diff --git a/Gemfile b/Gemfile index abf87c59..3489256d 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ gem 'exception_notification' # Send error trace gem 'execjs' gem 'jquery-rails' gem 'jquery-ui-rails' - +gem "pry", "~> 0.9.10" gem 'kaminari', :git => 'git://github.com/amatsuda/kaminari.git' gem 'mini_magick' diff --git a/Gemfile.lock b/Gemfile.lock index afec15c8..713d414e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -66,6 +66,7 @@ GEM carrierwave (>= 0.5.6) mongoid (~> 2.1) chronic (0.6.7) + coderay (1.0.7) coffee-rails (3.1.1) coffee-script (>= 2.2.0) railties (~> 3.1.0) @@ -114,6 +115,7 @@ GEM i18n (>= 0.4.0) mime-types (~> 1.16) treetop (~> 1.4.8) + method_source (0.8) mime-types (1.17.2) mini_magick (3.4) subexec (~> 0.2.1) @@ -140,6 +142,10 @@ GEM color (>= 1.4.0) transaction-simple (~> 1.3) polyglot (0.3.3) + pry (0.9.10) + coderay (~> 1.0.5) + method_source (~> 0.8) + slop (~> 3.3.1) rack (1.3.6) rack-cache (1.2) rack (>= 0.4) @@ -234,6 +240,7 @@ GEM rack (~> 1.3, >= 1.3.6) rack-protection (~> 1.2) tilt (~> 1.3, >= 1.3.3) + slop (3.3.2) spork (0.9.0) spork (0.9.0-x86-mingw32) win32-process @@ -295,6 +302,7 @@ DEPENDENCIES mongoid-encryptor mongoid-tree nokogiri + pry (~> 0.9.10) radius rails (>= 3.1.0, < 3.2.0) rake diff --git a/app/controllers/admin/ad_banners_controller.rb b/app/controllers/admin/ad_banners_controller.rb index f43c19e5..7f49faf2 100644 --- a/app/controllers/admin/ad_banners_controller.rb +++ b/app/controllers/admin/ad_banners_controller.rb @@ -1,8 +1,10 @@ class Admin::AdBannersController < OrbitBackendController layout "new_admin" - before_filter :authenticate_user! + before_filter :force_order_for_visitor,:only=>[:index] + #before_filter :force_order_for_user,:except => [:index] + before_filter :for_app_sub_manager,:except => [:index] before_filter :for_app_manager,:except => [:index,:show,:update,:realtime_preview] - before_filter :for_app_sub_manager + def rename @ad_banner = AdBanner.find(params[:id]) diff --git a/app/controllers/admin/dashboards_controller.rb b/app/controllers/admin/dashboards_controller.rb index 991f19af..cd00b49d 100644 --- a/app/controllers/admin/dashboards_controller.rb +++ b/app/controllers/admin/dashboards_controller.rb @@ -1,7 +1,7 @@ -class Admin::DashboardsController < ApplicationController - +class Admin::DashboardsController < OrbitBackendController layout "new_admin" - before_filter :authenticate_user! + #before_filter :set_current_user + #before_filter :authenticate_user!, :except => [:index] # before_filter :is_admin? def index diff --git a/app/controllers/admin/tags_controller.rb b/app/controllers/admin/tags_controller.rb index d8d59f52..cd5e00c9 100644 --- a/app/controllers/admin/tags_controller.rb +++ b/app/controllers/admin/tags_controller.rb @@ -1,9 +1,13 @@ -class Admin::TagsController < ApplicationController +class Admin::TagsController < OrbitBackendController + before_filter :force_order_for_visitor,:only=>[:index] + before_filter :force_order_for_user,:except => [:index] + before_filter :for_app_sub_manager,:except => [:index] - layout 'new_admin' - before_filter :authenticate_user! - before_filter :is_admin? - before_filter :set_module_app + + # layout 'new_admin' + # before_filter :authenticate_user! + # before_filter :is_admin? + # before_filter :set_module_app def index get_tags diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 5fd9de5c..eed363b3 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -9,7 +9,7 @@ class ApplicationController < ActionController::Base before_filter :set_locale, :set_site def set_current_user - User.current = current_user + User.current = current_or_guest_user end def front_end_available(module_app_title='') @@ -50,11 +50,26 @@ class ApplicationController < ActionController::Base # Check if the current_user is admin def is_admin? - current_user.admin? ? true : auth_failed_in_backend + current_or_guest_user.admin? ? true : auth_failed_in_backend end def is_manager? - @module_app.managing_users.include?(current_user) || is_admin? + @module_app.is_manager?(current_or_guest_user) || is_admin? + end + + # Check if the current_user is admin + def is_member? + if (current_user rescue false) + return true + end + return false + end + + def is_guest? + if session[:guest_user_id] + return true + end + return false end def for_admin_only @@ -76,7 +91,7 @@ class ApplicationController < ActionController::Base end def for_app_sub_manager - if (@module_app.sub_managing_users.include?