_can_do_object_auth + unless check_permission(:manager) + render :nothing => true, :status => 403 + end + end end \ No newline at end of file diff --git a/app/controllers/obit_frontend_controller.rb b/app/controllers/obit_frontend_controller.rb deleted file mode 100644 index fb42ac781..000000000 --- a/app/controllers/obit_frontend_controller.rb +++ /dev/null @@ -1,3 +0,0 @@ -class ObitFrontendController< ObitFrontendComponentController - -end \ No newline at end of file diff --git a/app/controllers/obit_widget_controller.rb b/app/controllers/obit_widget_controller.rb deleted file mode 100644 index e0a9746d9..000000000 --- a/app/controllers/obit_widget_controller.rb +++ /dev/null @@ -1,3 +0,0 @@ -class ObitWidgetController< ObitFrontendComponentController - -end \ No newline at end of file diff --git a/app/controllers/orbit_backend_controller.rb b/app/controllers/orbit_backend_controller.rb new file mode 100644 index 000000000..49505c8f4 --- /dev/null +++ b/app/controllers/orbit_backend_controller.rb @@ -0,0 +1,24 @@ +class OrbitBackendController< ApplicationController + before_filter :authenticate_user! + before_filter :setup_vars + # before_filter {|c| c.front_end_available(@app_title)} + before_filter :check_user_can_use,:except => [:public] + include OrbitCoreLib::PermissionUnility + + layout 'admin' + + def setup_vars + @app_title = request.fullpath.split('/')[2] + @module_app = ModuleApp.first(conditions: {:key => @app_title} ) + + end + + private + + def check_user_can_use + unless check_permission + redirect_to polymorphic_path(['panel',@app_title,'back_end','public']) + end + end + +end \ No newline at end of file diff --git a/app/controllers/obit_frontend_component_controller.rb b/app/controllers/orbit_frontend_component_controller.rb similarity index 74% rename from app/controllers/obit_frontend_component_controller.rb rename to app/controllers/orbit_frontend_component_controller.rb index d0be3a25d..126950406 100644 --- a/app/controllers/obit_frontend_component_controller.rb +++ b/app/controllers/orbit_frontend_component_controller.rb @@ -1,4 +1,4 @@ -class ObitFrontendComponentController< ApplicationController +class OrbitFrontendComponentController< ApplicationController before_filter :setup_vars before_filter {|c| c.front_end_available(@app_title)} layout 'module_widget' diff --git a/app/controllers/orbit_frontend_controller.rb b/app/controllers/orbit_frontend_controller.rb new file mode 100644 index 000000000..e1be81677 --- /dev/null +++ b/app/controllers/orbit_frontend_controller.rb @@ -0,0 +1,3 @@ +class OrbitFrontendController< OrbitFrontendComponentController + +end \ No newline at end of file diff --git a/app/controllers/orbit_widget_controller.rb b/app/controllers/orbit_widget_controller.rb new file mode 100644 index 000000000..c2be4691e --- /dev/null +++ b/app/controllers/orbit_widget_controller.rb @@ -0,0 +1,3 @@ +class ObitWidgetController< OrbitFrontendComponentController + +end \ No newline at end of file diff --git a/app/helpers/admin/app_auth_helper.rb b/app/helpers/admin/app_auth_helper.rb index fe63a2a6a..1a022e948 100644 --- a/app/helpers/admin/app_auth_helper.rb +++ b/app/helpers/admin/app_auth_helper.rb @@ -3,4 +3,9 @@ module Admin::AppAuthHelper link_to t(:enable), eval("admin_#{attribute_type}_path(attribute, :authenticity_token => form_authenticity_token, :#{attribute_type} => {:disabled => true})"), :remote => true, :method => :put, :id => "disable_#{attribute.id}", :style => "display:#{attribute.is_disabled? ? 'none' : ''}", :class => 'switch' link_to t(:disable), eval("admin_#{attribute_type}_path(attribute, :authenticity_token => form_authenticity_token, :#{attribute_type} => {:disabled => false})"), :remote => true, :method => :put, :id => "enable_#{attribute.id}", :style => "display:#{attribute.is_disabled? ? '' : 'none'}", :class => 'switch' end + + def if_permitted_to(user,role) + + end + end \ No newline at end of file diff --git a/app/helpers/admin_helper.rb b/app/helpers/admin_helper.rb index 6ae3a213a..021687da8 100644 --- a/app/helpers/admin_helper.rb +++ b/app/helpers/admin_helper.rb @@ -5,4 +5,17 @@ module AdminHelper link_to('/' , admin_items_path) + ( @parent_items.map{ |i| link_to(i.name, admin_items_path(:parent_id=>i.id) ) } << @parent_item.name ).join("/").html_safe end + # Check if the current_user is manager in current module app + def is_manager? + @module_app.is_manager?(current_user) || is_admin? + end + + # Check if the current_user is sub manager in current module app + def is_sub_manager? + @module_app.is_sub_manager?(current_user)|| is_admin? + end + + def is_admin? + current_user.admin? + end end \ No newline at end of file diff --git a/app/models/app_auth.rb b/app/models/app_auth.rb index 5a3de60c5..94af40bbb 100644 --- a/app/models/app_auth.rb +++ b/app/models/app_auth.rb @@ -2,4 +2,5 @@ class AppAuth < PrototypeAuth belongs_to :module_app + end \ No newline at end of file diff --git a/app/models/module_app.rb b/app/models/module_app.rb index 5d885cd1d..7e5e23fda 100644 --- a/app/models/module_app.rb +++ b/app/models/module_app.rb @@ -26,6 +26,14 @@ class ModuleApp before_save :set_key + def is_manager?