Merge branch 'master' into ldap

2012-03-20 14:27:04 +08:00 · 2012-03-20 14:27:04 +08:00 · 5fcd3cd783
parent 49ece7be6a e953344965
commit 5fcd3cd783
2 changed files with 14 additions and 4 deletions
--- a/app/controllers/admin/object_auths_controller.rb
+++ b/app/controllers/admin/object_auths_controller.rb
@ -1,8 +1,7 @@
 class Admin::ObjectAuthsController < ApplicationController
  include OrbitCoreLib::PermissionUnility
  layout "admin"
-  before_filter :authenticate_user!
-  before_filter :check_if_user_can_do_object_auth
+  before_filter :force_order
 #  before_filter :is_admin? ,:only => :index
  

@ -84,6 +83,12 @@ class Admin::ObjectAuthsController < ApplicationController
  end

 private
+
+  def force_order
+    authenticate_user!
+    check_if_user_can_do_object_auth
+  end
+
  def check_if_user_can_do_object_auth
    unless  check_permission(:manager)
      render :nothing => true, :status => 403 
--- a/app/controllers/orbit_backend_controller.rb
+++ b/app/controllers/orbit_backend_controller.rb
@ -1,8 +1,8 @@
 class OrbitBackendController< ApplicationController
-  before_filter :authenticate_user!
+  before_filter :force_order,:except => [:public]
  before_filter :setup_vars
 # before_filter {|c| c.front_end_available(@app_title)}
-  before_filter :check_user_can_use,:except => [:public]
+  # before_filter :check_user_can_use
  include OrbitCoreLib::PermissionUnility
  include AdminHelper
  
@ -15,6 +15,11 @@ class OrbitBackendController< ApplicationController
  
  private
  
+  def force_order
+    authenticate_user!
+    check_user_can_use
+  end
+
  def check_user_can_use 
    unless check_permission
      redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])