Object Auth. Now object can be included with "include OrbitCoreLib::ObjectAuthable" to use kernel method,such as

1.Object.authed_for_user(user,title_of_object_auth).  title_of_object_auth is optional
2.object.authed_users(user,title_of_object_auth) .  title_of_object_auth is optional
if title_of_object_auth is not given,then it will return calculation across all possiblity.
This commit is contained in:
Matthew Kaito Juyuan Fu 2012-02-09 17:48:51 +08:00
parent 3a8dbd6af4
commit 31d7cd5b38
7 changed files with 96 additions and 52 deletions

View File

@ -19,47 +19,44 @@ class Admin::ObjectAuthsController < ApplicationController
# end # end
end end
def create def create_role
# app_auth = AppAuth.find_or_create_by(module_app_id: params[:module_app_id]) object_auth = ObjectAuth.find(params[:id])
# params[:new].each do |item| params[:new].each do |item|
# field = item[0] field = item[0]
# field_value = item[1] field_value = item[1]
# if field_value!='' if field_value!=''
# case field case field
# when 'role' when 'role'
# app_auth.send("add_#{field}",(Role.find field_value)) rescue nil object_auth.send("add_#{field}",(Role.find field_value)) rescue nil
# when 'sub_role' when 'sub_role'
# app_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil object_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil
# when 'privilege_user' when 'privilege_user'
# app_auth.add_user_to_privilege_list (User.find field_value) rescue nil object_auth.add_user_to_privilege_list (User.find field_value) rescue nil
# when 'blocked_user' when 'blocked_user'
# app_auth.add_user_to_black_list (User.find field_value) rescue nil object_auth.add_user_to_black_list (User.find field_value) rescue nil
# end end
# end end
# end end
# app = ModuleApp.find params[:module_app_id] rescue nil redirect_to edit_admin_object_auth_path(object_auth)
# redirect_to edit_admin_module_app_path(app) end
end
def remove def remove_role
# app_auth = AppAuth.find( params[:id] ) object_auth = ObjectAuth.find(params[:id])
# type = params[:type] type = params[:type]
# field_value = params[:target_id] field_value = params[:target_id]
# if field_value!='' if field_value!=''
# case type case type
# when 'role' when 'role'
# app_auth.remove_role(Role.find field_value) rescue nil object_auth.remove_role(Role.find field_value) rescue nil
# when 'sub_role' when 'sub_role'
# app_auth.remove_sub_role(SubRole.find field_value) rescue nil object_auth.remove_sub_role(SubRole.find field_value) rescue nil
# when 'privilege_user' when 'privilege_user'
# app_auth.remove_user_from_privilege_list (User.find field_value) rescue nil object_auth.remove_user_from_privilege_list (User.find field_value) rescue nil
# when 'blocked_user' when 'blocked_user'
# app_auth.remove_user_from_black_list (User.find field_value) rescue nil object_auth.remove_user_from_black_list (User.find field_value) rescue nil
# end end
# end end
# redirect_to edit_admin_object_auth_path(object_auth)
# app = ModuleApp.find params[:module_app_id] rescue nil
# redirect_to edit_admin_module_app_path(app)
end end
def edit def edit

View File

@ -1,8 +1,6 @@
<div id="user_role_management"> <div id="user_role_management">
<%#= debugger %>
<h1>User Role</h1> <h1>User Role</h1>
<%= debugger %> <%= form_tag(submit_url) do %>
<%= form_tag(polymorphic_path([controller_path.split('/')[0],object,auth.class.name.underscore]),:method => :post) do %>
<%= collection_select(:new,:role, Role.all, :id, :key, :prompt => true) %> <%= collection_select(:new,:role, Role.all, :id, :key, :prompt => true) %>
<%= submit_tag 'Add Role' %><br/> <%= submit_tag 'Add Role' %><br/>
<%= collection_select(:new,:sub_role, SubRole.all, :id, :key, :prompt => true) %> <%= collection_select(:new,:sub_role, SubRole.all, :id, :key, :prompt => true) %>
@ -16,19 +14,19 @@
<% unless auth.nil? %> <% unless auth.nil? %>
<% auth.roles.each do |role| %> <% auth.roles.each do |role| %>
<li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %> <li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %>
<%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'role',:target_id=>role.id),:method => :delete %></li> <%= link_to '[X]',polymorphic_path(ploy_route_ary,:type=>'role',:target_id=>role.id),:method => :delete %></li>
<% end %> <% end %>
<ul>Sub Roles </ul> <ul>Sub Roles </ul>
<% auth.sub_roles.each do |role| %> <% auth.sub_roles.each do |role| %>
<li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %> </li><%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'sub_role',:target_id=>role.id),:method => :delete %> <li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %> </li><%= link_to '[X]',polymorphic_path(ploy_route_ary,:type=>'sub_role',:target_id=>role.id),:method => :delete %>
<% end %> <% end %>
<ul>PrivilegeList </ul> <ul>PrivilegeList </ul>
<% auth.privilege_users.each do |user| %> <% auth.privilege_users.each do |user| %>
<li> <%= user.name %> <%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'privilege_user',:target_id=>user.id),:method => :delete %> </li> <li> <%= user.name %> <%= link_to '[X]',polymorphic_path(ploy_route_ary,:type=>'privilege_user',:target_id=>user.id),:method => :delete %> </li>
<% end %> <% end %>
<ul>BlockedList </ul> <ul>BlockedList </ul>
<% auth.blocked_users.each do |user| %> <% auth.blocked_users.each do |user| %>
<li> <%= user.name %><%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'blocked_user',:target_id=>user.id),:method => :delete %> </li> <li> <%= user.name %><%= link_to '[X]',polymorphic_path(ploy_route_ary,:type=>'blocked_user',:target_id=>user.id),:method => :delete %> </li>
<% end %> <% end %>
<% end %> <% end %>
</div> </div>