(user) + managing_users.include?(user) + end + + def is_sub_manager?(user) + sub_managing_users.include?(user) || is_manager?(user) + end + def managing_users self.managers.collect{ |t| t.user } end diff --git a/app/models/prototype_auth.rb b/app/models/prototype_auth.rb index 893f402b0..6b22a1b39 100644 --- a/app/models/prototype_auth.rb +++ b/app/models/prototype_auth.rb @@ -16,7 +16,7 @@ class PrototypeAuth has_and_belongs_to_many :roles has_and_belongs_to_many :sub_roles - attr_protected :roles,:sub_roles,:privilege_users,:blocked_users,:users + attr_protected :roles,:sub_roles,:privilege_users,:blocked_users def add_role role add_operation(:roles,role) diff --git a/app/views/admin/module_apps/_app_selector.html.erb b/app/views/admin/module_apps/_app_selector.html.erb deleted file mode 100644 index ae3b2e47c..000000000 --- a/app/views/admin/module_apps/_app_selector.html.erb +++ /dev/null @@ -1 +0,0 @@ -<%= f.select :module_app_id, @apps.collect { |t| [t.title.capitalize, t.id] }, {}, {:rel => admin_module_apps_path } %> diff --git a/app/views/admin/object_auths/edit.html.erb b/app/views/admin/object_auths/edit.html.erb index 67fb026e1..fc824a649 100644 --- a/app/views/admin/object_auths/edit.html.erb +++ b/app/views/admin/object_auths/edit.html.erb @@ -11,4 +11,4 @@ <%= render :partial => "admin/components/user_role_management", :locals => { :object => @object_auth.auth_obj ,:auth=>@object_auth,:submit_url=>create_role_admin_object_auth_path(@object_auth),:ploy_route_ary=>['remove',:admin,@object_auth] } %> - +<%= link_to 'Back to object',eval(@object_auth.obj_authable.class.to_s+"::AfterObjectAuthUrl") %> \ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index cd3921f00..ba5acb0ab 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -16,7 +16,7 @@ PrototypeR4::Application.routes.draw do resources :app_auths resources :object_auths do collection do - match 'new/:type/:obj_id',:action => 'new',:via => "get",:as => :init + match 'new/:type/:obj_id/:module_app_id',:action => 'new',:via => "get",:as => :init end member do match ':id/create_role',:action => 'create_role',:via => "post",:as => :create_role diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb index bf1d66a39..2520e04c6 100644 --- a/lib/orbit_core_lib.rb +++ b/lib/orbit_core_lib.rb @@ -31,4 +31,26 @@ module OrbitCoreLib end end + + module PermissionUnility + private + def check_permission(type = :use) + permission_grant = current_user.admin?? true : false + module_app = @module_app.nil?? ModuleApp.find(params[:module_app_id]) : @module_app + unless permission_grant + permission_grant = case type + when :use + users_ary = module_app.app_auth.auth_users rescue nil + users_ary = [] if users_ary.nil? + (users_ary.include?(current_user) || module_app.is_manager?(current_user) || module_app.is_sub_manager?(current_user)) + when :manager + module_app.is_manager?(current_user) + when :sub_manager + module_app.is_manager?(current_user) || module_app.is_sub_manager?(current_user) + end + end + permission_grant + end + + end end diff --git a/lib/tasks/anc_tasks.rake b/lib/tasks/anc_tasks.rake new file mode 100644 index 000000000..3145d1192 --- /dev/null +++ b/lib/tasks/anc_tasks.rake @@ -0,0 +1,22 @@ +# encoding: utf-8 + +namespace :anc do + + task :build => :environment do + bulletin_category_1 = BulletinCategory.create(:key => "C1ChrisCheckANDPreivew",:display => "List" ) + bulletin_category_1.create_i18n_variable(:en => "ChrisCheckANDPreivew", :zh_tw => 'ChrisCheckANDPreivew') + bulletin_category_2 = BulletinCategory.create(:key => "C2MattCheckANDPreivew",:display => "List" ) + bulletin_category_2.create_i18n_variable(:en => "MattCheckANDPreivew", :zh_tw => 'MattCheckANDPreivew') + bulletin_category_3 = BulletinCategory.create(:key => "C3MattCheckChrisPreview",:display => "List" ) + bulletin_category_3.create_i18n_variable(:en => "MattCheckChrisPreview", :zh_tw => 'MattCheckChrisPreview') + + + bulletin_1 = Bulletin.create(:title => "C1P1",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category => bulletin_category_1 ) + bulletin_2 = Bulletin.create(:title => "C1P2",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category => bulletin_category_1 ) + bulletin_3 = Bulletin.create(:title => "C2P1",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category => bulletin_category_2 ) + bulletin_4 = Bulletin.create(:title => "C2P2",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category => bulletin_category_2 ) + bulletin_5 = Bulletin.create(:title => "C3P1",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category => bulletin_category_3 ) + bulletin_6 = Bulletin.create(:title => "C3P2",:status => nil,:subtitle => "",:text => "value",:postadate => Time.now,:deadline => nil,:bulletin_category => bulletin_category_3 ) + + end +end \ No newline at end of file diff --git a/lib/tasks/dev.rake