(current_user) || is_manager?) + if (@module_app.sub_managing_users.include?(current_or_guest_user) || is_manager?) true else flash[:error] = t("admin.access.denied.app.not_sub_manager") @@ -85,7 +100,7 @@ class ApplicationController < ActionController::Base end def for_app_user - if (@module_app.app_auth.auth_users.include?(current_user) || for_app_sub_manager ) + if (@module_app.app_auth.auth_users.include?(current_or_guest_user) || for_app_sub_manager ) true else flash[:error] = t("admin.access.denied.app.not_authed_user") @@ -95,7 +110,7 @@ class ApplicationController < ActionController::Base def check_object_premission(obj,title) flash[:error] = t("admin.access.denied.object") - auth_failed_in_backend unless (obj.get_object_auth_by_title(title).auth_users.include?(current_user) || is_manager? || is_admin? ) + auth_failed_in_backend unless (obj.get_object_auth_by_title(title).auth_users.include?(current_or_guest_user) || is_manager? || is_admin? ) end # Render the page @@ -177,5 +192,16 @@ class ApplicationController < ActionController::Base [shift_out] + a end end + # called (once) when the user logs in, insert any code your application needs + # to hand off from guest_user to current_user. + def logging_in + # For example: + # guest_comments = guest_user.comments.all + # guest_comments.each do |comment| + # comment.user_id = current_user.id + # comment.save + # end + end + end diff --git a/app/controllers/orbit_backend_controller.rb b/app/controllers/orbit_backend_controller.rb index 28f99fa2..57b03c14 100644 --- a/app/controllers/orbit_backend_controller.rb +++ b/app/controllers/orbit_backend_controller.rb @@ -1,12 +1,12 @@ class OrbitBackendController< ApplicationController - before_filter :force_order,:except => [:public] - before_filter :setup_vars - before_filter :set_current_user + #before_filter :setup_vars + #before_filter :set_current_user # before_filter {|c| c.front_end_available(@app_title)} # before_filter :check_user_can_use include OrbitCoreLib::PermissionUnility include AdminHelper + include ApplicationHelper layout 'new_admin' @@ -18,8 +18,16 @@ class OrbitBackendController< ApplicationController end private - - def force_order + + def force_order_for_visitor + setup_vars + set_current_user + end + + + def force_order_for_user + setup_vars + set_current_user authenticate_user! check_user_can_use end diff --git a/app/helpers/admin_helper.rb b/app/helpers/admin_helper.rb index 021687da..d6e54c1f 100644 --- a/app/helpers/admin_helper.rb +++ b/app/helpers/admin_helper.rb @@ -7,15 +7,15 @@ module AdminHelper # Check if the current_user is manager in current module app def is_manager? - @module_app.is_manager?(current_user) || is_admin? + @module_app.is_manager?(current_or_guest_user) || is_admin? end # Check if the current_user is sub manager in current module app def is_sub_manager? - @module_app.is_sub_manager?(current_user)|| is_admin? + @module_app.is_sub_manager?(current_or_guest_user)|| is_admin? end def is_admin? - current_user.admin? + current_or_guest_user.admin? end end \ No newline at end of file diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 0ed5a1bd..301275b0 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -2,6 +2,37 @@ module ApplicationHelper FLASH_NOTICE_KEYS = [:error, :notice, :warning] + def create_guest_user + u = User.create(:name => "guest", :email => "guest_#{Time.now.to_i}#{rand(99)}@example.com") + u.admin = false + u.save(:validate => false) + u + end + + # if user is logged in, return current_user, else return guest_user + def current_or_guest_user + if current_user + if session[:guest_user_id] + logging_in + guest_user.destroy + session[:guest_user_id] = nil + end + current_user + else + guest_user + end + end + + + # find guest_user object associated with the current session, + # creating one as needed + def guest_user + User.find(session[:guest_user_id].nil? ? session[:guest_user_id] = create_guest_user.id : session[:guest_user_id]) + end + + + + def colorize_in_use_locale(locale) @site_in_use_locales.include?(locale)? 