default widgets and sidebar.

app/controllers/admin/object_auths_controller.rb

@@ -1,5 +1,5 @@
 class Admin::ObjectAuthsController < ApplicationController
-  include OrbitCoreLib::PermissionUnility
+  include OrbitCoreLib::PermissionUtility
   layout "new_admin"
   before_filter :force_order
 #  before_filter :is_admin? ,:only => :index

app/controllers/admin/object_auths_new_interface_controller.rb

@@ -1,5 +1,5 @@
 class Admin::ObjectAuthsNewInterfaceController < OrbitBackendController
-  include OrbitCoreLib::PermissionUnility
+  include OrbitCoreLib::PermissionUtility
   before_filter :force_order
 
   def set_module_app

app/controllers/admin/page_parts_controller.rb

@@ -28,27 +28,29 @@ class Admin::PagePartsController < ApplicationController
     @module_app = @part.module_app ? @part.module_app : @module_apps[0]
     @r_tag = @part.public_r_tag.blank? ? LIST[:public_r_tags][0] : @part.public_r_tag
     @tag_objects = @r_tag.classify.constantize.all rescue nil
-	
     @widget_path = @part.widget_path ? @part.widget_path : @module_app.widgets.keys[0]
+    @widget_style = @module_app.get_widget_style[@widget_path][:style] unless @widget_path.nil?
 
+    @categories = @module_app.get_registration.get_categories
+    @tags = @module_app.get_registration.get_tags
 	# if @module_app.widgets.any?{|b| b.class == Array}
  #      @widget_style =  @module_app.widgets[@widget_path] if !@widget_path.blank? && !@module_app.widgets.blank?
 	# end
 	
-      case @module_app.key
+      # case @module_app.key
-        when 'announcement'
+      #   when 'announcement'
-          @categories =  BulletinCategory.all
+      #     @categories =  BulletinCategory.all
-          @tags = AnnouncementTag.all
+      #     @tags = AnnouncementTag.all
-        when 'news'
+      #   when 'news'
-          @categories =  NewsBulletinCategory.all
+      #     @categories =  NewsBulletinCategory.all
-          @tags = NewsTag.all
+      #     @tags = NewsTag.all
-        when 'web_resource'
+      #   when 'web_resource'
-          @categories =  WebLinkCategory.all
+      #     @categories =  WebLinkCategory.all
-          @tags = WebResourceTag.all
+      #     @tags = WebResourceTag.all
-        when 'archive'
+      #   when 'archive'
-          @categories =  ArchiveFileCategory.all
+      #     @categories =  ArchiveFileCategory.all
-          @tags = ArchiveTag.all
+      #     @tags = ArchiveTag.all
-      end
+      # end
   end
 
   def create
@@ -95,7 +97,7 @@ class Admin::PagePartsController < ApplicationController
 	
     @widget_path = @module_app.widgets.keys[0] if ( @module_app.widgets[0].blank? )
 	
-    @widget_style =  @module_app.widgets[@widget_path] if ( !@widget_path.blank? )
+    @widget_style = @module_app.get_widget_style[@widget_path][:style] unless @widget_path.nil?
 
     case @module_app.key
       when 'announcement'
@@ -119,7 +121,8 @@ class Admin::PagePartsController < ApplicationController
   
   def reload_widget_styles
     @module_app = ModuleApp.find(params[:module_app_id])
-    @widget_style =  @module_app.widgets[params[:id]]
+    style_ary = @module_app.get_widget_style[params[:id]]
+    @widget_style = style_ary[:style] unless style_ary.nil?
 
