First version of app and object auth for web_resource module. Basic fund is ok. backend need to be secued

app/controllers/orbit_backend_controller.rb

@@ -1,6 +1,8 @@
 class OrbitBackendController< ApplicationController
   before_filter :force_order,:except => [:public]
   before_filter :setup_vars
+  before_filter :set_current_user
+
  # before_filter {|c| c.front_end_available(@app_title)}
   # before_filter :check_user_can_use
   include OrbitCoreLib::PermissionUnility

app/helpers/admin/ad_banner_helper.rb

@@ -16,8 +16,8 @@ module Admin::AdBannerHelper
     end
 
     def show_ad_banner_permission_link(ad_banner)
-    type = 'edit'
+      type = 'edit'
-    oa = ad_banner.get_object_auth_by_title(type)
+      oa = ad_banner.get_object_auth_by_title(type)
     if oa.nil?
       ad_banner.object_auths.new(title: type ).save
       oa = ad_banner.get_object_auth_by_title(type)
@@ -26,8 +26,6 @@ module Admin::AdBannerHelper
      link_to t('admin.ad.cate_auth'),admin_object_auth_ob_auth_path(oa),:class => "btn btn-warning"
   end
 
-    def at_least_module_manager
+
-      is_manager? || is_admin? 
-    end
 
 end

app/helpers/admin/web_link_helper.rb

@@ -0,0 +1,11 @@
+module Admin::WebLinkHelper
+    def show_web_link_permission_link(web_link)
+      type = 'edit'
+      oa = web_link.get_object_auth_by_title(type)
+    if oa.nil?
+      web_link.object_auths.new(title: type ).save
+      oa = web_link.get_object_auth_by_title(type)
+    end
+     link_to t('admin.web_link.cate_auth'),admin_object_auth_ob_auth_path(oa)
+  end
+end

app/helpers/application_helper.rb

@@ -196,4 +196,8 @@ module ApplicationHelper
     display_visitors(created_at: {'$gte' => Date.today.beginning_of_year, '$lte' => Date.today.end_of_year})
   end
 
+  def at_least_module_manager
+    is_manager? || is_admin? 
+  end
+
 end

app/models/object_auth.rb

@@ -11,9 +11,7 @@ class ObjectAuth  < PrototypeAuth
   end
 
   def check_user_has_app_auth
-debugger
+    sub_managing_users = auth_obj.app_auth.sub_managing_users rescue []
-    a=1
-    sub_managing_users = auth_obj.app_auth.sub_managing_users
     app_auth =  auth_obj.app_auth
     self.auth_users.each do |auth_user|
       if !sub_managing_users.include? auth_user && !auth_user.admin?

app/views/admin/ad_banners/_ad_banner_tab.html.erb

@@ -15,7 +15,7 @@
 <% end -%>
 		<h3><%= t("admin.ad.picture_list")%></h3>
 		<div class="adbanner-list">
-			<%if  at_least_module_manager || sub_manager?(ad_banner_tab)%>
+			<%if  (at_least_module_manager || ad_banner_tab.cur_user_is_sub_manager_of(:edit) )%>
 				<%=  content_tag :div ,:class=>'adbanner-action' do%>
 					<%= link_to t("admin.ad.new_image"),new_admin_ad_banner_ad_image_path(ad_banner_tab) ,:class => "btn btn-primary"%>
 					<%= link_to t("modal.preview"), admin_realtime_preview_ad_banner_path(ad_banner_tab.id) , :class=>'preview_trigger btn btn-success'%>

app/views/layouts/_side_bar.html.erb

@@ -54,17 +54,18 @@
 		<%#= content_tag :li, link_to(t('admin.ad.all_banners'), admin_ad_banners_path), :class => active_for_action('ad_banners', 'index') %>
 		<%#= content_tag :li, link_to(t('admin.ad.new_banner'), new_admin_ad_banner_path), :class => active_for_action('ad_banners', 'new') %>
 		<%#= content_tag :li, link_to(t('admin.ad.new_image'), new_ad_image_admin_ad_banners_path), :class => active_for_action('ad_images', 'new') %>
-				<%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "ad_banners"}))), :class => active_for_app_auth('ad_banners')  if (is_admin? rescue nil) %>
+	<%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "ad_banners"}))), :class => active_for_app_auth('ad_banners')  if (is_admin? rescue nil) %>
 	<% end -%>
 <% end %>
 
