From 03387d3c0772d5055b164b6ede13194512842711 Mon Sep 17 00:00:00 2001
From: "Matthew K. Fu JuYuan" <matthewfu@gmail.com>
Date: Tue, 15 May 2012 16:39:23 +0800
Subject: [PATCH] Object auth for ad_banner

---
 .../admin/ad_banners_controller.rb            |  3 ++-
 .../module_apps_new_interface_controller.rb   |  3 ++-
 app/helpers/admin/ad_banner_helper.rb         | 11 +++++++++--
 app/models/object_auth.rb                     |  2 ++
 .../admin/ad_banners/_ad_banner_tab.html.erb  | 19 +++++++++++--------
 .../ad_banners/_ad_image_update.html.erb      | 10 ++++++----
 config/locales/en.yml                         |  1 +
 config/locales/zh_tw.yml                      |  1 +
 8 files changed, 34 insertions(+), 16 deletions(-)

diff --git a/app/controllers/admin/ad_banners_controller.rb b/app/controllers/admin/ad_banners_controller.rb
index 47d3d355..3457c4de 100644
--- a/app/controllers/admin/ad_banners_controller.rb
+++ b/app/controllers/admin/ad_banners_controller.rb
@@ -1,7 +1,8 @@
 class Admin::AdBannersController < OrbitBackendController
   layout "new_admin"
   before_filter :authenticate_user!
-  before_filter :for_app_manager
+  before_filter :for_app_manager,:except => [:index,:show] 
+  before_filter :for_app_sub_manager
 
   def destroy
     @ad_banner = AdBanner.find(params[:id])
diff --git a/app/controllers/admin/module_apps_new_interface_controller.rb b/app/controllers/admin/module_apps_new_interface_controller.rb
index 52292588..83aa0d79 100644
--- a/app/controllers/admin/module_apps_new_interface_controller.rb
+++ b/app/controllers/admin/module_apps_new_interface_controller.rb
@@ -37,8 +37,9 @@ class Admin::ModuleAppsNewInterfaceController < ApplicationController
 
   protected
   def update_setting_by_params
+    user_sat = []
     ma = ModuleApp.find params[:module_app][:id]
-    user_sat = User.find params[:users].keys
+    user_sat = User.find params[:users].keys if params.has_key? :users
     users_to_new = user_sat - ma.managing_users
     users_to_remove = ma.managing_users - user_sat
 
diff --git a/app/helpers/admin/ad_banner_helper.rb b/app/helpers/admin/ad_banner_helper.rb
index f21c5e73..bfebc1b9 100644
--- a/app/helpers/admin/ad_banner_helper.rb
+++ b/app/helpers/admin/ad_banner_helper.rb
@@ -11,7 +11,10 @@ module Admin::AdBannerHelper
           
       printable_ad_images.shuffle!
  end
-  
+    def sub_manager?(ad_banner)
+      ad_banner.authed_users(:edit).include?(current_user)
+    end
+
     def show_ad_banner_permission_link(ad_banner)
     type = 'edit'
     oa = ad_banner.get_object_auth_by_title(type)
@@ -20,7 +23,11 @@ module Admin::AdBannerHelper
       oa = ad_banner.get_object_auth_by_title(type)
     end
 #    link_to t('announcement.bulletin.cate_auth'), edit_admin_object_auth_path(oa)
-     link_to t('admin.ad.cate_auth'),admin_object_auth_ob_auth_path(oa)
+     link_to t('admin.ad.cate_auth'),admin_object_auth_ob_auth_path(oa),:class => "btn btn-warning"
   end
 
+    def at_least_module_manager
+      is_manager? || is_admin? 
+    end
+
 end
\ No newline at end of file
diff --git a/app/models/object_auth.rb b/app/models/object_auth.rb
index d1c1c673..0ac3de41 100644
--- a/app/models/object_auth.rb
+++ b/app/models/object_auth.rb
@@ -11,6 +11,8 @@ class ObjectAuth  < PrototypeAuth
   end
 