     respond_to do |format|
       format.js  {}

app/controllers/default_widget_controller.rb

@@ -0,0 +1,43 @@
+class DefaultWidgetController< OrbitWidgetController
+
+  def front_end_available(var)
+    @page_part = PagePart.find params[:part_id]
+    @page_part.module_app.enable_frontend?
+  end
+
+  def default_widget
+    @tag_class = nil
+
+    @default_widget = @page_part.module_app.get_default_widget
+    @widget_image_field = @default_widget[:image]
+    data_limit = @page_part.widget_data_count.is_a?(Fixnum) ? @page_part.widget_data_count : (@page_part.widget_data_count.to_i rescue 3)
+    @data = eval(@default_widget[:query]).limit(data_limit).includes(@widget_image_field)
+    @fields = @page_part.widget_field
+
+    case params[:type]
+    when "typeA"
+      @tag_class = 'defulat_widget_typeA'
+      render "typeA"
+    when /typeB_/
+      @tag_class = "defulat_widget_#{params[:type]}"
+      render "typeB"
+    when "typeC"
+      @tag_class = 'defulat_widget_typeC'
+      render "typeC"
+    end
+    
+
+
+     #    {"inner"=>"true",
+     # "category_id"=>"false",
+     # "tag_id"=>"",
+     # "page"=>"",
+     # "search_query"=>"",
+     # "part_title"=>"",
+     # "part_id"=>"50ac426f83e75219d20000a7",
+     # "controller"=>"default_widget",
+     # "action"=>"default_widget",
+     # "type"=>"typeA"}
+  end
+
+end

app/controllers/orbit_backend_controller.rb

@@ -1,41 +1,11 @@
 class OrbitBackendController < ApplicationController
-  #before_filter :setup_vars
+  include OrbitCoreLib::AppBackendUtility
-  #before_filter :set_current_user
+  include OrbitCoreLib::PermissionUtility
-
- # before_filter {|c| c.front_end_available(@app_title)}
-  # before_filter :check_user_can_use
-  include OrbitCoreLib::PermissionUnility
   include AdminHelper
   include ApplicationHelper
   
   layout 'new_admin'
   
-  def setup_vars
-    @app_title ||= controller_path.split('/')[1].singularize
-    @module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
-  end
-
-  private
-
-  def force_order_for_visitor
-    setup_vars
-    set_current_user
-  end
-
-
-  def force_order_for_user
-    setup_vars
-    set_current_user    
-    authenticate_user!
-    check_user_can_use
-  end
-
-  def check_user_can_use 
-    unless check_permission
-      #redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
-      redirect_to root_url
-    end
-  end
 
   def get_sorted_and_filtered(object_class, query=nil)
     objects = get_objects(object_class, query)

app/controllers/orbit_frontend_controller.rb

@@ -1,3 +1,4 @@
 class OrbitFrontendController< OrbitFrontendComponentController
 
+
 end

app/controllers/orbit_widget_controller.rb

@@ -1,3 +1,4 @@
 class OrbitWidgetController< OrbitFrontendComponentController
 
+
 end

app/helpers/admin_helper.rb

@@ -16,7 +16,7 @@ module AdminHelper
   end
   
   def is_admin?
-    current_or_guest_user.admin?
+    current_or_guest_user.admin? rescue false
   end
 
   def is_member?

app/models/module_app.rb

@@ -1,7 +1,7 @@
 class ModuleApp
   include Mongoid::Document
   include Mongoid::Timestamps
-  include OrbitCoreLib::ObjectTokenUnility
+  include OrbitCoreLib::ObjectTokenUtility
 
   field :key
   field :title
@@ -21,9 +21,17 @@ class ModuleApp
     OrbitApp::Module::Registration.find_by_key(key)
   end
 
-  # %w{label_i18n }.each  do |field|
+  %w{widget_styles }.each  do |field|
-  #     define_method(field){|var| get_registration.send("get_#{m}") }
+      define_method(field){|var| get_registration.send("get_#{field}") }
-  # end
+  end
+
+  def get_default_widget
+    get_registration.get_default_widget
+  end
+
+  def enable_frontend?
+    get_registration.get_enable_frontend
+  end
 
   def label_i18n
     reg = get_registration
@@ -38,10 +46,20 @@ class ModuleApp
     !get_registration.get_default_widget.blank?
   end
 