-<%= content_tag :li, :class => active_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys') do -%>
+<%= content_tag :li, :class => active_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys') || active_for_app_auth('web_resource') do -%>
 	<%= link_to content_tag(:i, nil, :class => 'icons-link') + t('admin.link'), panel_web_resource_back_end_web_links_path %>
 	<%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys')) do -%>
 		<%= content_tag :li, link_to(t('admin.all_articles'), panel_web_resource_back_end_web_links_path), :class => active_for_action('web_links', 'index') %>
 		<%= content_tag :li, link_to(t('announcement.add_new'), new_panel_web_resource_back_end_web_link_path), :class => active_for_action('web_links', 'new') %>
 		<%= content_tag :li, link_to(t('announcement.categories'), panel_web_resource_back_end_web_link_categorys_path), :class => active_for_action('web_link_categorys', 'index') %>
 		<%= content_tag :li, link_to(t('announcement.tags'), panel_web_resource_back_end_tags_path), :class => active_for_action('/panel/web_resource/back_end/tags', 'index') %>
+		<%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "web_resource"}))), :class => active_for_app_auth('web_resource')  if (is_admin? rescue nil) %>
 	<% end -%>
 <% end -%>
 
@@ -75,4 +76,4 @@
 		<%= content_tag :li, link_to(t('admin.categories'), admin_asset_categories_path), :class => active_for_action('asset_categories', 'index') %>
 		<%= content_tag :li, link_to(t('admin.tags'), admin_asset_tags_path), :class => active_for_action('/admin/asset_tags', 'index') %>
 	<% end -%>
-<% end -%>
+<% end -%>

lib/orbit_core_lib.rb

@@ -19,6 +19,10 @@ module  OrbitCoreLib
         
     end
     
+    def cur_user_is_sub_manager_of(title)
+       authed_users(title).include?(User.current)
+    end 
+
     def app_auth
        ModuleApp.first(conditions: {:title => self.class::APP_NAME} )
     end

vendor/built_in_modules/web_resource/app/controllers/panel/web_resource/back_end/web_links_controller.rb

@@ -1,7 +1,7 @@
 class Panel::WebResource::BackEnd::WebLinksController < OrbitBackendController
-  
   before_filter :authenticate_user!
-  before_filter :is_admin?
+  # before_filter :for_app_manager,:except => [:index,:show] 
+  # before_filter :for_app_sub_manager
 
   def index
   

vendor/built_in_modules/web_resource/app/models/web_link_category.rb

@@ -3,12 +3,21 @@
 class WebLinkCategory
   include Mongoid::Document
   include Mongoid::Timestamps
+  include OrbitCoreLib::ObjectAuthable
+
   # include Mongoid::MultiParameterAttributes
-  
+  AfterObjectAuthUrl = '/panel/page_content/back_end/page_contexts'
+  APP_NAME = 'web_resource'
+  ObjectAuthTitlesOptions = %W{edit}
+
   field :key
   
   has_one :i18n_variable, :as => :language_value, :autosave => true, :dependent => :destroy
   
   has_many :web_links
   
+  def pp_object
+    i18n_variable[I18n.locale]
+  end
+
 end

vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_link_categorys/_web_link_category.html.erb

@@ -3,12 +3,15 @@
 	<tr id="<%= dom_id web_link_category %>" class="with_action">
 		<td>
 			<%= web_link_category.key %>
-			<div class="quick-edit">
+			<%if at_least_module_manager %>
-				<ul class="nav nav-pills hide">
+				<div class="quick-edit">
-					<li><%= link_to t('web_link_category.edit'), edit_panel_web_resource_back_end_web_link_category_path(web_link_category), :remote => true %></li>
+					<ul class="nav nav-pills hide">
-					<li><%= link_to t('web_link_category.delete'), panel_web_resource_back_end_web_link_category_path(web_link_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
+						<li><%= link_to t('web_link_category.edit'), edit_panel_web_resource_back_end_web_link_category_path(web_link_category), :remote => true %></li>
-				</ul>
+						<li><%= link_to t('web_link_category.delete'), panel_web_resource_back_end_web_link_category_path(web_link_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
-			</div>
+						<li><%= show_web_link_permission_link web_link_category %></li>
+					</ul>
+				</div>
+			<% end -%>
 		</td>
 		<% @site_valid_locales.each do |locale| %>
 		<td><%= web_link_category.i18n_variable[locale] rescue nil %></td>

vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_link_categorys/index.html.erb

@@ -34,6 +34,6 @@
 	</tbody>
 </table>
 
-<div id="form"><%= render :partial => "form" %></div>
+<div id="form"><%= render :partial => "form"  if at_least_module_manager%></div>
 
 

vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_links/_web_link.html.erb

@@ -24,8 +24,10 @@
 	<%= link_to web_link.name[I18n.locale], panel_web_resource_back_end_web_link_path(web_link) %>
 	<div class="quick-edit">
 		<ul class="nav nav-pills hide">
+			<%if at_least_module_manager || web_link.web_link_category.cur_user_is_sub_manager_of(:edit)%>
 			<li><%= link_to t('web_link.edit'), edit_panel_web_resource_back_end_web_link_path(web_link) %></li>
 			<li><%= link_to t('web_link.delete'), panel_web_resource_back_end_web_link_path(web_link), :confirm => t('sure?'), :method => :delete, :remote => true %></li>
+			<% end -%>
 		</ul>
 	</div>
 	</td>