add authorization

This commit is contained in:
manson 2014-08-01 12:23:36 +08:00
parent d441bf2135
commit 9577859d45
4 changed files with 18 additions and 11 deletions

View File

@ -1,4 +1,6 @@
class Admin::HonorTypesController < OrbitAdminController class Admin::HonorTypesController < OrbitMemberController
before_action :allow_admin_only
def new def new
@honor_type = HonorType.new @honor_type = HonorType.new
@url = admin_honor_types_path(@honor_type) @url = admin_honor_types_path(@honor_type)

View File

@ -4,6 +4,9 @@ class Admin::HonorsController < OrbitMemberController
before_action :set_plugin before_action :set_plugin
before_action :get_settings,:only => [:new, :edit, :setting] before_action :get_settings,:only => [:new, :edit, :setting]
before_action :need_access_right
before_action :allow_admin_only, :only => [:index, :setting]
def index def index
@honors = Honor.order_by(:year=>'desc').page(params[:page]).per(10) @honors = Honor.order_by(:year=>'desc').page(params[:page]).per(10)
end end
@ -17,7 +20,7 @@ class Admin::HonorsController < OrbitMemberController
@member = MemberProfile.find(honor_params['member_profile_id']) rescue nil @member = MemberProfile.find(honor_params['member_profile_id']) rescue nil
@honor = Honor.new(honor_params) @honor = Honor.new(honor_params)
@honor.save @honor.save
redirect_to URI.encode('/admin/members/'+@member.to_param+'/Honor') redirect_to params['referer_url']
end end
def edit def edit
@ -30,7 +33,7 @@ class Admin::HonorsController < OrbitMemberController
@honor = Honor.find(params[:id]) @honor = Honor.find(params[:id])
@honor.update_attributes(honor_params) @honor.update_attributes(honor_params)
@honor.save @honor.save
redirect_to URI.encode('/admin/members/'+@member.to_param+'/Honor') redirect_to params['referer_url']
end end
def destroy def destroy

View File

@ -153,6 +153,7 @@
<!-- Form Actions --> <!-- Form Actions -->
<div class="form-actions"> <div class="form-actions">
<%= f.hidden_field :user_id, :value => params[:user_id] if !params[:user_id].blank? %> <%= f.hidden_field :user_id, :value => params[:user_id] if !params[:user_id].blank? %>
<input type="hidden" name="referer_url" value="<%= request.referer %>">
<%= f.submit t('submit'), class: 'btn btn-primary' %> <%= f.submit t('submit'), class: 'btn btn-primary' %>
<%= link_to t('cancel'), get_go_back, :class=>"btn" %> <%= link_to t('cancel'), get_go_back, :class=>"btn" %>
</div> </div>

View File

@ -6,15 +6,14 @@
<% end %> <% end %>
<% <%
is_autorized_user = (current_user==@member.user || current_user.is_admin?) if has_access?
if is_autorized_user
@honors = Honor.where(member_profile_id: @member.id).desc(:year).page(params[:page]).per(10) @honors = Honor.where(member_profile_id: @member.id).desc(:year).page(params[:page]).per(10)
else else
@honors = Honor.where(is_hidden: false, member_profile_id: @member.id).desc(:year).page(params[:page]).per(10) @honors = Honor.where(is_hidden: false, member_profile_id: @member.id).desc(:year).page(params[:page]).per(10)
end end
%> %>
<% if is_autorized_user %> <% if has_access? %>
<div class="list-active"> <div class="list-active">
<div class="btn-group"> <div class="btn-group">
<%= link_to('Hide', '#', :class => "btn btn-mini list-active-btn disabled", "data-check-action" => "list-be-hide", :rel => toggle_hide_admin_honors_path(member_profile_id: params[:id], disable: 'true') ) %> <%= link_to('Hide', '#', :class => "btn btn-mini list-active-btn disabled", "data-check-action" => "list-be-hide", :rel => toggle_hide_admin_honors_path(member_profile_id: params[:id], disable: 'true') ) %>
@ -26,7 +25,7 @@
<table class="table table-condensed table-striped main-list"> <table class="table table-condensed table-striped main-list">
<thead> <thead>
<tr> <tr>
<% if is_autorized_user %> <% if has_access? %>
<th><input type="checkbox" /></th> <th><input type="checkbox" /></th>
<% end -%> <% end -%>
<th class="span3"><%= t('personal_honor.year') %></th> <th class="span3"><%= t('personal_honor.year') %></th>
@ -38,7 +37,7 @@
<tbody> <tbody>
<% @honors.each do |honor| %> <% @honors.each do |honor| %>
<tr id="<%= dom_id honor %>" class="<%= honor.is_hidden ? "checkHide" : "" %>"> <tr id="<%= dom_id honor %>" class="<%= honor.is_hidden ? "checkHide" : "" %>">
<% if is_autorized_user %> <% if has_access? %>
<td> <td>
<%= check_box_tag 'to_change[]', honor.id.to_s, false, :class => "list-check" %> <%= check_box_tag 'to_change[]', honor.id.to_s, false, :class => "list-check" %>
</td> </td>
@ -48,8 +47,10 @@
<%= link_to honor.award_name, OrbitHelper.url_to_plugin_show(honor.to_param,'personal_honor'), target: "blank"%> <%= link_to honor.award_name, OrbitHelper.url_to_plugin_show(honor.to_param,'personal_honor'), target: "blank"%>
<div class="quick-edit"> <div class="quick-edit">
<ul class="nav nav-pills hide"> <ul class="nav nav-pills hide">
<li><%= link_to t('edit'), '/admin/members/'+@member.to_param+'/honors/'+honor.id+'/edit' %></li> <% if has_access? %>
<li><%= link_to t(:delete_), admin_honor_path(id: honor.id, member_profile_id: @member.id), method: :delete, remote: true, data: { confirm: t('sure?') } %></li> <li><%= link_to t('edit'), '/admin/members/'+@member.to_param+'/honors/'+honor.id+'/edit' %></li>
<li><%= link_to t(:delete_), admin_honor_path(id: honor.id, member_profile_id: @member.id), method: :delete, remote: true, data: { confirm: t('sure?') } %></li>
<% end %>
</ul> </ul>
</div> </div>
</td> </td>
@ -62,7 +63,7 @@
<div class="bottomnav clearfix"> <div class="bottomnav clearfix">
<% if is_autorized_user %> <% if has_access? %>
<div class="action pull-right"> <div class="action pull-right">
<%= link_to content_tag(:i, nil, :class => 'icon-edit') +' '+ t('setting'),'/admin/members/'+@member.to_param+'/honors/frontend_setting', :class => 'btn btn-primary' %> <%= link_to content_tag(:i, nil, :class => 'icon-edit') +' '+ t('setting'),'/admin/members/'+@member.to_param+'/honors/frontend_setting', :class => 'btn btn-primary' %>
<%= link_to content_tag(:i, nil, :class => 'icon-plus') +' '+ t('new_'), <%= link_to content_tag(:i, nil, :class => 'icon-plus') +' '+ t('new_'),