From ec40591489d12e2c282cf82d460cf3aec21df596 Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 22 Aug 2013 12:17:50 +0800 Subject: [PATCH] Make the filter for authorisation easier for developers --- lib/orbit_core_lib.rb | 128 +++++++++++++++--- .../back_end/bulletins_controller.rb | 2 +- 2 files changed, 110 insertions(+), 20 deletions(-) diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb index 53eb5d79a..66ed59538 100644 --- a/lib/orbit_core_lib.rb +++ b/lib/orbit_core_lib.rb @@ -144,36 +144,126 @@ module OrbitCoreLib def self.included(base) base.class_eval do before_filter :can_use + send :include, InstanceMethods end + base.extend(ClassMethods) end - def setup_vars - @app_title ||= controller_path.split('/')[1].singularize - @module_app ||= ModuleApp.first(conditions: {:key => @app_title} ) - # raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil? + module ClassMethods + protected + + def open_for_admin(arg = nil) + if arg + key = arg.shift + prepend_before_filter key[0] => key[1] {|f| f.open_for :admin} + else + prepend_before_filter {|f| f.open_for :admin} + end + end + + def open_for_manager(arg = nil) + if arg + key = arg.shift + prepend_before_filter key[0] => key[1] {|f| f.open_for :manager} + else + prepend_before_filter {|f| f.open_for :manager} + end + end + + def open_for_sub_manager(arg = nil) + if arg + key = arg.shift + prepend_before_filter key[0] => key[1] {|f| f.open_for :sub_manager} + else + prepend_before_filter {|f| f.open_for :sub_manager} + end + end + + def open_for_approver(arg = nil) + if arg + key = arg.shift + prepend_before_filter key[0] => key[1] {|f| f.open_for :approver} + else + prepend_before_filter {|f| f.open_for :approver} + end + end + + def open_for_visitor(arg = nil) + if arg + key = arg.shift + prepend_before_filter key[0] => key[1] {|f| f.open_for :visitor} + else + prepend_before_filter {|f| f.open_for :visitor} + end + end + end - private - - def can_use - unless @override_can_use - check_backend_openness if @public - setup_vars - set_current_user - unless @public + module InstanceMethods + protected + def can_use + if @user_type + @user_type.each do |user_type| + open = false + visitor = false + case user_type + when :admin + open ||= check_admin + when :manager + open ||= check_manager + when :sub_manager + open ||= check_sub_manager + when :approver + open ||= check_sub_manager + when :visitor + open ||= true + visitor ||= true + end + check_backend_openness if visitor + setup_vars + set_current_user + authenticate_user! unless visitor + redirect_to root_url unless open + end + else + setup_vars + set_current_user authenticate_user! check_user_can_use end end - end - def set_public - @public = true - end + def check_admin + current_or_guest_user.admin? + end - def check_user_can_use - unless current_or_guest_user.admin? || @module_app.is_manager?(current_or_guest_user) || @module_app.is_sub_manager?(current_or_guest_user) || @module_app.can_approve?(current_or_guest_user) - redirect_to root_url + def check_manager + check_admin || @module_app.is_manager?(current_or_guest_user) + end + + def check_sub_manager + check_admin || check_manager || @module_app.is_sub_manager?(current_or_guest_user) + end + + def check_approver + check_admin || check_manager || @module_app.can_approve?(current_or_guest_user) + end + + def open_for(var) + @user_type ||= [] + @user_type << var + end + + def check_user_can_use + unless current_or_guest_user.admin? || @module_app.is_manager?(current_or_guest_user) || @module_app.is_sub_manager?(current_or_guest_user) || @module_app.can_approve?(current_or_guest_user) + redirect_to root_url + end + end + + def setup_vars + @app_title ||= controller_path.split('/')[1].singularize + @module_app ||= ModuleApp.first(conditions: {:key => @app_title} ) + # raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil? end end end diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb index 5d11350dc..7a90af22f 100644 --- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb +++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb @@ -3,7 +3,7 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController before_filter :clean_values, :only => [:create, :update] - prepend_before_filter :set_public, :only => [:index, :show, :get_sorted_and_filtered_bulletins] + open_for_visitor :only => [:index, :show, :get_sorted_and_filtered_bulletins] before_filter :only => [ :new, :create, :edit, :update ] do |controller| @categories = get_categories_for_form