fix bugs with token

2012-02-16 13:57:28 +08:00 · 2012-02-16 13:57:28 +08:00 · 2e58c63ff7
parent cc550c5745
commit 2e58c63ff7
8 changed files with 31 additions and 12 deletions
--- a/app/controllers/orbit_backend_controller.rb
+++ b/app/controllers/orbit_backend_controller.rb
@ -10,7 +10,6 @@ class OrbitBackendController< ApplicationController
  def setup_vars
    @app_title = request.fullpath.split('/')[2]
    @module_app = ModuleApp.first(conditions: {:key => @app_title} )
-    
  end
  
  private
--- a/app/models/module_app.rb
+++ b/app/models/module_app.rb
@ -1,6 +1,7 @@
 class ModuleApp
  include Mongoid::Document
  include Mongoid::Timestamps
+  include OrbitCoreLib::ObjectTokenUnility

  field :key
 	field :title
@ -14,7 +15,7 @@ class ModuleApp
  
  field :app_pages ,type: Array
  field :widgets ,type: Array
-  
+    
  has_many :managers,as: :managing_app ,:class_name => "AppManager" #,:dependent => :destroy,:foreign_key => "managing_app_id",:inverse_of => :managing_app
  has_many :sub_managers,as: :sub_managing_app ,:class_name => "AppManager"#, :dependent => :destroy,:foreign_key => "sub_managing_app_id",:inverse_of => :sub_managing_app
  
@ -81,5 +82,6 @@ class ModuleApp
  def set_key
    self.key = self.title.underscore if self.title
  end
+
  
 end
--- a/app/models/object_auth.rb
+++ b/app/models/object_auth.rb
@ -1,5 +1,5 @@
 class ObjectAuth  < PrototypeAuth
-
+  include OrbitCoreLib::ObjectTokenUnility
  belongs_to :obj_authable, polymorphic: true
  # > - Something.find_with_auth(query)
  # > - or Something.find(query).auth
--- a/app/models/prototype_auth.rb
+++ b/app/models/prototype_auth.rb
@ -4,7 +4,6 @@ class PrototypeAuth
 # after_save :update_block_list,:update_privilage_list
  
  field :title
-  field :token
  field :all ,type: Boolean,default: false
  
  belongs_to :users
@ -12,12 +11,13 @@ class PrototypeAuth
  has_and_belongs_to_many :blocked_users,  :inverse_of => nil, :class_name => "User"
  has_and_belongs_to_many :privilege_users,  :inverse_of => nil, :class_name => "User"

-
  has_and_belongs_to_many :roles
  has_and_belongs_to_many :sub_roles
  
  attr_protected :roles,:sub_roles,:privilege_users,:blocked_users

+
+
  def add_role role
    add_operation(:roles,role)
  end
@ -87,7 +87,6 @@ class PrototypeAuth
    auth_users_before_block_list - self.blocked_users
  end
  
- # protected
  

 end
--- a/app/views/admin/components/_user_role_management.html.erb
+++ b/app/views/admin/components/_user_role_management.html.erb
@ -1,5 +1,7 @@
 <div id="user_role_management">
 	<h1>User Role</h1>
+	All User
+
 	<%= form_tag(submit_url) do %>
 		<%= collection_select(:new,:role, Role.all, :id, :key, :prompt => true) %>
 		<%= submit_tag 'Add Role' %><br/>
@ -10,7 +12,6 @@
 		<%= collection_select(:new,:blocked_user, User.all, :id, :name, :prompt => true) %>
 		<%= submit_tag 'Add BlockedList' %><br/>
 	<% end %>
-	<ul>Roles </ul>
 	<% unless auth.nil? %>
 		<% auth.roles.each do |role| %>
 			<li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %>
--- a/config/routes.rb
+++ b/config/routes.rb
@ -16,7 +16,7 @@ PrototypeR4::Application.routes.draw do
    resources :app_auths 
    resources :object_auths  do
      collection do
-        match 'new/:type/:obj_id/:module_app_id',:action => 'new',:via => "get",:as => :init
+        match 'new/:type/:obj_id',:action => 'new',:via => "get",:as => :init
      end
      member do
        match ':id/create_role',:action => 'create_role',:via => "post",:as => :create_role
--- a/lib/orbit_core_lib.rb
+++ b/lib/orbit_core_lib.rb
@ -31,12 +31,28 @@ module  OrbitCoreLib
    end
    
  end
+  module  ObjectTokenUnility
+    def self.included(base)
+      base.instance_eval("field :s_token")
+      base.instance_eval("after_create :generate_token")
+    end
+    
+    def token
+      return self.s_token
+    end
+    
+    protected
+     def generate_token
+       self.s_token = ActiveSupport::SecureRandom.hex(16)
+       self.save!
+     end
+  end
  
  module PermissionUnility
  private
    def check_permission(type = :use)
      permission_grant =  current_user.admin?? true : false
-      module_app = @module_app.nil?? ModuleApp.find(params[:module_app_id]) : @module_app
+      module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app
      unless permission_grant
        permission_grant = case type
        when :use
@ -51,6 +67,8 @@ module  OrbitCoreLib
      end
      permission_grant
    end
-    
+    def find_module_app_by_token(token)
+      ModuleApp.first(conditions: {s_token: token})
+    end
  end
 end
--- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb
+++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb
@ -7,9 +7,9 @@
 	<td><%= bulletin_category.display %></td>
 	<% if is_manager? %>
 		<td>
-		<%= link_to t('blog.new_auth'), init_admin_object_auths_path("BulletinCategory",bulletin_category,@module_app) %>  <br/ >
+		<%= link_to t('blog.new_auth'), init_admin_object_auths_path("BulletinCategory",bulletin_category,:token => @module_app.token) %>  <br/ >
 		<% bulletin_category.object_auths.each do |obj_auth| %>
-			 <%= link_to obj_auth.title,edit_admin_object_auth_url(obj_auth)  %><br />
+			 <%= link_to obj_auth.title,edit_admin_object_auth_url(obj_auth,:token => @module_app.token)  %><br />
 		<% end %>
 		</td>
 		<td>