   def check_user_has_app_auth
+debugger
+    a=1
     sub_managing_users = auth_obj.app_auth.sub_managing_users
     app_auth =  auth_obj.app_auth
     self.auth_users.each do |auth_user|
diff --git a/app/views/admin/ad_banners/_ad_banner_tab.html.erb b/app/views/admin/ad_banners/_ad_banner_tab.html.erb
index 7074717f..a9e07ec2 100644
--- a/app/views/admin/ad_banners/_ad_banner_tab.html.erb
+++ b/app/views/admin/ad_banners/_ad_banner_tab.html.erb
@@ -1,5 +1,5 @@
 <div class="tab-pane fade <%= "active in" if ad_banner_tab==@active%>" id=<%= ad_banner_tab.title.dehumanize %>>
-
+<% if at_least_module_manager || sub_manager?(ad_banner_tab)%>
 	<%= form_for ad_banner_tab,:url=> admin_ad_banner_path(ad_banner_tab),:method => :put,:class=>"input-medium" do |f| -%>
 		<div class="adbanner-setup well">
 			<!--<p><%#= t("admin.ad.banner_best_size") %>：</p>-->
@@ -11,20 +11,23 @@
 			<%= f.submit t("admin.ad.update_banner"), :class => 'btn' %>
 			<%= f.submit t("cancel"),:type=>'reset', :class => 'btn'  %>
 		</div>
-		<h3>圖片列表</h3>
+	<% end -%>
+<% end -%>
+		<h3><%= t("admin.ad.picture_list")%></h3>
 		<div class="adbanner-list">
-			<div class="adbanner-action">
-				<%= link_to t("admin.ad.new_image"),new_admin_ad_banner_ad_image_path(ad_banner_tab) ,:class => "btn btn-primary"%>
-				<%= link_to t("modal.preview"), admin_realtime_preview_ad_banner_path(ad_banner_tab.id) , :class=>'preview_trigger btn btn-success'%>
-			</div>
+			<%if  at_least_module_manager || sub_manager?(ad_banner_tab)%>
+				<%=  content_tag :div ,:class=>'adbanner-action' do%>
+					<%= link_to t("admin.ad.new_image"),new_admin_ad_banner_ad_image_path(ad_banner_tab) ,:class => "btn btn-primary"%>
+					<%= link_to t("modal.preview"), admin_realtime_preview_ad_banner_path(ad_banner_tab.id) , :class=>'preview_trigger btn btn-success'%>
+				<% end -%>
+			<% end -%>
 			<ul class="clear">
 				<%= render :partial => "ad_image_update", :collection => ad_banner_tab.ad_images,:as => :ad_image,:locals=>{:ad_banner => ad_banner_tab}  %>
 			</ul>
-			 <% if is_manager? || is_admin? %>
+			 <% if at_least_module_manager  %>
 				<%= show_ad_banner_permission_link ad_banner_tab%>
 			<% end -%>
 			<%#= render :partial => 'new_add_banner_file', :object => ad_banner_tab.ad_images.build, :locals => { :field_name => "new_ad_images[]", :f => f, :classes => "r_destroy" } %>
 		</div>
-	<% end -%>
 	<%#= render :partial => 'preview_block',:locals=> {:ad_banner =>ad_banner_tab} %> 
 </div>
diff --git a/app/views/admin/ad_banners/_ad_image_update.html.erb b/app/views/admin/ad_banners/_ad_image_update.html.erb
index c055a8c9..0b4277a0 100644
--- a/app/views/admin/ad_banners/_ad_image_update.html.erb
+++ b/app/views/admin/ad_banners/_ad_image_update.html.erb
@@ -4,8 +4,10 @@
 				<%= ad_image.display? ? "[#{t('admin.ad.showing')}]" : "[#{t('admin.ad.not_showing')}]" %>
 				<%= "#{ad_image.post_date ||'NeedReset'  }~#{ad_image.unpost_date || 'NeedReset'}" %>
 			</p>
-			<p>
-				<%= link_to	t('edit'),edit_admin_ad_banner_ad_image_path(ad_banner,ad_image),:class => 'btn btn-primary'  %>
-				<%= link_to	t('delete'),admin_ad_banner_ad_image_path(ad_banner,ad_image),:class => 'btn',:method => :delete,:confirm => t('sure?') %>
-			</p>
+                  <%if at_least_module_manager || sub_manager?(ad_image.ad_banner) %>
+      			<p>
+	       			<%= link_to	t('edit'),edit_admin_ad_banner_ad_image_path(ad_banner,ad_image),:class => 'btn  btn-primary'  %>
+			       	<%= link_to	t('delete'),admin_ad_banner_ad_image_path(ad_banner,ad_image),:class => 'btn',:method => :delete,:confirm => t('sure?') %>
+			     </p>
+                  <% end -%>
 </li>
\ No newline at end of file
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 908023d0..3fabb3ca 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -95,6 +95,7 @@ en:
       new_image: New image
       showing: Showing
       not_showing: NotShowing
+      picture_list: Picture List
       title: Title
       transition_sec: Transition time
       trans_unit_sec: sec
diff --git a/config/locales/zh_tw.yml b/config/locales/zh_tw.yml
index e5d2b4f0..3ad7ee1b 100644
--- a/config/locales/zh_tw.yml
+++ b/config/locales/zh_tw.yml
@@ -90,6 +90,7 @@ zh_tw:
       new_image: 新增橫幅
       showing: 顯示中
       not_showing: 沒有顯示
+      picture_list: 圖片列表
       title: 標題
       transition_sec: 轉場單位時間
       trans_unit_sec: 秒