Add authorization

2014-07-31 20:41:24 +08:00 · 2014-07-31 20:41:24 +08:00 · 951be509e5
parent dfe13c1ffb
commit 951be509e5
3 changed files with 19 additions and 9 deletions
--- a/app/controllers/admin/faqs_controller.rb
+++ b/app/controllers/admin/faqs_controller.rb
@ -63,8 +63,12 @@ class Admin::FaqsController < OrbitAdminController

  def edit
    @qa = Qa.find(params[:id])
-    @tags = @module_app.tags
-    @categories = @module_app.categories
+    if can_edit_or_delete?(@qa)
+      @tags = @module_app.tags
+      @categories = @module_app.categories
+    else
+      render_401
+    end
  end

  def update
--- a/app/views/admin/faqs/_index.html.erb
+++ b/app/views/admin/faqs/_index.html.erb
@ -19,8 +19,10 @@
 				<a href="#" target="_blank"><%= qa.title %></a>
 				<div class="quick-edit">
 					<ul class="nav nav-pills">
-						<li><a href="/<%= I18n.locale.to_s %>/admin/faqs/<%= qa.id.to_s %>/edit"><%= t(:edit) %></a></li>
-						<li><a href="/admin/faqs/<%= qa.id.to_s %>" data-method="delete" data-confirm="Are you sure?"><%= t(:delete_) %></a></li>
+						<% if can_edit_or_delete?(qa) %>
+							<li><a href="/<%= I18n.locale.to_s %>/admin/faqs/<%= qa.id.to_s %>/edit"><%= t(:edit) %></a></li>
+							<li><a href="/admin/faqs/<%= qa.id.to_s %>" data-method="delete" data-confirm="Are you sure?"><%= t(:delete_) %></a></li>
+						<% end %>
 					</ul>
 				</div>
 			</td>
--- a/lib/faq/engine.rb
+++ b/lib/faq/engine.rb
@ -13,33 +13,37 @@ module Faq
        data_count 1..10
        side_bar do
          head_label_i18n 'faq.faq', icon_class: "icons-help"
-          available_for [:admin,:manager,:sub_manager]
+          available_for "users"
          active_for_controllers (['admin/faqs'])
          head_link_path "admin_faqs_path"

          context_link 'all',
                :link_path=>"admin_faqs_path" ,
                :priority=>1,
-                :active_for_action=>{'admin/faqs'=>"index"}
+                :active_for_action=>{'admin/faqs'=>"index"},
+                :available_for => 'users'

          context_link 'new_',
                :link_path=>"new_admin_faq_path" ,
                :priority=>2,
-                :active_for_action=>{'admin/faqs'=>"new"}
+                :active_for_action=>{'admin/faqs'=>"new"},
+                :available_for => 'sub_managers'

          context_link 'categories',
                :link_path=>"admin_module_app_categories_path" ,
                :link_arg=>"{:module_app_id=>ModuleApp.find_by(:key=>'faq').id}",
                :priority=>3,
                :active_for_action=>{'admin/faqs'=>'categories'},
-                :active_for_category => 'Faq'
+                :active_for_category => 'Faq',
+                :available_for => 'managers'

          context_link 'tags',
                :link_path=>"admin_module_app_tags_path" ,
                :link_arg=>"{:module_app_id=>ModuleApp.find_by(:key=>'faq').id}",
                :priority=>4,
                :active_for_action=>{'admin/faqs'=>'tags'},
-                :active_for_tag => 'Faq'
+                :active_for_tag => 'Faq',
+                :available_for => 'managers'
      	end
      end
  	end