First version of app and object auth for web_resource module. Basic fund is ok. backend need to be secued
This commit is contained in:
		
							parent
							
								
									03387d3c07
								
							
						
					
					
						commit
						82d78acbad
					
				|  | @ -1,6 +1,8 @@ | |||
| class OrbitBackendController< ApplicationController | ||||
|   before_filter :force_order,:except => [:public] | ||||
|   before_filter :setup_vars | ||||
|   before_filter :set_current_user | ||||
| 
 | ||||
|  # before_filter {|c| c.front_end_available(@app_title)} | ||||
|   # before_filter :check_user_can_use | ||||
|   include OrbitCoreLib::PermissionUnility | ||||
|  |  | |||
|  | @ -16,8 +16,8 @@ module Admin::AdBannerHelper | |||
|     end | ||||
| 
 | ||||
|     def show_ad_banner_permission_link(ad_banner) | ||||
|     type = 'edit' | ||||
|     oa = ad_banner.get_object_auth_by_title(type) | ||||
|       type = 'edit' | ||||
|       oa = ad_banner.get_object_auth_by_title(type) | ||||
|     if oa.nil? | ||||
|       ad_banner.object_auths.new(title: type ).save | ||||
|       oa = ad_banner.get_object_auth_by_title(type) | ||||
|  | @ -26,8 +26,6 @@ module Admin::AdBannerHelper | |||
|      link_to t('admin.ad.cate_auth'),admin_object_auth_ob_auth_path(oa),:class => "btn btn-warning" | ||||
|   end | ||||
| 
 | ||||
|     def at_least_module_manager | ||||
|       is_manager? || is_admin?  | ||||
|     end | ||||
| 
 | ||||
| 
 | ||||
| end | ||||
|  | @ -0,0 +1,11 @@ | |||
| module Admin::WebLinkHelper | ||||
|     def show_web_link_permission_link(web_link) | ||||
|       type = 'edit' | ||||
|       oa = web_link.get_object_auth_by_title(type) | ||||
|     if oa.nil? | ||||
|       web_link.object_auths.new(title: type ).save | ||||
|       oa = web_link.get_object_auth_by_title(type) | ||||
|     end | ||||
|      link_to t('admin.web_link.cate_auth'),admin_object_auth_ob_auth_path(oa) | ||||
|   end | ||||
| end | ||||
|  | @ -196,4 +196,8 @@ module ApplicationHelper | |||
|     display_visitors(created_at: {'$gte' => Date.today.beginning_of_year, '$lte' => Date.today.end_of_year}) | ||||
|   end | ||||
| 
 | ||||
|   def at_least_module_manager | ||||
|     is_manager? || is_admin?  | ||||
|   end | ||||
| 
 | ||||
| end | ||||
|  |  | |||
|  | @ -11,9 +11,7 @@ class ObjectAuth  < PrototypeAuth | |||
|   end | ||||
| 
 | ||||
|   def check_user_has_app_auth | ||||
| debugger | ||||
|     a=1 | ||||
|     sub_managing_users = auth_obj.app_auth.sub_managing_users | ||||
|     sub_managing_users = auth_obj.app_auth.sub_managing_users rescue [] | ||||
|     app_auth =  auth_obj.app_auth | ||||
|     self.auth_users.each do |auth_user| | ||||
|       if !sub_managing_users.include? auth_user && !auth_user.admin? | ||||
|  |  | |||
|  | @ -15,7 +15,7 @@ | |||
| <% end -%> | ||||
| 		<h3><%= t("admin.ad.picture_list")%></h3> | ||||
| 		<div class="adbanner-list"> | ||||
| 			<%if  at_least_module_manager || sub_manager?(ad_banner_tab)%> | ||||
| 			<%if  (at_least_module_manager || ad_banner_tab.cur_user_is_sub_manager_of(:edit) )%> | ||||
| 				<%=  content_tag :div ,:class=>'adbanner-action' do%> | ||||
| 					<%= link_to t("admin.ad.new_image"),new_admin_ad_banner_ad_image_path(ad_banner_tab) ,:class => "btn btn-primary"%> | ||||