+  def get_widget_style
+    widgets = get_registration.get_widgets
+  end
+
   def get_widget_for_select
     widgets = get_registration.get_widgets
-    ary = widgets.collect{|k,v| [I18n.t(v["label"]),k]}
+    ary = widgets.collect do |k,v| 
-    ary << [I18n.t('widget.default_widget'),'default_widget']if using_default_widget?
+      if k == 'default_widget'
+        [I18n.t('widget.default_widget'),'default_widget'] 
+      else
+        [I18n.t(v[:label]),k]   
+      end
+      
+    end
   end
 
   def is_manager?(user)

app/models/object_auth.rb

@@ -1,5 +1,5 @@
 class ObjectAuth  < PrototypeAuth
-  include OrbitCoreLib::ObjectTokenUnility
+  include OrbitCoreLib::ObjectTokenUtility
   validates_uniqueness_of :title ,:scope => [:obj_authable_type,:obj_authable_id]  #{ |c| }
   belongs_to :obj_authable, polymorphic: true
   after_save :check_user_has_can_access_app

app/views/admin/page_parts/reload_widget_styles.js.erb

@@ -1 +1,5 @@
-$('#widget_style_list select').html("<%= j options_for_select(@module_app.widgets[params[:id]]) %>")
+<% if @widget_style.nil?  %>
+  $('#widget_style_list select').html("") 
+<% else %>
+  $('#widget_style_list select').html("<%= j options_for_select(@widget_style) %>") 
+<% end %>

app/views/default_widget/typeA.html.erb

@@ -0,0 +1,19 @@
+<%= content_tag :div,:class=>@tag_class do%>
+  <div class="defulat_widget_type_A">
+    <table class="defulat_widget_tb" border="0" cellpadding="0" cellspacing="0" >
+    <thead>
+      <tr>
+        <% @fields.each do |field|%>
+          <th><%= content_tag(:span,field[0],:class=>field[1])%></th>
+        <% end %>
+      </tr>
+    </thead>
+      <% @data.each do |row_data| %>
+        <tr>
+          <% @fields.each do |field|%>
+            <td><%= content_tag(:span,row_data.send(field[0]),:class=>field[1])%></td>
+          <% end %>
+        </tr>
+      <% end %>
+    </table>
+  <% end %>

app/views/default_widget/typeB.html.erb

@@ -0,0 +1,22 @@
+<%= content_tag :div,:class=>@tag_class do%>
+  <ul class="defulat_widget_list">
+
+    <% @data.each do |row_data| %>
+      <%= content_tag(:li) do %>
+        <div class="img app-pic">
+          <%= image_tag row_data.send(@widget_image_field)%>
+
+        </div>
+          <div class="wrap">
+            <% @fields.each do |field|%>
+              <%= content_tag(:span,row_data.send(field[0]),:class=>field[1])%>
+            <% end %>
+          </div>
+          
+      <% end %>
+    <% end %>
+
+    
+  </ul>
+  <div class="more">more</div>
+  <% end %>

app/views/default_widget/typeC.html.erb

@@ -0,0 +1,15 @@
+<%= content_tag :div,:class=>@tag_class do%>
+  <div class="img app-pic">
+    <%= image_tag @data.first.send(@widget_image_field)%>
+  </div>
+    <ul class="defulat_widget_list">
+      <% @data.each do |row_data| %>
+        <%= content_tag(:li) do %>    
+          <% @fields.each do |field|%>
+            <%= content_tag(:span,row_data.send(field[0]),:class=>field[1])%>
+          <% end %>
+        <% end %>
+      <% end %>
+    </ul>
+    <div class="more">more</div>
+  <% end %>

app/views/layouts/_side_bar_content.html.erb

@@ -2,8 +2,7 @@
   <%= javascript_include_tag "/static/kernel.js"  %>
 <% end %>
 
-
+<%=OrbitApp::Module::SideBarRegisition.all.first.render(request,params,current_user,@module_app) %>
-<%=OrbitApp::Module::SideBarRegisition.all.first.render(request,params,current_user) %>
 
