Fix for NCCU 0430 all functions ok with two submanagers but different behavors

app/controllers/admin/dashboards_controller.rb

@@ -2,7 +2,7 @@ class Admin::DashboardsController < ApplicationController
   
   layout "new_admin"
   before_filter :authenticate_user!
-  before_filter :is_admin?
+#  before_filter :is_admin?
   
   def index
   end

app/controllers/admin/designs_controller.rb

@@ -5,7 +5,8 @@ class Admin::DesignsController < ApplicationController
 
   layout "new_admin"
   before_filter :authenticate_user!
-  before_filter :is_admin?
+  before_filter :is_admin? 
+  before_filter :for_admin_only
 
   def upload_package
     if !params[:design].nil?

app/controllers/application_controller.rb

@@ -39,9 +39,59 @@ class ApplicationController < ActionController::Base
     @parent_item  = Item.first(:conditions => { :id => BSON::ObjectId(params[:parent_id]) }) rescue nil
   end
   
+  def auth_failed_in_backend
+     redirect_to admin_dashboards_url 
+  end
+  
   # Check if the current_user is admin
   def is_admin?
-    redirect_to root_url unless current_user.admin?
+    
+    auth_failed_in_backend unless current_user.admin?
+  end
+  
+  def is_manager?
+     @module_app.managing_users.include?(current_user) || is_admin?
+  end
+  
+  def for_admin_only
+    if is_admin?
+      true
+    else
+    flash[:notice] = "Access Denied for you are not Admin"
+    auth_failed_in_backend
+    end
+  end
+  
+  def for_app_manager
+    if is_manager?
+      true
+    else
+    flash[:notice] = "Access Denied for you are not Manager for this app"
+    auth_failed_in_backend
+  end
+  end
+  
+  def for_app_sub_manager
+    if (@module_app.sub_managing_users.include?(current_user) || is_manager?)
+      true
+    else
+    flash[:notice] = "Access Denied for you are not SubManager for this app"    
+    auth_failed_in_backend
+  end
+  end
+
+  def for_app_user
+    if (@module_app.app_auth.auth_users.include?(current_user) || for_app_sub_manager )
+      true
+    else
+    flash[:notice] = "Access Denied for you are not User for this app"
+    auth_failed_in_backend
+  end
+  end
+
+  def check_object_premission(obj,title)
+    flash[:notice] = "Access Denied for you don't have permission for this object"
+    auth_failed_in_backend unless (obj.get_object_auth_by_title(title).auth_users.include?(current_user) || is_manager? || is_admin? )
   end
   
   # Render the page

app/helpers/orbit_backend_helper.rb

@@ -25,9 +25,9 @@ module OrbitBackendHelper
       content_tag :thead do
         content_tag :tr, :class => "sort-header" do
           concat (content_tag :th, :class => "span1 strong" do
-                      concat check_box_tag :check_all
-                      concat link_to content_tag(:i, nil, :class => "icon-trash"), '#', :class => "list-remove"
-                    end) if delete_all
+            concat check_box_tag :check_all
+            concat link_to content_tag(:i, nil, :class => "icon-trash"), '#', :class => "list-remove"
+           end) if delete_all && is_manager?
           titles.each do |title|
             concat render_title(title[0], title[1], title[2], title[3])
           end

app/views/admin/dashboards/index.html.erb

@@ -1,3 +1,5 @@
+<%= flash_messages %>
+
 <div id="isotope">
     <div class="item element">
         <h3><i class="icons-content"></i><a href=""><%= t(:content) %></a></h3>

app/views/layouts/_side_bar.html.erb

@@ -1,6 +1,10 @@
 <%#= content_tag :li, :class => active_for_controllers('purchases') do -%>
 	<%#= link_to content_tag(:i, nil, :class => 'icons-purchase') + t('admin.purchase'), admin_purchases_path %>
 <%# end -%>
+<% content_for :page_specific_javascript do %>
+	<%= javascript_include_tag "/static/kernel.js"  %>
+<% end %>
+<%= flash_messages %>
 
 <%= content_tag :li, :class => active_for_controllers('bulletins', '/panel/announcement/back_end/tags', 'bulletin_categorys','module_apps', 'approvals') do -%>
 	<%= link_to content_tag(:i, nil, :class => 'icons-announcement') + t('admin.announcement'), panel_announcement_back_end_bulletins_path %>

public/static/kernel.js

@@ -1,4 +1,5 @@
 $(document).ready(function() {
+	$.each($(".notice"),function(k,v){ alert("EMPTY Cate");});
 	
 	$.each($(".dymanic_load"),function(){
 		if($(this).attr("path")==''){$(this).html("App setting Failed");} 

vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/approvals_controller.rb

@@ -1,5 +1,6 @@
 class Panel::Announcement::BackEnd::ApprovalsController  < OrbitBackendController
   before_filter :authenticate_user!
+  before_filter :is_admin?
   include AdminHelper
   # layout 'admin'
   

vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletin_categorys_controller.rb

@@ -1,5 +1,7 @@
 class Panel::Announcement::BackEnd::BulletinCategorysController < OrbitBackendController
-  
+  before_filter :for_app_manager,:except => [:index] 
+
+
   def index
     @bulletin_categorys = BulletinCategory.all
     @bulletin_category = BulletinCategory.new(:display => 'List')

vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb

@@ -1,8 +1,9 @@
 class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
   
   before_filter :authenticate_user!
-  before_filter :is_admin?
-
+#  before_filter :for_admin_only,:only => [:]
+#  before_filter :for_app_manager,:only => [:index,:show,] 
+  before_filter :for_app_sub_manager,:except => [:index,:show,:get_sorted_and_filtered_bulletins]
   def index
     # @bulletins = Bulletin.all
     # @bulletins = Bulletin.desc("postdate desc")
@@ -42,6 +43,10 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
     @bulletin_file = BulletinFile.new
     @file_url = panel_announcement_back_end_bulletins_path
 	