View File

@ -36,5 +36,5 @@
</dd> </dd>
</dl> </dl>
</div> </div>
<%= render :partial => "admin/components/user_role_management", :locals => { :object => @module_app ,:auth=> @module_app.app_auth } %> <%= render :partial => "admin/components/user_role_management", :locals => { :object => @module_app ,:auth=> @module_app.app_auth ,:submit_url=> admin_module_app_app_auths_path(@module_app),:ploy_route_ary=>['remove',:admin,@module_app,@module_app.app_auth] } %>

View File

@ -8,6 +8,7 @@
<!-- Remove if CSS done--> <!-- Remove if CSS done-->
<h3><%= @object_auth.title %></h3> <h3><%= @object_auth.title %></h3>
<%= render :partial => "admin/components/user_role_management", :locals => { :object => @object_auth.auth_obj ,:auth=> @object_auth } %> <%= render :partial => "admin/components/user_role_management", :locals => {
:object => @object_auth.auth_obj ,:auth=>@object_auth,:submit_url=>create_role_admin_object_auth_path(@object_auth),:ploy_route_ary=>['remove',:admin,@object_auth] } %>

View File

@ -13,7 +13,12 @@ PrototypeR4::Application.routes.draw do
namespace :admin do namespace :admin do
resources :assets resources :assets
resources :app_auths resources :app_auths
resources :object_auths resources :object_auths do
member do
match ':id/create_role',:action => 'create_role',:iia => "post",:as => :create_role
match 'remove/:type/:target_id' ,:action=> 'remove_role',:via => "delete",:as =>:remove
end
end
resources :ad_banners resources :ad_banners
resources :designs do resources :designs do

42
lib/orbit_core_lib.rb Normal file
View File

@ -0,0 +1,42 @@
module OrbitCoreLib
module ObjectAuthable
def self.included(base)
base.instance_eval("has_many :object_auths,as: :obj_authable,dependent: :delete")
base.define_singleton_method :authed_for_user do |user,title = nil|
sub_role_ids_ary=user.sub_roles.collect{|t| t.id}
if title.nil?
auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s)
else
auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s,title: title)
end
query1 = auth_object_space.any_in({sub_role_ids: sub_role_ids_ary}).excludes(blocked_user_ids: user.id)
query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id},{role_ids: user.role.id}).excludes(blocked_user_ids: user.id)
result = (query1 + query2).uniq
result.collect{|t| t.obj_authable}
end
end
def authed_users(title=nil)
users = []
unless title.nil?
users = self.object_auths.where(title: title )[0].auth_users_after_block_list rescue []
else
users = self.object_auths.collect{|t| t.auth_users_after_block_list} rescue []
users.flatten!.uniq!
end
users
end
def tell_me_class
self.class.name
end
def search_object_db
ObjectAuth.where(obj_authable_type: self.class.name)
end
end
end

View File

@ -1,9 +1,10 @@
class Post class Post
include Mongoid::Document include Mongoid::Document
include Mongoid::Timestamps include Mongoid::Timestamps
include OrbitCoreLib::ObjectAuthable
field :title, :type => String field :title, :type => String
field :body, :type => String field :body, :type => String
embeds_many :comments embeds_many :comments
validates_presence_of :title, :body validates_presence_of :title, :body
has_one :object_auth,as: :obj_authable,dependent: :delete
end end