b/lib/tasks/dev.rake index ee3447432..70776ed96 100644 --- a/lib/tasks/dev.rake +++ b/lib/tasks/dev.rake @@ -125,6 +125,12 @@ namespace :dev do AttributeValue.create( :user_id => user.id, :attribute_field_id => i_1.attribute_fields[1].id, :key => 'last_name', :en => 'Fu', :zh_tw => '傅' ) AttributeValue.create( :user_id => user.id, :attribute_field_id => sr_2_1.attribute_fields[0].id, :key => 'major', :en => 'Information management', :zh_tw => '信息化管理' ) AttributeValue.create( :user_id => user.id, :attribute_field_id => sr_2_1.attribute_fields[1].id, :key => 'department', :en => 'Computer Science', :zh_tw => '計算機科學' ) + + user = User.create( :email => 'manager@rulingcom.com', :password => 'password', :password_confirmation => 'password', :admin => false, :role_id => r_2.id, :sub_role_ids => [sr_2_1.id ] ) + AttributeValue.create( :user_id => user.id, :attribute_field_id => i_1.attribute_fields[0].id, :key => 'first_name', :en => 'Manager', :zh_tw => '管理員' ) + AttributeValue.create( :user_id => user.id, :attribute_field_id => i_1.attribute_fields[1].id, :key => 'last_name', :en => 'Chen', :zh_tw => '陳' ) + AttributeValue.create( :user_id => user.id, :attribute_field_id => sr_2_1.attribute_fields[0].id, :key => 'major', :en => 'Information management', :zh_tw => '信息化管理' ) + AttributeValue.create( :user_id => user.id, :attribute_field_id => sr_2_1.attribute_fields[1].id, :key => 'department', :en => 'Computer Science', :zh_tw => '計算機科學' ) ad_banner = AdBanner.new(:title => 'banner_1',:post_date => Date.today,:context=> "context",:ad_fx=>'zoom',:direct_to_after_click=>true) diff --git a/vendor/built_in_modules/announcement/announcement.json b/vendor/built_in_modules/announcement/announcement.json index 0751a0e77..b23ec5721 100644 --- a/vendor/built_in_modules/announcement/announcement.json +++ b/vendor/built_in_modules/announcement/announcement.json @@ -1,5 +1,5 @@ { - "title": "Announcement", + "title": "announcement", "version": "0.1", "organization": "Rulingcom", "author": "RD dep", diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb index ef7e1943e..1ef3b3007 100644 --- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb +++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb @@ -1,9 +1,10 @@ -class Panel::Announcement::BackEnd::FactChecksController < ApplicationController +class Panel::Announcement::BackEnd::FactChecksController < OrbitBackendController + before_filter :authenticate_user! layout 'admin' def index @bulletin_categorys_preview = BulletinCategory.authed_for_user(current_user,'preview') - @bulletin_categorys_check = BulletinCategory.authed_for_user(current_user,'check') + @bulletin_categorys_check = BulletinCategory.authed_for_user(current_user,'fact_check') end def new diff --git a/vendor/built_in_modules/announcement/app/models/bulletin_category.rb b/vendor/built_in_modules/announcement/app/models/bulletin_category.rb index 4e3dd1861..d86b17add 100644 --- a/vendor/built_in_modules/announcement/app/models/bulletin_category.rb +++ b/vendor/built_in_modules/announcement/app/models/bulletin_category.rb @@ -6,7 +6,7 @@ class BulletinCategory include OrbitCoreLib::ObjectAuthable ObjectAuthTitlesOptions = %W{preview fact_check} - + AfterObjectAuthUrl = '/panel/announcement/back_end/bulletin_categorys' # include Mongoid::MultiParameterAttributes PAYMENT_TYPES = [ "List", "Picture" ] diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb index 2e0e7ddf0..2cd097ed2 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb @@ -5,13 +5,15 @@ <%= bulletin_category.i18n_variable[locale] rescue nil %> <% end %> <%= bulletin_category.display %> - - <%= link_to t('blog.new_auth'), init_admin_object_auths_path("BulletinCategory",bulletin_category) %>
- <% bulletin_category.object_auths.each do |obj_auth| %> - <%= link_to obj_auth.title,edit_admin_object_auth_url(obj_auth) %>
- <% end %> - - + <% if is_manager? %> + + <%= link_to t('blog.new_auth'), init_admin_object_auths_path("BulletinCategory",bulletin_category,@module_app) %>
+ <% bulletin_category.object_auths.each do |obj_auth| %> + <%= link_to obj_auth.title,edit_admin_object_auth_url(obj_auth) %>
+ <% end %> + + + <% end %> <%= link_to t('bulletin_category.edit'), edit_panel_announcement_back_end_bulletin_category_path(bulletin_category), :remote => true %> | <%= link_to t('bulletin_category.quick_edit'), panel_announcement_back_end_bulletin_category_quick_edit_path(bulletin_category), :remote => true %> | <%= link_to t('bulletin_category.delete'), panel_announcement_back_end_bulletin_category_path(bulletin_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %> diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb index fd2b29b5b..26e8926c1 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb @@ -1,4 +1,4 @@ -<%= render 'filter' %> +]<%= render 'filter' %> <%= render 'bulletins' %>
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb index 65ebeb286..0f42ed4b1 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/fact_checks/index.html.erb @@ -42,10 +42,14 @@

