diff --git a/app/controllers/admin/app_auths_controller.rb b/app/controllers/admin/app_auths_controller.rb
index 6f3f1c3d..f2c01451 100644
--- a/app/controllers/admin/app_auths_controller.rb
+++ b/app/controllers/admin/app_auths_controller.rb
@@ -4,7 +4,7 @@ class Admin::AppAuthsController < ApplicationController
before_filter :is_admin?
def index
- @user_roles = UserRole.all.entries
+ @roles = Role.all.entries
apps = Purchase.where(:type =>"App")
@app_auth_data = apps.entries.map do |app|
app_c = eval(app.app_controller)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d9c0156c..7c964ff5 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -5,6 +5,13 @@ class ApplicationController < ActionController::Base
helper :all
before_filter :set_locale, :set_site
+
+ def front_end_available(module_app_title='')
+ app_controller = ModuleApp.first(conditions: {:title => module_app_title} )
+ unless app_controller.enable_frontend?
+ render :text => 'View not available'
+ end
+ end
def get_all_app_engines
ary = ["vender/plugins/NewBlog"]
diff --git a/app/models/app_auth.rb b/app/models/app_auth.rb
index 9602fda0..b31add3c 100644
--- a/app/models/app_auth.rb
+++ b/app/models/app_auth.rb
@@ -15,55 +15,72 @@ class AppAuth
has_and_belongs_to_many :roles
+ has_and_belongs_to_many :sub_roles
+
+ attr_protected :roles,:sub_roles,:privilege_users,:blocked_users,:users
+
+ def add_role role
+ add_operation(:roles,role)
+ end
+
+ def add_sub_role role
+ add_operation(:sub_roles,role)
+ end
+
+ def remove_role role
+ remove_operation(:roles,role)
+ end
+
+ def remove_sub_role role
+ remove_operation(:sub_roles,role)
+ end
def add_user_to_black_list user
- unless self.blocked_users.include?(user)
- self.blocked_users << user
- self.save!
- else
- false #should put error message for user existed in list already
- end
+ add_operation(:blocked_users,user)
end
-
def remove_user_from_black_list user
- if self.blocked_users.include? user
- self.blocked_users.delete user
+ remove_operation(:blocked_users,user)
+ end
+
+ def add_user_to_privilege_list user
+ add_operation(:privilege_users,user)
+ end
+
+ def remove_user_from_privilege_list user
+ remove_operation(:privilege_users,user)
+ end
+
+ def remove_operation(item,obj)
+ if (self.send item).include? obj
+ (self.send item).delete obj
self.save!
else
false #should put error message for user not existed in list
- end
+ end
end
-
- def add_user_to_privilege_list user
- unless self.privilege_users.include? user
- self.privilege_users << user
+ def add_operation(item,obj)
+ unless (self.send item).include?(obj)
+ (self.send item) << obj
self.save!
else
false #should put error message for user existed in list already
end
end
-
- def remove_user_from_privilege_list user
- if self.privilege_users.include? user
- self.privilege_users.delete user
- self.save!
- else
- false #should put error message for user not existed in list
- end
- end
-
def auth_users
if self.all?
User.all.entries
else
- ary= self.roles.collect do |role|
- role.users
+ ary=[]
+ [:roles,:sub_roles].each do |t_role|
+ ary += (self.send t_role).collect do |role|
+ role.users
+ end
end
ary << self.privilege_users
- ary.flatten!
