Fix for NCCU 0430 all functions ok with two submanagers but different behavors

This commit is contained in:
Matthew K. Fu JuYuan 2012-04-30 03:14:15 +08:00 committed by Christophe Vilayphiou
parent 45e21f9569
commit 05ded8de03
14 changed files with 107 additions and 27 deletions

View File

@ -2,7 +2,7 @@ class Admin::DashboardsController < ApplicationController
layout "new_admin" layout "new_admin"
before_filter :authenticate_user! before_filter :authenticate_user!
before_filter :is_admin? # before_filter :is_admin?
def index def index
end end

View File

@ -5,7 +5,8 @@ class Admin::DesignsController < ApplicationController
layout "new_admin" layout "new_admin"
before_filter :authenticate_user! before_filter :authenticate_user!
before_filter :is_admin? before_filter :is_admin?
before_filter :for_admin_only
def upload_package def upload_package
if !params[:design].nil? if !params[:design].nil?

View File

@ -39,9 +39,59 @@ class ApplicationController < ActionController::Base
@parent_item = Item.first(:conditions => { :id => BSON::ObjectId(params[:parent_id]) }) rescue nil @parent_item = Item.first(:conditions => { :id => BSON::ObjectId(params[:parent_id]) }) rescue nil
end end
def auth_failed_in_backend
redirect_to admin_dashboards_url
end
# Check if the current_user is admin # Check if the current_user is admin
def is_admin? def is_admin?
redirect_to root_url unless current_user.admin?
auth_failed_in_backend unless current_user.admin?
end
def is_manager?
@module_app.managing_users.include?(current_user) || is_admin?
end
def for_admin_only
if is_admin?
true
else
flash[:notice] = "Access Denied for you are not Admin"
auth_failed_in_backend
end
end
def for_app_manager
if is_manager?
true
else
flash[:notice] = "Access Denied for you are not Manager for this app"
auth_failed_in_backend
end
end
def for_app_sub_manager
if (@module_app.sub_managing_users.include?(current_user) || is_manager?)
true
else
flash[:notice] = "Access Denied for you are not SubManager for this app"
auth_failed_in_backend
end
end
def for_app_user
if (@module_app.app_auth.auth_users.include?(current_user) || for_app_sub_manager )
true
else
flash[:notice] = "Access Denied for you are not User for this app"
auth_failed_in_backend
end
end
def check_object_premission(obj,title)
flash[:notice] = "Access Denied for you don't have permission for this object"
auth_failed_in_backend unless (obj.get_object_auth_by_title(title).auth_users.include?(current_user) || is_manager? || is_admin? )
end end
# Render the page # Render the page

View File

@ -25,9 +25,9 @@ module OrbitBackendHelper
content_tag :thead do content_tag :thead do
content_tag :tr, :class => "sort-header" do content_tag :tr, :class => "sort-header" do
concat (content_tag :th, :class => "span1 strong" do concat (content_tag :th, :class => "span1 strong" do
concat check_box_tag :check_all concat check_box_tag :check_all
concat link_to content_tag(:i, nil, :class => "icon-trash"), '#', :class => "list-remove" concat link_to content_tag(:i, nil, :class => "icon-trash"), '#', :class => "list-remove"
end) if delete_all end) if delete_all && is_manager?
titles.each do |title| titles.each do |title|
concat render_title(title[0], title[1], title[2], title[3]) concat render_title(title[0], title[1], title[2], title[3])
end end

View File

@ -1,3 +1,5 @@
<%= flash_messages %>
<div id="isotope"> <div id="isotope">
<div class="item element"> <div class="item element">
<h3><i class="icons-content"></i><a href=""><%= t(:content) %></a></h3> <h3><i class="icons-content"></i><a href=""><%= t(:content) %></a></h3>

View File

@ -1,6 +1,10 @@
<%#= content_tag :li, :class => active_for_controllers('purchases') do -%> <%#= content_tag :li, :class => active_for_controllers('purchases') do -%>
<%#= link_to content_tag(:i, nil, :class => 'icons-purchase') + t('admin.purchase'), admin_purchases_path %> <%#= link_to content_tag(:i, nil, :class => 'icons-purchase') + t('admin.purchase'), admin_purchases_path %>
<%# end -%> <%# end -%>
<% content_for :page_specific_javascript do %>
<%= javascript_include_tag "/static/kernel.js" %>
<% end %>
<%= flash_messages %>
<%= content_tag :li, :class => active_for_controllers('bulletins', '/panel/announcement/back_end/tags', 'bulletin_categorys','module_apps', 'approvals') do -%> <%= content_tag :li, :class => active_for_controllers('bulletins', '/panel/announcement/back_end/tags', 'bulletin_categorys','module_apps', 'approvals') do -%>
<%= link_to content_tag(:i, nil, :class => 'icons-announcement') + t('admin.announcement'), panel_announcement_back_end_bulletins_path %> <%= link_to content_tag(:i, nil, :class => 'icons-announcement') + t('admin.announcement'), panel_announcement_back_end_bulletins_path %>

