class Admin::ObjectAuthsController < OrbitBackendController include OrbitCoreLib::PermissionUtility layout "new_admin" before_filter :force_order # before_filter :is_admin? ,:only => :index def index # if current_user.admin? @object_auths = ObjectAuth.all # else # @module_apps = current_user.managing_apps.collect{|t| t.managing_app} # end end def new obj = eval(params[:type]).find params[:obj_id] @object_auth=obj.object_auths.build @object_auth_title_option = eval(params[:type]+"::ObjectAuthTitlesOptions") respond_to do |format| format.html # new.html.erb format.xml { render :xml => @post } end end def create obj = eval(params[:object_auth][:type]).find params[:object_auth][:obj_id] @object_auth=obj.object_auths.build :title=> params[:object_auth][:title] if @object_auth.save redirect_to edit_admin_object_auth_path(@object_auth) else flash[:error] = t('object.a_object_must_have_only_one_object_auth_profile_for_each_action') redirect_to (:back) end end def create_role object_auth = ObjectAuth.find(params[:id]) auth_all = params[:auth_all] || false object_auth.update_attribute(:all,auth_all) new_array = params[:new] || [] new_array.each do |item| field = item[0] field_value = item[1] if field_value!='' case field when 'role' object_auth.send("add_#{field}",(Role.find field_value)) rescue nil when 'sub_role' object_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil when 'privilege_user' object_auth.add_user_to_privilege_list (User.find field_value) rescue nil when 'blocked_user' object_auth.add_user_to_black_list (User.find field_value) rescue nil end end end redirect_to edit_admin_object_auth_path(object_auth) end def remove_role object_auth = ObjectAuth.find(params[:id]) type = params[:type] field_value = params[:target_id] if field_value!='' case type when 'role' object_auth.remove_role(Role.find field_value) rescue nil when 'sub_role' object_auth.remove_sub_role(SubRole.find field_value) rescue nil when 'privilege_user' object_auth.remove_user_from_privilege_list (User.find field_value) rescue nil when 'blocked_user' object_auth.remove_user_from_black_list (User.find field_value) rescue nil end end redirect_to edit_admin_object_auth_path(object_auth) end def edit @object_auth = ObjectAuth.find(params[:id]) end private def force_order authenticate_user! check_if_user_can_do_object_auth end def check_if_user_can_do_object_auth unless check_permission(:manager) #render :nothing => true, :status => 403 redirect_to '/' end end end