+ ary.flatten!.uniq
end
end
diff --git a/app/models/module_app.rb b/app/models/module_app.rb
index 31a02025..18e8a6d7 100644
--- a/app/models/module_app.rb
+++ b/app/models/module_app.rb
@@ -9,9 +9,13 @@ class ModuleApp
field :intro
field :update_info
field :create_date
+ field :enable_frontend,type: Boolean
field :app_pages ,type: Array
+ field :widgets ,type: Array
has_one :app_auth,dependent: :delete
+
+
end
diff --git a/app/models/user/user.rb b/app/models/user/user.rb
index 1e956b80..60199ce7 100644
--- a/app/models/user/user.rb
+++ b/app/models/user/user.rb
@@ -19,7 +19,10 @@ class User
accepts_nested_attributes_for :attribute_values, :allow_destroy => true
def avb_apps
- query = AppAuth.any_of({all: true},{privilege_user_ids: self.id},{roles: self.role.id}).excludes(blocked_user_ids: self.id)
+ sub_role_ids_ary=self.sub_roles.collect{|t| t.id}
+ query1 = AppAuth.any_in({sub_role_ids: sub_role_ids_ary}).excludes(blocked_user_ids: self.id)
+ query2 = AppAuth.any_of({all: true},{privilege_user_ids: self.id},{role_ids: self.role.id}).excludes(blocked_user_ids: self.id)
+ (query1 + query2).uniq
end
def name
diff --git a/app/views/admin/designs/_form.html.erb b/app/views/admin/designs/_form.html.erb
index b6ba7cb2..fd579e5e 100644
--- a/app/views/admin/designs/_form.html.erb
+++ b/app/views/admin/designs/_form.html.erb
@@ -38,7 +38,7 @@
<%= f.hidden_field :to_save, :value => true %>
<% end %>
<% else %>
- <%= File.basename (@design.default_css.file.url) %>
+ <%= File.basename (@design.default_css.file.url) rescue "" %>
<% end %>
diff --git a/app/views/admin/designs/_new.html.erb b/app/views/admin/designs/_new.html.erb
index ded2237a..a4aba6c9 100644
--- a/app/views/admin/designs/_new.html.erb
+++ b/app/views/admin/designs/_new.html.erb
@@ -1,6 +1,6 @@
<%= t('admin.new_design') %>
-<%= form_for :design, :url => admin_designs_path do |f| %>
+<%= form_for @design, :url => admin_design_path(@design),:html => {:multipart => true} do |f| %>
<%= f.error_messages %>
<%= render :partial => "form", :locals => { :f => f } %>
diff --git a/spec/models/app_auth_basic.rb b/spec/models/app_auth_basic.rb
index 3a2ae0f2..0f629119 100644
--- a/spec/models/app_auth_basic.rb
+++ b/spec/models/app_auth_basic.rb
@@ -6,129 +6,210 @@ describe AppAuth do
before do
User.all.destroy
- UserRole.all.destroy
+ Role.all.destroy
+ SubRole.all.destroy
AppAuth.all.destroy
ModuleApp.all.destroy
#Create some fixtures of Main Role
main_role_key = ["Stud","Teacher","Staff"]
@new_main_role_list = main_role_key.each do |role|
- new_role = UserRole.new :key => role
-
+ new_role = Role.new :key => role
new_role.save
end
+ #Create Some SubRoles
+ sub_role_key = ["graduated_school","undergraduated_school","TA","Senior"]
+ @new_main_role_list = sub_role_key.each do |role|
+ new_role = SubRole.new :key => role
+ new_role.save
+ end
+
#Create some users of User
- user_emails = ["a_good_stud","a_bad_stud","a_teacher","a_staff"]
+ user_emails = ["a_good_ug_stud_1","a_good_ug_stud_2","a_bad_ug_stud","a_good_g_stud","a_bad_g_stud","a_teacher","a_staff"]
user_emails.each do |user_email|
email=user_email+"@rulingcom.com"
new_user = User.new :email=> email
new_user.save
end
-
- @stud_MRK = UserRole.first(conditions:{key:"Stud"})
- @teacher_MRK = UserRole.first(conditions:{key:"Teacher"})
- @staff_MRK = UserRole.first(conditions:{key:"Staff"})
-
- @good_stu = User.first(conditions:{email:"a_good_stud@rulingcom.com"})
- @bad_stu = User.first(conditions:{email:"a_bad_stud@rulingcom.com"})
+ #MRK = Member Role Key SRK=Sub Role Key
+ @stud_MRK = Role.first(conditions:{key:"Stud"})
+ @teacher_MRK = Role.first(conditions:{key:"Teacher"})
+ @staff_MRK = Role.first(conditions:{key:"Staff"})
+
+ @graduated_SRK = SubRole.first(conditions:{key:"graduated_school"})
+ @under_graduated_SRK = SubRole.first(conditions:{key:"undergraduated_school"})
+ @ta_SRK = SubRole.first(conditions:{key:"TA"})
+ @senior_SRK = SubRole.first(conditions:{key:"Senior"})
+
+ @stud_MRK.sub_roles += [@graduated,@under_graduated,@ta]
+ @stud_MRK.save!