View File

@ -1,4 +1,5 @@
$(document).ready(function() { $(document).ready(function() {
$.each($(".notice"),function(k,v){ alert("EMPTY Cate");});
$.each($(".dymanic_load"),function(){ $.each($(".dymanic_load"),function(){
if($(this).attr("path")==''){$(this).html("App setting Failed");} if($(this).attr("path")==''){$(this).html("App setting Failed");}

View File

@ -1,5 +1,6 @@
class Panel::Announcement::BackEnd::ApprovalsController < OrbitBackendController class Panel::Announcement::BackEnd::ApprovalsController < OrbitBackendController
before_filter :authenticate_user! before_filter :authenticate_user!
before_filter :is_admin?
include AdminHelper include AdminHelper
# layout 'admin' # layout 'admin'

View File

@ -1,5 +1,7 @@
class Panel::Announcement::BackEnd::BulletinCategorysController < OrbitBackendController class Panel::Announcement::BackEnd::BulletinCategorysController < OrbitBackendController
before_filter :for_app_manager,:except => [:index]
def index def index
@bulletin_categorys = BulletinCategory.all @bulletin_categorys = BulletinCategory.all
@bulletin_category = BulletinCategory.new(:display => 'List') @bulletin_category = BulletinCategory.new(:display => 'List')

View File

@ -1,8 +1,9 @@
class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
before_filter :authenticate_user! before_filter :authenticate_user!
before_filter :is_admin? # before_filter :for_admin_only,:only => [:]
# before_filter :for_app_manager,:only => [:index,:show,]
before_filter :for_app_sub_manager,:except => [:index,:show,:get_sorted_and_filtered_bulletins]
def index def index
# @bulletins = Bulletin.all # @bulletins = Bulletin.all
# @bulletins = Bulletin.desc("postdate desc") # @bulletins = Bulletin.desc("postdate desc")
@ -42,6 +43,10 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
@bulletin_file = BulletinFile.new @bulletin_file = BulletinFile.new
@file_url = panel_announcement_back_end_bulletins_path @file_url = panel_announcement_back_end_bulletins_path
@bulletins.delete_if{ |bulletin|
bulletin.is_pending == true && (!bulletin.bulletin_category.authed_users('fact_check').include?(current_user) || bulletin.create_user_id!=current_user.id)
}
respond_to do |format| respond_to do |format|
format.html # index.html.erb format.html # index.html.erb
format.js { } format.js { }
@ -79,14 +84,17 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
# @bulletin.bulletin_files.build # @bulletin.bulletin_files.build
# @bulletin.bulletin_files.new # @bulletin.bulletin_files.new
get_categorys
get_tags
respond_to do |format| if get_categorys.empty?
format.html # new.html.erb flash[:notice] = "You dont have any permission for post on cate"
format.xml { render :xml => @bulletin } redirect_to :action => :index
end else
get_tags
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @bulletin }
end
end
end end
# GET /bulletins/1/edit # GET /bulletins/1/edit
@ -314,7 +322,7 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
if(is_manager? || is_admin?) if(is_manager? || is_admin?)
@bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.excludes('disabled' => true)) @bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.excludes('disabled' => true))
elsif is_sub_manager? elsif is_sub_manager?
@bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit_new') @bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit')
end end
end end