'green' : 'red' end @@ -200,10 +231,6 @@ module ApplicationHelper display_visitors(created_at: {'$gte' => Date.today.beginning_of_year, '$lte' => Date.today.end_of_year}) end - def at_least_module_manager - is_manager? || is_admin? - end - def display_date_time(object) object.strftime("%Y-%m-%d %H:%M") end diff --git a/app/models/site.rb b/app/models/site.rb index 0baa743f..c117bceb 100644 --- a/app/models/site.rb +++ b/app/models/site.rb @@ -12,7 +12,7 @@ class Site field :private_key, :type => Binary field :public_key, :type => Binary field :title_always_on, :type => Boolean, :default => false - + field :dashbroad_allow_visitor, :type => Boolean, :default => false field :mail_settings, :type => Hash field :school diff --git a/app/views/layouts/_side_bar.html.erb b/app/views/layouts/_side_bar.html.erb index 73b5191a..7e9ef1f6 100644 --- a/app/views/layouts/_side_bar.html.erb +++ b/app/views/layouts/_side_bar.html.erb @@ -9,9 +9,9 @@ <%= link_to content_tag(:i, nil, :class => 'icons-announcement') + t('admin.announcement'), panel_announcement_back_end_bulletins_path %> <%= content_tag :ul, :class => ("nav nav-list " + (visible_for_controllers('bulletins', '/panel/announcement/back_end/tags', 'bulletin_categorys', 'approvals')||active_for_ob_auths_object("BulletinCategory"))) do -%> <%= content_tag :li, link_to(t('announcement.all_articles'), panel_announcement_back_end_bulletins_path), :class => active_for_action('bulletins', 'index') %> - <%= content_tag :li, link_to(t('announcement.add_new'), new_panel_announcement_back_end_bulletin_path), :class => active_for_action('bulletins', 'new') %> - <%= content_tag :li, link_to(t('announcement.categories'), panel_announcement_back_end_bulletin_categorys_path), :class =>( active_for_action('bulletin_categorys', 'index') || active_for_ob_auths_object("BulletinCategory") ) %> - <%= content_tag :li, link_to(t('announcement.tags'), panel_announcement_back_end_tags_path), :class => active_for_action('/panel/announcement/back_end/tags', 'index') %> + <%= content_tag :li, link_to(t('announcement.add_new'), new_panel_announcement_back_end_bulletin_path), :class => active_for_action('bulletins', 'new') if (is_manager? rescue nil) %> + <%= content_tag :li, link_to(t('announcement.categories'), panel_announcement_back_end_bulletin_categorys_path), :class =>( active_for_action('bulletin_categorys', 'index') || active_for_ob_auths_object("BulletinCategory") )if (is_manager? rescue nil) %> + <%= content_tag :li, link_to(t('announcement.tags'), panel_announcement_back_end_tags_path), :class => active_for_action('/panel/announcement/back_end/tags', 'index')if (is_manager? rescue nil) %> <%= content_tag :li, link_to(t('announcement.bulletin.approval_setting'), panel_announcement_back_end_approval_setting_path), :class => active_for_action('approvals', 'setting') if (is_manager? rescue nil) %> <%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "Announcement"}))), :class => active_for_app_auth('Announcement') if (is_admin? rescue nil) %> @@ -23,9 +23,9 @@ <%= link_to content_tag(:i, nil, :class => 'icons-announcement') + t('admin.news'), panel_news_back_end_news_bulletins_path %> <%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('news_bulletins', '/panel/news/back_end/tags', 'news_bulletin_categorys', 'news_approvals')) do -%> <%= content_tag :li, link_to(t('announcement.all_articles'), panel_news_back_end_news_bulletins_path), :class => active_for_action('news_bulletins', 'index') %> - <%= content_tag :li, link_to(t('announcement.add_new'), new_panel_news_back_end_news_bulletin_path), :class => active_for_action('news_bulletins', 'new') %> - <%= content_tag :li, link_to(t('announcement.categories'), panel_news_back_end_news_bulletin_categorys_path), :class => active_for_action('news_bulletin_categorys', 'index') || active_for_ob_auths_object("NewsBulletinCategory") %> - <%= content_tag :li, link_to(t('announcement.tags'), panel_news_back_end_tags_path), :class => active_for_action('/panel/news/back_end/tags', 'index') %> + <%= content_tag :li, link_to(t('announcement.add_new'), new_panel_news_back_end_news_bulletin_path), :class => active_for_action('news_bulletins', 'new') if (is_manager? rescue nil) %> + <%= content_tag :li, link_to(t('announcement.categories'), panel_news_back_end_news_bulletin_categorys_path), :class => active_for_action('news_bulletin_categorys', 'index') || active_for_ob_auths_object("NewsBulletinCategory") if (is_manager? rescue nil) %> + <%= content_tag :li, link_to(t('announcement.tags'), panel_news_back_end_tags_path), :class => active_for_action('/panel/news/back_end/tags', 'index') if (is_manager? rescue nil)%> <%= content_tag :li, link_to(t('announcement.bulletin.approval_setting'), panel_news_back_end_approval_setting_path), :class => active_for_action('news_approvals', 'setting') if (is_manager? rescue nil) %> <%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {key: "news"}))), :class => active_for_app_auth('news') if (is_admin? rescue nil) %> <% end -%> @@ -60,9 +60,9 @@ <%= link_to content_tag(:i, nil, :class => 'icons-link') + t('admin.link'), panel_web_resource_back_end_web_links_path %> <%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys')) do -%> <%= content_tag :li, link_to(t('admin.all_articles'), panel_web_resource_back_end_web_links_path), :class => active_for_action('web_links', 'index') %> - <%= content_tag :li, link_to(t('announcement.add_new'), new_panel_web_resource_back_end_web_link_path), :class => active_for_action('web_links', 'new') %> - <%= content_tag :li, link_to(t('announcement.categories'), panel_web_resource_back_end_web_link_categorys_path), :class => (active_for_action('web_link_categorys', 'index') || active_for_ob_auths_object("WebLinkCategory")) %> - <%= content_tag :li, link_to(t('announcement.tags'), panel_web_resource_back_end_tags_path), :class => active_for_action('/panel/web_resource/back_end/tags', 'index') %> + <%= content_tag :li, link_to(t('announcement.add_new'), new_panel_web_resource_back_end_web_link_path), :class => active_for_action('web_links', 'new') if (is_manager? rescue nil)%> + <%= content_tag :li, link_to(t('announcement.categories'), panel_web_resource_back_end_web_link_categorys_path), :class => (active_for_action('web_link_categorys', 'index') || active_for_ob_auths_object("WebLinkCategory")) if (is_manager? rescue nil)%> + <%= content_tag :li, link_to(t('announcement.tags'), panel_web_resource_back_end_tags_path), :class => active_for_action('/panel/web_resource/back_end/tags', 'index') if (is_manager? rescue nil)%> <%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "web_resource"}))), :class => active_for_app_auth('web_resource') if (is_admin? rescue nil) %> <% end -%> <% end -%> diff --git a/config/mongoid.yml b/config/mongoid.yml index fb792d6b..42da4fb9 100644 --- a/config/mongoid.yml +++ b/config/mongoid.yml @@ -9,8 +9,7 @@ defaults: &defaults development: <<: *defaults # database: prototype_r4_development - database: demo_site_development - + database: desktop test: <<: *defaults database: prototype_r4_test diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb index f3cd2cd5..fd08f9bd 100644 --- a/lib/orbit_core_lib.rb +++ b/lib/orbit_core_lib.rb @@ -79,19 +79,18 @@ module OrbitCoreLib module PermissionUnility private def check_permission(type = :use) - setup_vars - permission_grant = current_user.admin?? true : false + permission_grant = current_or_guest_user.admin?? true : false module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app unless permission_grant permission_grant = case type when :use users_ary = module_app.app_auth.auth_users rescue nil users_ary = [] if users_ary.nil? - (users_ary.include?(current_user) || module_app.is_manager?(current_user) || module_app.is_sub_manager?(current_user)) + (users_ary.include?(current_or_guest_user) || module_app.is_manager?(current_or_guest_user) || module_app.is_sub_manager?(current_or_guest_user)) when :manager - module_app.is_manager?(current_user) + module_app.is_manager?(current_or_guest_user) when :sub_manager - module_app.is_manager?(current_user) || module_app.is_sub_manager?(current_user) + module_app.is_manager?(current_or_guest_user) || module_app.is_sub_manager?(current_or_guest_user) end end permission_grant diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb index d11ea301..fef404c0 100644 --- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb +++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb @@ -1,9 +1,13 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController - - before_filter :authenticate_user! + #before_filter :authenticate_user!, :except => [:index] # before_filter :for_admin_only,:only => [:] # before_filter :for_app_manager,:only => [:index,:show,] + before_filter :force_order_for_visitor,:only=>[:index,:show,:get_sorted_and_filtered_bulletins] + before_filter :force_order_for_user,:except => [:index,:show,:get_sorted_and_filtered_bulletins] before_filter :for_app_sub_manager,:except => [:index,:show,:get_sorted_and_filtered_bulletins] + + + def index # @bulletins = Bulletin.all # @bulletins = Bulletin.desc("postdate desc") diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb index 8f879e79..2e7d5245 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb @@ -1,6 +1,6 @@