+
+ @teacher_MRK.sub_roles = [@senior]
+ @teacher_MRK.save!
+
+ @good_ug_stu_1 = User.first(conditions:{email:"a_good_ug_stud_1@rulingcom.com"})
+ @good_ug_stu_2 = User.first(conditions:{email:"a_good_ug_stud_2@rulingcom.com"})
+ @bad_ug_stu = User.first(conditions:{email:"a_bad_ug_stud@rulingcom.com"})
+
+ @good_g_stu = User.first(conditions:{email:"a_good_g_stud@rulingcom.com"})
+ @bad_g_stu = User.first(conditions:{email:"a_bad_g_stud@rulingcom.com"})
@teacher = User.first(conditions:{email:"a_teacher@rulingcom.com"})
@staff = User.first(conditions:{email:"a_staff@rulingcom.com"})
#setting Roles for users
- @good_stu.user_role = @stud_MRK
- @bad_stu.user_role = @stud_MRK
- @teacher.user_role = @teacher_MRK
- @staff.user_role = @staff_MRK
+ @good_g_stu.role = @stud_MRK
+ @bad_g_stu.role = @stud_MRK
+ @good_ug_stu_1.role = @stud_MRK
+ @good_ug_stu_2.role = @stud_MRK
+ @bad_ug_stu.role = @stud_MRK
+
+ @good_g_stu.sub_roles = [@graduated_SRK,@ta_SRK]
+ @bad_g_stu.sub_roles << @graduated_SRK
+ @good_ug_stu_1.sub_roles << @under_graduated_SRK
+ @good_ug_stu_2.sub_roles << @under_graduated_SRK
+ @bad_ug_stu.sub_roles << @under_graduated_SRK
- @good_stu.save!
- @bad_stu.save!
+ @teacher.role = @teacher_MRK
+ @staff.role = @staff_MRK
+
+ @good_g_stu.save!
+ @bad_g_stu.save!
+ @good_ug_stu_1.save!
+ @good_ug_stu_2.save!
+ @bad_ug_stu.save!
+
@teacher.save!
@staff.save!
end
- describe "Testing basic structure" do
+ describe "Starting a ClassBulletin Auth for teacher , staff and ta" do
before do
- @app_auth = AppAuth.new()
- #all stud has access right
- @app_auth.user_roles << @stud_MRK
+ @bulletin_app_auth = AppAuth.new()
+ #all teacher and staff has access right
+ @bulletin_app_auth.roles = [@teacher_MRK,@staff_MRK]
+ #all person with TA sub_role has access right
+ @bulletin_app_auth.sub_roles << @ta_SRK
- #a_bad_stud add to block to app_auth
- @app_auth.blocked_users << @bad_stu
+ #a_bad_ug_stud add to block to bulletin_app_auth
+ #@bulletin_app_auth.blocked_users << @bad_ug_stu
#all teacher has access right
- @app_auth.user_roles << @teacher_MRK
+ # @bulletin_app_auth.roles << @teacher_MRK
- @app_auth.privilege_users << @staff
- @app_auth.save!
+ # @bulletin_app_auth.privilege_users << @staff
+ @bulletin_app_auth.save!