View File

@ -4,10 +4,13 @@
<%= bulletin_category.key %> <%= bulletin_category.key %>
<div class="quick-edit"> <div class="quick-edit">
<ul class="nav nav-pills hide"> <ul class="nav nav-pills hide">
<li><%= link_to t('bulletin_category.edit'), edit_panel_announcement_back_end_bulletin_category_path(bulletin_category), :remote => true %></li> <%if is_manager? || is_admin? %>
<li><%= show_submit_permission_link(bulletin_category) %></li> <li><%= show_submit_permission_link(bulletin_category) %></li>
<li><%= link_to t('bulletin_category.delete'), panel_announcement_back_end_bulletin_category_path(bulletin_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li> <% end %>
<% if is_admin?%>
<li><%= link_to t('bulletin_category.edit'), edit_panel_announcement_back_end_bulletin_category_path(bulletin_category), :remote => true %></li>
<li><%= link_to t('bulletin_category.delete'), panel_announcement_back_end_bulletin_category_path(bulletin_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
<% end %>
</ul> </ul>
</div> </div>

View File

@ -35,7 +35,7 @@
</tbody> </tbody>
</table> </table>
<div id="form"><%= render :partial => "form" %></div> <div id="form"><%= render :partial => "form" if is_manager?%></div>

View File

@ -1,5 +1,8 @@
<tr id="<%= dom_id bulletin %>" class="with_action"> <tr id="<%= dom_id bulletin %>" class="with_action">
<td><%= check_box_tag 'to_delete[]', bulletin.id, false, :class => "checkbox_in_list" %></td> <td>
<% if (bulletin.create_user_id == current_user.id) || is_manager? %>
<%= check_box_tag 'to_delete[]', bulletin.id, false, :class => "checkbox_in_list" %>
<% end -%>
<td> <td>
<div class="label-group"> <div class="label-group">
<div class="label-td"> <div class="label-td">
@ -27,8 +30,11 @@
<td><%= bulletin.bulletin_category.i18n_variable[I18n.locale] %></td> <td><%= bulletin.bulletin_category.i18n_variable[I18n.locale] %></td>
<td> <td>
<%= link_to bulletin.title[I18n.locale], panel_announcement_front_end_bulletin_path(bulletin, :category_id => bulletin.bulletin_category.id) rescue ''%> <%= link_to bulletin.title[I18n.locale], panel_announcement_front_end_bulletin_path(bulletin, :category_id => bulletin.bulletin_category.id) rescue ''%>
<div class="quick-edit"> <div class="quick-edit">
<ul class="nav nav-pills hide"> <ul class="nav nav-pills hide">
<% if (bulletin.create_user_id == current_user.id) || is_manager? %>
<% if current_user.admin? || (!bulletin.is_rejected? && !bulletin.is_checked?) %> <% if current_user.admin? || (!bulletin.is_rejected? && !bulletin.is_checked?) %>
<li><%= link_to t('bulletin.edit'), edit_panel_announcement_back_end_bulletin_path(bulletin) %></li> <li><%= link_to t('bulletin.edit'), edit_panel_announcement_back_end_bulletin_path(bulletin) %></li>
<li class="dropdown"> <li class="dropdown">
@ -43,11 +49,13 @@
</li> </li>
<%#= debugger %> <%#= debugger %>
<%#= a=1 %> <%#= a=1 %>
<% if show_approval_link(bulletin) %>
<li><%= link_to t('announcement.bulletin.approval'), edit_panel_announcement_back_end_bulletin_path(bulletin) %></li><%#= #TODO add ancher so user can quick access into that part %>
<% end %>
<% end %> <% end %>
<li class="dropdown"><%= link_to t('bulletin.delete'), panel_announcement_back_end_bulletin_path(bulletin), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li> <li class="dropdown"><%= link_to t('bulletin.delete'), panel_announcement_back_end_bulletin_path(bulletin), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
<% end -%>
<% if show_approval_link(bulletin) %>
<li><%= link_to t('announcement.bulletin.approval'), edit_panel_announcement_back_end_bulletin_path(bulletin) %></li><%#= #TODO add ancher so user can quick access into that part %>
<% end %>
</ul> </ul>
</div> </div>
</td> </td>

View File

@ -4,4 +4,4 @@
['start_date', 'postdate', 'span1-2', 'bulletin.start_date'], ['start_date', 'postdate', 'span1-2', 'bulletin.start_date'],
['end_date', 'deadline', 'span1-2', 'bulletin.end_date'], ['end_date', 'deadline', 'span1-2', 'bulletin.end_date'],
['tags', 'tags', 'span1-2', 'bulletin.tags'], ['tags', 'tags', 'span1-2', 'bulletin.tags'],
['last_modified', 'update_user_id','span1-3', 'bulletin.last_modified']).html_safe %> ['last_modified', 'update_user_id','span1-3', 'bulletin.last_modified']).html_safe %>