+	  @bulletins.delete_if{ |bulletin|
+	    bulletin.is_pending == true && (!bulletin.bulletin_category.authed_users('fact_check').include?(current_user) || bulletin.create_user_id!=current_user.id)
+	    }
+
     respond_to do |format|
       format.html # index.html.erb
       format.js { }
@@ -79,14 +84,17 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
     
 	# @bulletin.bulletin_files.build
 	# @bulletin.bulletin_files.new
-	
-	get_categorys
-	get_tags
 
-    respond_to do |format|
-      format.html # new.html.erb
-      format.xml  { render :xml => @bulletin }
-    end
+	if get_categorys.empty?
+	  flash[:notice] = "You dont have any permission for post on cate"
+    redirect_to :action => :index
+  else
+	  get_tags
+      respond_to do |format|
+        format.html # new.html.erb
+        format.xml  { render :xml => @bulletin }
+      end
+  	end
   end
 
   # GET /bulletins/1/edit
@@ -314,7 +322,7 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
     if(is_manager? || is_admin?)
       @bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.excludes('disabled' => true))
     elsif is_sub_manager?
-      @bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit_new')
+      @bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit')
     end
   end
   

vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb

@@ -4,10 +4,13 @@
 			<%= bulletin_category.key %>
 			<div class="quick-edit">
 				<ul class="nav nav-pills hide">
-					<li><%= link_to t('bulletin_category.edit'), edit_panel_announcement_back_end_bulletin_category_path(bulletin_category), :remote => true %></li>
-					<li><%= show_submit_permission_link(bulletin_category) %></li>
-					<li><%= link_to t('bulletin_category.delete'), panel_announcement_back_end_bulletin_category_path(bulletin_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
-					
+					<%if is_manager? || is_admin? %>
+						<li><%= show_submit_permission_link(bulletin_category) %></li>
+					<% end %>
+					<% if is_admin?%>
+						<li><%= link_to t('bulletin_category.edit'), edit_panel_announcement_back_end_bulletin_category_path(bulletin_category), :remote => true %></li>
+						<li><%= link_to t('bulletin_category.delete'), panel_announcement_back_end_bulletin_category_path(bulletin_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
+					<% end %>
 					
 				</ul>
 			</div>

vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb

@@ -35,7 +35,7 @@
 	</tbody>
 </table>
 
-<div id="form"><%= render :partial => "form" %></div>
+<div id="form"><%= render :partial => "form" if is_manager?%></div>
 
 
 

vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb

@@ -1,5 +1,8 @@
 <tr id="<%= dom_id bulletin %>" class="with_action">
-	<td><%= check_box_tag 'to_delete[]', bulletin.id, false, :class => "checkbox_in_list" %></td>
+	<td>
+		<% if (bulletin.create_user_id ==  current_user.id) || is_manager? %>
+			<%= check_box_tag 'to_delete[]', bulletin.id, false, :class => "checkbox_in_list" %>
+		<% end -%>
 	<td>
 		<div class="label-group">
 			<div class="label-td">
@@ -27,8 +30,11 @@
 	<td><%= bulletin.bulletin_category.i18n_variable[I18n.locale] %></td>
 	<td>
 		<%= link_to bulletin.title[I18n.locale], panel_announcement_front_end_bulletin_path(bulletin, :category_id => bulletin.bulletin_category.id) rescue ''%>
+		
 		<div class="quick-edit">
 			<ul class="nav nav-pills hide">
+				<% if (bulletin.create_user_id ==  current_user.id) || is_manager? %>
+				
 				<% if current_user.admin? || (!bulletin.is_rejected? && !bulletin.is_checked?) %>
 					<li><%= link_to t('bulletin.edit'), edit_panel_announcement_back_end_bulletin_path(bulletin) %></li>
 					<li class="dropdown">
@@ -43,11 +49,13 @@
 					</li>
 					<%#= debugger  %>
 					<%#= a=1 %>
-					<% if show_approval_link(bulletin) %>
-					<li><%= link_to t('announcement.bulletin.approval'), edit_panel_announcement_back_end_bulletin_path(bulletin)   %></li><%#= #TODO add ancher so user can quick access into that part %>
-					<% end %>			
+	
 				<% end %>
 				<li class="dropdown"><%= link_to t('bulletin.delete'), panel_announcement_back_end_bulletin_path(bulletin), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
+				<% end -%>
+				<% if show_approval_link(bulletin) %>
+				<li><%= link_to t('announcement.bulletin.approval'), edit_panel_announcement_back_end_bulletin_path(bulletin)   %></li><%#= #TODO add ancher so user can quick access into that part %>
+				<% end %>
 			</ul>
 		</div>
 	</td>

vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_sort_headers.html.erb

@@ -4,4 +4,4 @@
 													['start_date', 'postdate', 'span1-2', 'bulletin.start_date'],
 													['end_date', 'deadline', 'span1-2', 'bulletin.end_date'],
 													['tags', 'tags', 'span1-2', 'bulletin.tags'],
-													['last_modified', 'update_user_id','span1-3', 'bulletin.last_modified']).html_safe %>
+													['last_modified', 'update_user_id','span1-3', 'bulletin.last_modified']).html_safe %>