end
context "Should just initialize all obj that is needed" do
- it "Testing @app_auth init result" do
- @app_auth.user_roles.should have(2).item
+ it "Testing @bulletin_app_auth init result" do
+ @bulletin_app_auth.roles.should have(2).item #teacher staff
+ @bulletin_app_auth.sub_roles.should have(1).item #ta
end
- it "@app_auth should have UserRoles: Stud , Teacher " do
- key_ary = @app_auth.user_roles.collect do |role|
+ it "@bulletin_app_auth should have Roles: Staff , Teacher " do
+ key_ary = @bulletin_app_auth.roles.collect do |role|
role.key
end
- key_ary.should == ["Stud","Teacher"]
+ key_ary.sort.should == ["Staff","Teacher"].sort
end
- it "@app_auth should have one Privialage user which is belongs to Staff" do
- p_user_ary = @app_auth.privilege_users.collect do |p_user|
- p_user.user_role.key
- end
- p_user_ary.should include("Staff")
+ it "bulletin_app_auth should have 3 auth users" do
+ user_ary = [@teacher,@staff,@good_g_stu]
+ @bulletin_app_auth.auth_users.sort.should == user_ary.sort
+ check_user_has_app user_ary
end
- it "@app_auth should have one student listed at blocklist" do
- @bad_stu = User.first(conditions:{email:"a_bad_stud@rulingcom.com"})
- @app_auth.blocked_users.should have(1).item
- @app_auth.blocked_users.should include(@bad_stu)
+ it "Adding a undergraduate stud into app_auth by privilege list" do
+ user_ary = [@teacher,@staff,@good_g_stu,@good_ug_stu_1]
+ @bulletin_app_auth.add_user_to_privilege_list @good_ug_stu_1
+ @bulletin_app_auth.auth_users.sort.should == user_ary.sort
+ check_user_has_app user_ary
end
+
+ it "Adding all graudated-stud into app_auth" do
+ user_ary = [@teacher,@staff,@good_g_stu,@bad_g_stu]
+ @bulletin_app_auth.add_sub_role @graduated_SRK
+ @bulletin_app_auth.auth_users.sort.should == user_ary.sort
+ check_user_has_app user_ary
+ end
+
+ it "Blocking bad-graduate student" do
+ user_ary =[@teacher,@staff,@good_g_stu]
+ @bulletin_app_auth.add_sub_role @graduated_SRK
+ @bulletin_app_auth.add_user_to_black_list @bad_g_stu
+ @bulletin_app_auth.auth_users_after_block_list.sort.should == user_ary.sort
+ check_user_has_app user_ary
+ end
+
+ it "Removing all graudated-stud from app_auth" do
+ user_ary =[@teacher,@staff,@good_g_stu]
+ @bulletin_app_auth.add_sub_role @graduated_SRK
+ @bulletin_app_auth.remove_sub_role @graduated_SRK
+ @bulletin_app_auth.auth_users.sort.should == user_ary.sort
+ check_user_has_app user_ary
+ end
+
+
+ # it "@bulletin_app_auth should have one Privialage user which is belongs to Staff" do
+ # p_user_ary = @bulletin_app_auth.privilege_users.collect do |p_user|
+ # p_user.roles.key
+ # end
+ # p_user_ary.should include("Staff")
+ # end
+
+ # it "@bulletin_app_auth should have one student listed at blocklist" do
+ # @bad_stu = User.first(conditions:{email:"a_bad_g_stud@rulingcom.com"})
+ # @bulletin_app_auth.blocked_users.should have(1).item
+ # @bulletin_app_auth.blocked_users.should include(@bad_stu)
+ # end
- it "[Development #1]-1.Authorizing roles: roles + blocklist" do
- @good_stu = User.first(conditions:{email:"a_good_stud@rulingcom.com"})
- @teacher = User.first(conditions:{email:"a_teacher@rulingcom.com"})
- @staff = User.first(conditions:{email:"a_staff@rulingcom.com"})
- ary = [@good_stu,@teacher,@staff]
- @app_auth.auth_users_after_block_list.should == ary
- end
-
- it "[Development #1]-2.Authorizing single users: list of users [new_user1~2]" do
- user_emails = ["new_user1","new_user2","new_user3","new_user4"]
- user_emails.each do |user_email|
- email=user_email+"@rulingcom.com"
