added authorization to plugin

2014-07-31 21:51:25 +08:00 · 2014-07-31 21:51:25 +08:00 · 29c61c86e4
parent 457533154a
commit 29c61c86e4
5 changed files with 41 additions and 26 deletions
--- a/app/controllers/admin/book_author_types_controller.rb
+++ b/app/controllers/admin/book_author_types_controller.rb
@ -1,4 +1,4 @@
-class Admin::BookAuthorTypesController < ApplicationController
+class Admin::BookAuthorTypesController < OrbitMemberController
  before_action :set_book_author_type, only: [:edit, :update, :destroy]

  def initialize
--- a/app/controllers/admin/books_controller.rb
+++ b/app/controllers/admin/books_controller.rb
@ -24,7 +24,11 @@ class Admin::BooksController < OrbitMemberController
  end

  def edit
-    @members_data = Book.member_data rescue nil
+    if has_access?
+      @members_data = Book.member_data rescue nil
+    else
+      render_401
+    end
  end

  def update
@ -42,12 +46,16 @@ class Admin::BooksController < OrbitMemberController
  end

  def new
-    @book = Book.new
-    @members_data = Book.member_data rescue nil
+    if has_access?
+      @book = Book.new
+      @members_data = Book.member_data rescue nil

-    respond_to do |format|
-      format.html # new.html.erb
-      format.xml  { render :xml => @book }
+      respond_to do |format|
+        format.html # new.html.erb
+        format.xml  { render :xml => @book }
+      end
+    else
+      render_401
    end
  end

@ -65,11 +73,15 @@ class Admin::BooksController < OrbitMemberController
  end

  def book_setting  
-    @set_author_type = BookAuthorType.new(display: 'List')
-    @author_type_url = admin_books_path
-  
-    @set_book_type = BookType.new(display: 'List')
-    @book_type_url = admin_books_path
+    if current_user.is_admin?
+      @set_author_type = BookAuthorType.new(display: 'List')
+      @author_type_url = admin_books_path
+    
+      @set_book_type = BookType.new(display: 'List')
+      @book_type_url = admin_books_path
+    else
+      render_401
+    end
  end

  def destroy
--- a/app/views/admin/books/_writing_book.html.erb
+++ b/app/views/admin/books/_writing_book.html.erb
@ -5,10 +5,10 @@
 		<%= link_to writing_book.create_link, page_for_book(writing_book), target: "blank" %>
 		<div class="quick-edit">
 			<ul class="nav nav-pills hide">
-				<%if current_user.is_admin?%>
+			<% if current_user.is_admin? %>
 				<li><%= link_to t('edit'), edit_admin_book_path(writing_book) %></li>
 				<li><%= link_to t(:delete_), admin_book_path(writing_book), method: :delete, remote: true, data: { confirm: 'Are you sure?' } %></li>
-				<% end -%>
+			<% end %>
 			</ul>
 		</div>
 		</td>
--- a/app/views/admin/books/index.html.erb
+++ b/app/views/admin/books/index.html.erb
@ -13,8 +13,9 @@

 <div class="bottomnav clearfix">
 	<div class="action pull-right">
-	<%= link_to content_tag(:i, nil, :class => 'icon-cog icon-white') + t('setting'), admin_book_setting_path, :class => 'btn btn-primary pull-right' %>
-	<%= link_to content_tag(:i, nil, :class => 'icon-plus icon-white') + t('announcement.add_new'), new_admin_book_path, :class => 'btn btn-primary pull-right' %>
+		<% if current_user.is_admin? %>
+			<%= link_to content_tag(:i, nil, :class => 'icon-cog icon-white') + t('setting'), admin_book_setting_path, :class => 'btn btn-primary pull-right' %>
+		<% end %>
 	</div>
 	<div class="pagination pagination-centered">
    <%= content_tag :div, paginate(@writing_books), class: "pagination pagination-centered" %>
--- a/app/views/plugin/book/_profile.html.erb
+++ b/app/views/plugin/book/_profile.html.erb
@ -32,7 +32,7 @@

 %>

-<% if current_user.is_admin? %>
+<% if has_access? %>
 <div class="list-active">
  <div class="btn-group">
    <%= link_to('Hide', '#', :class => "btn btn-mini list-active-btn disabled", "data-check-action" => "list-be-hide", :rel => data_share_admin_books_path(member_profile_id: params[:id], disable: 'true') ) %>
@ -44,7 +44,7 @@
 <table class="table table-condensed table-striped main-list">
  <thead>
    <tr>
-      <% if current_user.is_admin? %>
+      <% if has_access? %>
      <th><input type="checkbox" /></th>
      <% end -%>
      <th class="span1"><%= t('personal_journal.year') %></th>
@ -59,7 +59,7 @@
  <% @books.each do |book| %> 
      
    <tr id="<%= dom_id book %>" class="<%= book.is_hidden ? "checkHide" : "" %>">
-      <% if is_admin? %>
+      <% if has_access? %>
      <td>
        <%= check_box_tag 'to_change[]', book.id.to_s, false, :class => "list-check" %>
      </td>
@ -67,12 +67,14 @@
      <td><%= book.year %></td>
      <td>
      <%= link_to book.create_link, page_for_book(book), target: "blank"%>
-      <div class="quick-edit">
-        <ul class="nav nav-pills hide">
-          <li><%= link_to t('edit'), edit_admin_book_path(book, member_profile_id: @member.id) %></li>
-          <li><%= link_to t(:delete_), admin_book_path(id: book.id, member_profile_id: @member.id), method: :delete, remote: true, data: { confirm: t('sure?') } %></li>
-        </ul>
-      </div>
+      <% if has_access? %>
+        <div class="quick-edit">
+          <ul class="nav nav-pills hide">
+            <li><%= link_to t('edit'), edit_admin_book_path(book, member_profile_id: @member.id) %></li>
+            <li><%= link_to t(:delete_), admin_book_path(id: book.id, member_profile_id: @member.id), method: :delete, remote: true, data: { confirm: t('sure?') } %></li>
+          </ul>
+        </div>
+      <% end %>

      </td>
      <td><%= book.authors %></td>
@ -83,7 +85,7 @@
  </tbody>
 </table>

-<% if current_user.is_admin? %>
+<% if has_access? %>
 <div class="bottomnav clearfix">

  <div class="action pull-right">