 <div class="content">
   <% flash.each do |key, msg| %>

config/locales/zh_tw.yml

@@ -901,78 +901,74 @@
 #           other: "有 %{count} 個錯誤發生使得「%{model}」無法被儲存。"
 #         body: "以下欄位發生問題："
 
-#   errors:
+  errors:
-#     format: "%{attribute} %{message}"
+    format: "%{attribute} %{message}"
-#     messages:
+    messages:
-#       inclusion: "沒有包含在列表中"
+      inclusion: "沒有包含在列表中"
-#       exclusion: "是被保留的關鍵字"
+      exclusion: "是被保留的關鍵字"
-#       invalid: "是無效的"
+      invalid: "是無效的"
-#       confirmation: "不符合確認值"
+      confirmation: "不符合確認值"
-#       accepted: "必須是可被接受的"
+      accepted: "必須是可被接受的"
-#       empty: "不能留空"
+      empty: "不能留空"
-#       blank: "不能是空白字元"
+      blank: "不能是空白字元"
-#       too_long: "過長（最長是 %{count} 個字）"
+      too_long: "過長（最長是 %{count} 個字）"
-#       too_short: "過短（最短是 %{count} 個字）"
+      too_short: "過短（最短是 %{count} 個字）"
-#       wrong_length: "字數錯誤（必須是 %{count} 個字）"
+      wrong_length: "字數錯誤（必須是 %{count} 個字）"
-#       not_a_number: "不是數字"
+      not_a_number: "不是數字"
-#       not_an_integer: "必須是整數"
+      not_an_integer: "必須是整數"
-#       greater_than: "必須大於 %{count}"
+      greater_than: "必須大於 %{count}"
-#       greater_than_or_equal_to: "必須大於或等於 %{count}"
+      greater_than_or_equal_to: "必須大於或等於 %{count}"
-#       equal_to: "必須等於 %{count}"
+      equal_to: "必須等於 %{count}"
-#       less_than: "必須小於 %{count}"
+      less_than: "必須小於 %{count}"
-#       less_than_or_equal_to: "必須小於或等於 %{count}"
+      less_than_or_equal_to: "必須小於或等於 %{count}"
-#       odd: "必須是奇數"
+      odd: "必須是奇數"
-#       even: "必須是偶數"
+      even: "必須是偶數"
-#     template:
+    template:
-#         header:
+        header:
-#           one: "有 1 個錯誤發生使得「%{model}」無法被儲存。"
+          one: "有 1 個錯誤發生使得「%{model}」無法被儲存。"
-#           other: "有 %{count} 個錯誤發生使得「%{model}」無法被儲存。"
+          other: "有 %{count} 個錯誤發生使得「%{model}」無法被儲存。"
-#         body: "以下欄位發生問題："
+        body: "以下欄位發生問題："
-#   widget:
+  widget:
-#     default_widget: 系統預設Widget
+    default_widget: 系統預設Widget
-#     _default_widget:
+    _default_widget:
-#       style1: 表格列表
+      style1: 表格列表
-#       style2: 單行列佐圖(同邊)
+      style2: 單行列佐圖(同邊)
-#       style3: 多行列佐圖(同邊)
+      style3: 多行列佐圖(同邊)
-#       style4: 多行列佐圖(異邊)
+      style4: 多行列佐圖(異邊)
-#       style5:  單行列佐單圖(同邊)
+      style5:  單行列佐單圖(同邊)
-# # : <<<<<<< HEAD
+  mongoid:
-#   mongoid:
+    models:
-#     models:
+      news_bulletin: 新聞
-#       news_bulletin: 新聞
+      bulletin: 公告
-#       bulletin: 公告
+      ad_banner: 廣告輪播
-#       ad_banner: 廣告輪播
+      web_link: 連結管理
-#       web_link: 連結管理
+    attributes:
-#     attributes:
+      news_bulletin:
-#       news_bulletin:
+        title: 新聞標題
-#         title: 新聞標題
+      bulletin:
-#       bulletin:
+        title: 公告標題
-#         title: 公告標題
+      ad_banner:
-#       ad_banner:
+        title: 標題
-#         title: 標題
+      web_link:
-#       web_link:
+        title: 名稱
-#         title: 名稱
+        url: 路徑
-#         url: 路徑
+  helpers:
-# # : =======
+    select:
-#   helpers:
+      prompt: "請選擇"
-#     select:
+    submit:
-#       prompt: "請選擇"
+      create: "新增%{model}"
-#     submit:
+      update: "更新%{model}"
-#       create: "新增%{model}"
+      submit: "儲存%{model}"
-#       update: "更新%{model}"
+  modal:
-#       submit: "儲存%{model}"
+    save_and_close: "儲存並關閉"
-#   modal:
+    close: "關閉"
-#     save_and_close: "儲存並關閉"
+    preview: "預覽"
-#     close: "關閉"
+  sys:
-#     preview: "預覽"
+    not_previewable: "不支援預覽"
-#   sys:
+    limit_of_upload_file_size: "上傳檔案大小限制: %{best_size}"
-#     not_previewable: "不支援預覽"
+    preview_only_for_img: "預覽僅支援：jpg,png,gif,bmp...等圖片格式"
-#     limit_of_upload_file_size: "上傳檔案大小限制: %{best_size}"
+    can_not_display_due_to_no_context: "因為沒有中文版本，所以無法顯示"
-#     preview_only_for_img: "預覽僅支援：jpg,png,gif,bmp...等圖片格式"
+    module_page_lang_not_support: "很抱歉，本頁沒有開放中文版本"
-#     can_not_display_due_to_no_context: "因為沒有中文版本，所以無法顯示"
+  object_disable:
-#     module_page_lang_not_support: "很抱歉，本頁沒有開放中文版本"
+    change_to_true: "設為停用"
-#   object_disable:
+    change_to_false: "重新啓用"
-#     change_to_true: "設為停用"
-#     change_to_false: "重新啓用"
-# # : >>>>>>> various_bugs
-# >>>>>>> put module app json into init,making orbit app work with  module app.