- new_user = User.new :email=> email
- new_user.save
+ # it "[Development #1]-1.Authorizing roles: roles + blocklist" do
+ # @good_stu = User.first(conditions:{email:"a_good_g_stud@rulingcom.com"})
+ # @teacher = User.first(conditions:{email:"a_teacher@rulingcom.com"})
+ # @staff = User.first(conditions:{email:"a_staff@rulingcom.com"})
+ # ary = [@good_stu,@teacher,@staff]
+ # @bulletin_app_auth.auth_users_after_block_list.should == ary
+ # end
+ #
+ # it "[Development #1]-2.Authorizing single users: list of users [new_user1~2]" do
+ # user_emails = ["new_user1","new_user2","new_user3","new_user4"]
+ # user_emails.each do |user_email|
+ # email=user_email+"@rulingcom.com"
+ # new_user = User.new :email=> email
+ # new_user.save
+ # end
+ # user1= User.first(conditions:{email:"new_user1@rulingcom.com"})
+ # user2= User.first(conditions:{email:"new_user2@rulingcom.com"})
+ # user3= User.first(conditions:{email:"new_user3@rulingcom.com"})
+ # user4= User.first(conditions:{email:"new_user4@rulingcom.com"})
+ #
+ # @bulletin_app_auth.privilege_users << user1
+ # @bulletin_app_auth.privilege_users << user2
+ #
+ # @bulletin_app_auth.auth_users_after_block_list.should include(user1,user2)
+ # @bulletin_app_auth.auth_users_after_block_list.should_not include(user3,user4)
+ #
+ # end
+ #
+ # it "[Development #1]-3.Authorizing roles and single users: roles + blocklist + list of users" do
+ # @bulletin_app_auth.auth_users.should have(7).item
+ # end
+ #
+ # it "[Development #1]-4.Authorizing all: blocklist" do
+ # @bad_stu = User.first(conditions:{email:"a_bad_g_stud@rulingcom.com"})
+ # @new_bulletin_app_auth = (AppAuth.new :all => true)
+ # @new_bulletin_app_auth.blocked_users << @bad_stu
+ #
+ # @new_bulletin_app_auth.auth_users.should == User.all.entries
+ # @new_bulletin_app_auth.auth_users_after_block_list.should_not include(@bad_stu)
+ # @new_bulletin_app_auth.save!
+ # end
+ def check_user_has_app(user_ary)
+ user_ary.each do |user|
+ user.avb_apps.should include(@bulletin_app_auth)
end
- user1= User.first(conditions:{email:"new_user1@rulingcom.com"})
- user2= User.first(conditions:{email:"new_user2@rulingcom.com"})
- user3= User.first(conditions:{email:"new_user3@rulingcom.com"})
- user4= User.first(conditions:{email:"new_user4@rulingcom.com"})
-
- @app_auth.privilege_users << user1
- @app_auth.privilege_users << user2
-
- @app_auth.auth_users_after_block_list.should include(user1,user2)
- @app_auth.auth_users_after_block_list.should_not include(user3,user4)
-
end
-
- it "[Development #1]-3.Authorizing roles and single users: roles + blocklist + list of users" do
- @app_auth.auth_users.should have(4).item
- end
-
- it "[Development #1]-4.Authorizing all: blocklist" do
- @bad_stu = User.first(conditions:{email:"a_bad_stud@rulingcom.com"})
- @new_app_auth = (AppAuth.new :all => true)
- @new_app_auth.blocked_users << @bad_stu
-
- @new_app_auth.auth_users.should == User.all.entries
- @new_app_auth.auth_users_after_block_list.should_not include(@bad_stu)
- @new_app_auth.save!
- end
- end
+ end
diff --git a/vendor/built_in_modules/NewBlog/NewBlog.json b/vendor/built_in_modules/NewBlog/NewBlog.json
index ce9c80d3..32734d3b 100755
--- a/vendor/built_in_modules/NewBlog/NewBlog.json
+++ b/vendor/built_in_modules/NewBlog/NewBlog.json
@@ -6,5 +6,6 @@
"intro": "A simple blog……",
"update_info": "Some info",
"create_date": "11-11-2011",
- "app_pages": ["/panel/blog/front_end/"]
+ "app_pages": ["/panel/blog/front_end/"],
+ "widgets": ["/panel/blog/widget/latest_post","/panel/blog/widget/"]
}