| 					<%= link_to t("modal.preview"), admin_realtime_preview_ad_banner_path(ad_banner_tab.id) , :class=>'preview_trigger btn btn-success'%> | ||||
|  |  | |||
|  | @ -54,17 +54,18 @@ | |||
| 		<%#= content_tag :li, link_to(t('admin.ad.all_banners'), admin_ad_banners_path), :class => active_for_action('ad_banners', 'index') %> | ||||
| 		<%#= content_tag :li, link_to(t('admin.ad.new_banner'), new_admin_ad_banner_path), :class => active_for_action('ad_banners', 'new') %> | ||||
| 		<%#= content_tag :li, link_to(t('admin.ad.new_image'), new_ad_image_admin_ad_banners_path), :class => active_for_action('ad_images', 'new') %> | ||||
| 				<%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "ad_banners"}))), :class => active_for_app_auth('ad_banners')  if (is_admin? rescue nil) %> | ||||
| 	<%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "ad_banners"}))), :class => active_for_app_auth('ad_banners')  if (is_admin? rescue nil) %> | ||||
| 	<% end -%> | ||||
| <% end %> | ||||
| 
 | ||||
| <%= content_tag :li, :class => active_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys') do -%> | ||||
| <%= content_tag :li, :class => active_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys') || active_for_app_auth('web_resource') do -%> | ||||
| 	<%= link_to content_tag(:i, nil, :class => 'icons-link') + t('admin.link'), panel_web_resource_back_end_web_links_path %> | ||||
| 	<%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys')) do -%> | ||||
| 		<%= content_tag :li, link_to(t('admin.all_articles'), panel_web_resource_back_end_web_links_path), :class => active_for_action('web_links', 'index') %> | ||||
| 		<%= content_tag :li, link_to(t('announcement.add_new'), new_panel_web_resource_back_end_web_link_path), :class => active_for_action('web_links', 'new') %> | ||||
| 		<%= content_tag :li, link_to(t('announcement.categories'), panel_web_resource_back_end_web_link_categorys_path), :class => active_for_action('web_link_categorys', 'index') %> | ||||
| 		<%= content_tag :li, link_to(t('announcement.tags'), panel_web_resource_back_end_tags_path), :class => active_for_action('/panel/web_resource/back_end/tags', 'index') %> | ||||
| 		<%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "web_resource"}))), :class => active_for_app_auth('web_resource')  if (is_admin? rescue nil) %> | ||||
| 	<% end -%> | ||||
| <% end -%> | ||||
| 
 | ||||
|  | @ -75,4 +76,4 @@ | |||
| 		<%= content_tag :li, link_to(t('admin.categories'), admin_asset_categories_path), :class => active_for_action('asset_categories', 'index') %> | ||||
| 		<%= content_tag :li, link_to(t('admin.tags'), admin_asset_tags_path), :class => active_for_action('/admin/asset_tags', 'index') %> | ||||
| 	<% end -%> | ||||
| <% end -%> | ||||
| <% end -%> | ||||
|  |  | |||
|  | @ -19,6 +19,10 @@ module  OrbitCoreLib | |||
|          | ||||
|     end | ||||
|      | ||||
|     def cur_user_is_sub_manager_of(title) | ||||
|        authed_users(title).include?(User.current) | ||||
|     end  | ||||
| 
 | ||||
|     def app_auth | ||||
|        ModuleApp.first(conditions: {:title => self.class::APP_NAME} ) | ||||
|     end | ||||
|  |  | |||
|  | @ -1,7 +1,7 @@ | |||
| class Panel::WebResource::BackEnd::WebLinksController < OrbitBackendController | ||||
|    | ||||
|   before_filter :authenticate_user! | ||||