config/routes.rb

@@ -232,6 +232,7 @@ Orbit::Application.routes.draw do
   # match '/desktop_orbit/eventajaxload' => 'desktop_publications#update_journal'
 
 
+
   scope '/front' do
     match 'show_banner/:id' => 'front#show_banner', :as => :front_show_banner
     match 'show_footer' => 'front#show_footer', :as => :front_show_footer
@@ -242,6 +243,8 @@ Orbit::Application.routes.draw do
   end
 
 
+  match '/panel/orbit_app/widget/:type' => 'default_widget#default_widget'
+
   match '/panel/:app_name/front_end/:app_action/:id(/:controller_action)' => 'pages#show_from_link', :constraints => lambda { |request|
     !request.query_string.include?("inner=true")
   }

lib/orbit_app/helper/context_link_renderer.rb

@@ -1,12 +1,32 @@
 module ContextLinkRenderer
   include Renderer
 
-  def render(request,params)
+  def render(request,params,module_app,user)
+    @module_app = module_app
     @request = request
     @params = params
+    @current_user = user
     if display?
       content_tag :li, link_to((I18n.t(@label_i18n) + content_tag(:i, nil, :class => 'icon-chevron-right')).html_safe, eval(@path)), :class => (active?  ? 'active' : nil) 
     end
   end
 
+protected
+  def display?
+    @available_for.each do |available_for_in_sym| 
+      result = case available_for_in_sym
+      when :all
+        true
+      when :manager
+        @module_app.is_manager? @current_user
+      when :sub_manager
+        @module_app.is_sub_manager? @current_user
+      else
+        (eval(available_for_in_sym).include? @current_user rescue false)
+      end # of case 
+      return true if result || @current_user.admin?
+    end # of collect
+    false
+  end
+
 end

lib/orbit_app/helper/renderer.rb

@@ -8,10 +8,15 @@ module Renderer
 
 protected
   def active_for_app_auth?
+    if @module_app.nil?
+      false
+    else
       @module_app.id.to_s == @params[:module_app_id] ? true : false  
     end
+  end
 
   def active_for_ob_auths?
+
     if @params.has_key? :object_auth_id
       oa = ObjectAuth.find @params[:object_auth_id]
       check_controller = @params[:controller] == 'admin/object_auths_new_interface' 

lib/orbit_app/helper/side_bar_renderer.rb

@@ -2,7 +2,8 @@ module SideBarRenderer
   include Renderer
   include AdminHelper
 
-  def render(request,params,user)
+  def render(request,params,user,module_app)
+    @module_app = module_app
     @request = request
     @params = params
     @current_user = user
@@ -11,7 +12,7 @@ module SideBarRenderer
         buf =  link_to( content_tag(:i, nil, :class => @icon_class ) + content_tag(:span, I18n.t( @head_label )), eval(@head_link))
         buf  << content_tag( :ul, :class => ("nav nav-list active") )do # visible_for_controllers('bulletins', '/panel/announcement/back_end/tags', 'bulletin_categorys', 'approvals')||active_for_ob_auths_object("BulletinCategory")) 
           @context_links.sort_by! {| obj | obj.priority}.collect do |link|
-            link.render(request,params)
+            link.render(request,params,@module_app,@current_user)
           end.join.html_safe
         end 
       end 

lib/orbit_app/module/registration.rb

@@ -78,11 +78,11 @@ module OrbitApp
           end
 
           def get_categories
-            eval(@widget_set.categories_query) rescue nil
+            @widget_set.get_categories
           end
 
           def  get_tags
-            eval(@widget_set.tags_query) rescue nil
+            @widget_set.get_tags
           end
 
           def front_end(&block)

lib/orbit_app/module/side_bar.rb

@@ -46,9 +46,9 @@ module OrbitApp
             @active_for_app_auth = []
             @head_link = ""
             @app_base_path = ''
+            @module_app_key = key
             block.arity < 1 ? instance_eval(&block) : block.call(self) if block_given?
             # setup_module_app(module_app_key)
-            @module_app_key = key
             finalize!
             SideBarRegisition.add(self)
           end
@@ -76,6 +76,7 @@ module OrbitApp
           end
 
           def context_link(*var)
+            var[1].merge!(:module_app_key=>@module_app_key) unless @module_app_key.nil?
             new_context_link = ContextLink.new(*var)
             @context_links << new_context_link
           end
@@ -124,10 +125,14 @@ module OrbitApp
             @active_for_action = options[:active_for_action] || []
             @active_for_object_auth = options[:active_for_object_auth] || []
             @active_for_app_auth = options[:active_for_app_auth] || []
+            @module_app_key = options[:module_app_key]
           end
 
           def active?
-            active_for_action? || active_for_app_auth? || active_for_ob_auths?
+            for_action = @active_for_action.blank? ? false : active_for_action?
+            for_app_auth = @active_for_app_auth.blank? ? false : active_for_app_auth?
+            for_ob_auth = @active_for_object_auth.blank? ? false : active_for_ob_auths?
+            for_action || for_app_auth || for_ob_auth
           end
 
           def active_for_action?

lib/orbit_app/module/widget.rb

@@ -35,11 +35,11 @@ module OrbitApp
           end
 
           def get_categories
-            @categories_query
+             eval(@categories_query) rescue nil
           end
 
           def  get_tags
-            @tags_query
+            eval(@tags_query) rescue nil
           end
 
           def default_widget(&block)
@@ -53,6 +53,7 @@ module OrbitApp
           def to_module_app_format            
             hash = {}
             @widgets.collect{|t|  hash[t.name] = t.to_hash}
+            hash["default_widget"]= DefaultWidget.get_interface_args unless @default_widget.blank?
             hash
           end
 
@@ -63,12 +64,19 @@ module OrbitApp
         end
 
         class DefaultWidget
+          STYLE = ["typeA","typeB_style2","typeB_style3","typeB_style4","typeC"]
+
           def  initialize(&block)
             @query = nil
             @image = nil
              block.arity < 1 ? instance_eval(&block) : block.call(self) if block_given?
           end
 
+          def self.get_interface_args
+            #will need to work with design
+            {:name=>"default_widget",:field=>nil,:label=>'label',:style=>STYLE}
+          end
+
           def to_module_app_format
             {:query=>@query,:image=>@image} rescue nil
           end
@@ -90,10 +98,11 @@ module OrbitApp
             @name = name
             @fields = options[:fields] 
             @label = label
+            @style= options[:style]
           end
           
           def to_hash
-              {:name => @name,:fields=>@fields,:label=>@label}
+              {:name => @name,:fields=>@fields,:label=>@label,:style=>@style}
           end
 
           def finalize!

lib/orbit_core_lib.rb

@@ -81,7 +81,7 @@ module  OrbitCoreLib
         end
         
         query1 = auth_object_space.any_in({sub_role_ids: sub_role_ids_ary}).excludes(blocked_user_ids: user.id)
-        query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id},{role_ids: user.role.id}).excludes(blocked_user_ids: user.id)
+        query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id},{role_ids: user.role_ids}).excludes(blocked_user_ids: user.id)
         result = (query1 + query2).uniq
         result.collect{|t| t.obj_authable}.delete_if{|val| val==nil}
       end
@@ -128,7 +128,7 @@ module  OrbitCoreLib
     end
     
   end
-  module  ObjectTokenUnility
+  module  ObjectTokenUtility
     def self.included(base)
       base.instance_eval("field :s_token")
       base.instance_eval("after_create :generate_token")
@@ -145,7 +145,7 @@ module  OrbitCoreLib
      end
   end
   
-  module PermissionUnility
+  module PermissionUtility
   private
     def check_permission(type = :use)
       permission_grant =  current_or_guest_user.admin?? true : false
@@ -168,4 +168,34 @@ module  OrbitCoreLib
       ModuleApp.first(conditions: {s_token: token})
     end
   end
+
+  module AppBackendUtility
+    def setup_vars
+      @app_title ||= controller_path.split('/')[1].singularize
+      @module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
+    end
+
+    private
+
+    def force_order_for_visitor
+      setup_vars
+      set_current_user
+    end
+
+
+    def force_order_for_user
+      setup_vars
+      set_current_user    
+      authenticate_user!
+      check_user_can_use
+    end
+
+    def check_user_can_use 
+      unless check_permission
+        #redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
+        redirect_to root_url
+      end
+    end
+  end
+
 end

lib/parsers/parser_common.rb

@@ -206,8 +206,14 @@ module ParserCommon
         when 'text'
           ret << part.content rescue ''
         when 'module_widget'
-          url = "/panel/#{part.module_app.key}/widget/#{part.widget_path}?inner=true"
+          url = case part.widget_path
-          options = "&category_id=#{!part[:category].blank? ? part[:category].blank? : category}&tag_id=#{!part[:tag].blank? ? part[:tag] : tag}&page=#{params[:page]}&search_query=#{params[:search_query]}&part_title=#{Rack::Utils.escape(part_title).gsub("+", "%20") rescue nil}"
+                    when 'default_widget'
+                        "/panel/orbit_app/widget/#{part.widget_style}?inner=true"
+                      else
+                        "/panel/#{part.module_app.key}/widget/#{part.widget_path}?inner=true"
+                    end
+          
+          options = "&category_id=#{!part[:category].blank? ? part[:category].blank? : category}&tag_id=#{!part[:tag].blank? ? part[:tag] : tag}&page=#{params[:page]}&search_query=#{params[:search_query]}&part_title=#{Rack::Utils.escape(part_title).gsub("+", "%20") rescue nil}&part_id=#{part.id}"
           ret << "<div class='dymanic_load widget' path='#{url + options}'></div>"
         when 'public_r_tag'
           ret << "<r:#{part.public_r_tag} id='#{part.public_r_tag_object_id}'/>"

vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletin_categorys_controller.rb

@@ -8,6 +8,10 @@ class Panel::Announcement::BackEnd::BulletinCategorysController < OrbitBackendCo
     @module_app = ModuleApp.where(:title=>'Announcement').first
   end
 
+  before_filter :force_order_for_visitor,:only=>[:index,:get_categorys_json,:get_bulletins_json]
+  before_filter :force_order_for_user,:except => [:index,:get_categorys_json,:get_bulletins_json]
+  before_filter :for_app_sub_manager,:except => [:index,:get_categorys_json,:get_bulletins_json]
+
   def index
     @bulletin_categorys = get_categories_for_index("BulletinCategory")
     #TODO 需要做 manager ,admin 才可以 all.  其他 available就好

vendor/built_in_modules/announcement/config/locales/zh_tw.yml

@@ -18,3 +18,9 @@ zh_tw:
     widget:
         index: 目錄Widget
         bulletins_and_web_links: 公告與連結並排Widget
+    #init don't merge
+    all_articles: 全部公告
+    add_new: 新增
+    categories: 分類
+    approval_setting: 審核權限
+    tags: 標籤

vendor/built_in_modules/announcement/init.rb

@@ -25,7 +25,7 @@ module Announcement
       categories_query 'BulletinCategory.all'
       tags_query 'AnnouncementTag.all'
 
-      customize_widget "index","announcement.widget.index",:fields=>["title","category","postdate"]
+      customize_widget "index","announcement.widget.index",:fields=>["title","category","postdate"],:style=>["cu_style_1","cu_style_2","cu_style_3","cu_style_4","cu_style_5"]
       customize_widget "bulletins_and_web_links","announcement.widget.bulletins_and_web_links"
       # item "index","announcement.widget.index",:default_template=>true,:fields=>["title","category","postdate"]
       # item "bulletins_and_web_links","announcement.widget.bulletins_and_web_links"
@@ -42,13 +42,14 @@ module Announcement
       context_link 'announcement.all_articles',
                             :link_path=>"panel_announcement_back_end_bulletins_path" ,
                             :priority=>1,
-                            :active_for_action=>{:bulletins=>:index}
+                            :active_for_action=>{:bulletins=>:index},
+                            :available_for => [:all]
 
       context_link 'announcement.add_new', 
                             :link_path=>"new_panel_announcement_back_end_bulletin_path" ,
                             :priority=>2,
                             :active_for_action=>{:bulletins=>:new},
-                            :available_for => [:manager]
+                            :available_for => [:sub_manager]
       
       context_link 'announcement.categories',
                             :link_path=>"panel_announcement_back_end_bulletin_categorys_path" ,
@@ -60,12 +61,13 @@ module Announcement
       context_link 'announcement.tags',
                             :link_path=>"panel_announcement_back_end_tags_path" ,
                             :priority=>4,
-                            :active_for_action=>{:bulletin_categorys=>:index},
+                            # :active_for_action=>{:bulletin_categorys=>:index},
                             :available_for => [:manager]
 
       context_link 'announcement.approval_setting',
                             :link_path=>"panel_announcement_back_end_approval_setting_path" ,
                             :priority=>5,
+                            :active_for_action=>{:approvals=>:setting},
                             :active_for_object_auth => 'BulletinCategory',
                             :available_for => [:manager]