<%= t('bulletin.list_announcement') %>

- +
+

Preview

<%= render :partial => "list_table", :collection => @bulletin_categorys_preview,:as => :bulletin_category%> - +
+=================================================================================================================== +
+

Check Please

<%= render :partial => "list_table", :collection => @bulletin_categorys_check,:as => :bulletin_category%> - +

diff --git a/vendor/built_in_modules/announcement/config/routes.rb b/vendor/built_in_modules/announcement/config/routes.rb index cc8777490..b707437e7 100644 --- a/vendor/built_in_modules/announcement/config/routes.rb +++ b/vendor/built_in_modules/announcement/config/routes.rb @@ -2,6 +2,7 @@ Rails.application.routes.draw do namespace :panel do namespace :announcement do namespace :back_end do + match 'public' => "announcements#public",:as => :public resources :fact_checks root :to => "bulletins#index" resources :bulletins diff --git a/vendor/built_in_modules/announcement/lib/tasks/announcement_tasks.rake b/vendor/built_in_modules/announcement/lib/tasks/announcement_tasks.rake deleted file mode 100644 index f097b1fa4..000000000 --- a/vendor/built_in_modules/announcement/lib/tasks/announcement_tasks.rake +++ /dev/null @@ -1,4 +0,0 @@ -# desc "Explaining what the task does" -# task :announcement do -# # Task goes here -# end diff --git a/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/comments_controller.rb b/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/comments_controller.rb index 769f46659..9bb61778d 100644 --- a/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/comments_controller.rb +++ b/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/comments_controller.rb @@ -1,4 +1,4 @@ -class Panel::NewBlog::FrontEnd::CommentsController < ObitFrontendController +class Panel::NewBlog::FrontEnd::CommentsController < OrbitFrontendController def create @post = Post.find(params[:post_id]) @comment = @post.comments.create!(params[:comment]) diff --git a/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/posts_controller.rb b/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/posts_controller.rb index 1aeb34b2b..48b0c1c55 100644 --- a/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/posts_controller.rb +++ b/vendor/built_in_modules/new_blog/app/controllers/panel/new_blog/front_end/posts_controller.rb @@ -1,4 +1,4 @@ -class Panel::NewBlog::FrontEnd::PostsController < ObitFrontendController +class Panel::NewBlog::FrontEnd::PostsController < OrbitFrontendController # GET /posts # GET /posts.xml def index