|   before_filter :is_admin? | ||||
|   # before_filter :for_app_manager,:except => [:index,:show]  | ||||
|   # before_filter :for_app_sub_manager | ||||
| 
 | ||||
|   def index | ||||
|    | ||||
|  |  | |||
|  | @ -3,12 +3,21 @@ | |||
| class WebLinkCategory | ||||
|   include Mongoid::Document | ||||
|   include Mongoid::Timestamps | ||||
|   include OrbitCoreLib::ObjectAuthable | ||||
| 
 | ||||
|   # include Mongoid::MultiParameterAttributes | ||||
|    | ||||
|   AfterObjectAuthUrl = '/panel/page_content/back_end/page_contexts' | ||||
|   APP_NAME = 'web_resource' | ||||
|   ObjectAuthTitlesOptions = %W{edit} | ||||
| 
 | ||||
|   field :key | ||||
|    | ||||
|   has_one :i18n_variable, :as => :language_value, :autosave => true, :dependent => :destroy | ||||
|    | ||||
|   has_many :web_links | ||||
|    | ||||
|   def pp_object | ||||
|     i18n_variable[I18n.locale] | ||||
|   end | ||||
| 
 | ||||
| end | ||||
|  | @ -3,12 +3,15 @@ | |||
| 	<tr id="<%= dom_id web_link_category %>" class="with_action"> | ||||
| 		<td> | ||||
| 			<%= web_link_category.key %> | ||||
| 			<div class="quick-edit"> | ||||
| 				<ul class="nav nav-pills hide"> | ||||
| 					<li><%= link_to t('web_link_category.edit'), edit_panel_web_resource_back_end_web_link_category_path(web_link_category), :remote => true %></li> | ||||
| 					<li><%= link_to t('web_link_category.delete'), panel_web_resource_back_end_web_link_category_path(web_link_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li> | ||||
| 				</ul> | ||||
| 			</div> | ||||
| 			<%if at_least_module_manager %> | ||||
| 				<div class="quick-edit"> | ||||
| 					<ul class="nav nav-pills hide"> | ||||
| 						<li><%= link_to t('web_link_category.edit'), edit_panel_web_resource_back_end_web_link_category_path(web_link_category), :remote => true %></li> | ||||
| 						<li><%= link_to t('web_link_category.delete'), panel_web_resource_back_end_web_link_category_path(web_link_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li> | ||||
| 						<li><%= show_web_link_permission_link web_link_category %></li> | ||||
| 					</ul> | ||||
| 				</div> | ||||
| 			<% end -%> | ||||
| 		</td> | ||||
| 		<% @site_valid_locales.each do |locale| %> | ||||
| 		<td><%= web_link_category.i18n_variable[locale] rescue nil %></td> | ||||
|  |  | |||
|  | @ -34,6 +34,6 @@ | |||
| 	</tbody> | ||||
| </table> | ||||
| 
 | ||||
| <div id="form"><%= render :partial => "form" %></div> | ||||
| <div id="form"><%= render :partial => "form"  if at_least_module_manager%></div> | ||||
| 
 | ||||
| 
 | ||||
|  |  | |||
|  | @ -24,8 +24,10 @@ | |||
| 	<%= link_to web_link.name[I18n.locale], panel_web_resource_back_end_web_link_path(web_link) %> | ||||
| 	<div class="quick-edit"> | ||||
| 		<ul class="nav nav-pills hide"> | ||||
| 			<%if at_least_module_manager || web_link.web_link_category.cur_user_is_sub_manager_of(:edit)%> | ||||
| 			<li><%= link_to t('web_link.edit'), edit_panel_web_resource_back_end_web_link_path(web_link) %></li> | ||||
| 			<li><%= link_to t('web_link.delete'), panel_web_resource_back_end_web_link_path(web_link), :confirm => t('sure?'), :method => :delete, :remote => true %></li> | ||||
| 			<% end -%> | ||||
| 		</ul> | ||||
| 	</div> | ||||
| 	</td> | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue