diff --git a/app/controllers/admin/dashboards_controller.rb b/app/controllers/admin/dashboards_controller.rb index 7b761361..b7f377d3 100644 --- a/app/controllers/admin/dashboards_controller.rb +++ b/app/controllers/admin/dashboards_controller.rb @@ -2,7 +2,7 @@ class Admin::DashboardsController < ApplicationController layout "new_admin" before_filter :authenticate_user! - before_filter :is_admin? +# before_filter :is_admin? def index end diff --git a/app/controllers/admin/designs_controller.rb b/app/controllers/admin/designs_controller.rb index 519b36a5..ff41c0b4 100644 --- a/app/controllers/admin/designs_controller.rb +++ b/app/controllers/admin/designs_controller.rb @@ -5,7 +5,8 @@ class Admin::DesignsController < ApplicationController layout "new_admin" before_filter :authenticate_user! - before_filter :is_admin? + before_filter :is_admin? + before_filter :for_admin_only def upload_package if !params[:design].nil? diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index fb82774e..2f6636b9 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -39,9 +39,59 @@ class ApplicationController < ActionController::Base @parent_item = Item.first(:conditions => { :id => BSON::ObjectId(params[:parent_id]) }) rescue nil end + def auth_failed_in_backend + redirect_to admin_dashboards_url + end + # Check if the current_user is admin def is_admin? - redirect_to root_url unless current_user.admin? + + auth_failed_in_backend unless current_user.admin? + end + + def is_manager? + @module_app.managing_users.include?(current_user) || is_admin? + end + + def for_admin_only + if is_admin? + true + else + flash[:notice] = "Access Denied for you are not Admin" + auth_failed_in_backend + end + end + + def for_app_manager + if is_manager? + true + else + flash[:notice] = "Access Denied for you are not Manager for this app" + auth_failed_in_backend + end + end + + def for_app_sub_manager + if (@module_app.sub_managing_users.include?(current_user) || is_manager?) + true + else + flash[:notice] = "Access Denied for you are not SubManager for this app" + auth_failed_in_backend + end + end + + def for_app_user + if (@module_app.app_auth.auth_users.include?(current_user) || for_app_sub_manager ) + true + else + flash[:notice] = "Access Denied for you are not User for this app" + auth_failed_in_backend + end + end + + def check_object_premission(obj,title) + flash[:notice] = "Access Denied for you don't have permission for this object" + auth_failed_in_backend unless (obj.get_object_auth_by_title(title).auth_users.include?(current_user) || is_manager? || is_admin? ) end # Render the page diff --git a/app/views/admin/dashboards/index.html.erb b/app/views/admin/dashboards/index.html.erb index d038b63d..1d9cd710 100644 --- a/app/views/admin/dashboards/index.html.erb +++ b/app/views/admin/dashboards/index.html.erb @@ -1,3 +1,5 @@ +<%= flash_messages %> +

Member

diff --git a/app/views/layouts/_side_bar.html.erb b/app/views/layouts/_side_bar.html.erb index 96e0e2a8..431e8399 100644 --- a/app/views/layouts/_side_bar.html.erb +++ b/app/views/layouts/_side_bar.html.erb @@ -1,6 +1,10 @@ <%#= content_tag :li, :class => active_for_controllers('purchases') do -%> <%#= link_to content_tag(:i, nil, :class => 'icons-purchase') + t('admin.purchase'), admin_purchases_path %> <%# end -%> +<% content_for :page_specific_javascript do %> + <%= javascript_include_tag "/static/kernel.js" %> +<% end %> +<%= flash_messages %> <%= content_tag :li, :class => active_for_controllers('bulletins', '/panel/announcement/back_end/tags', 'bulletin_categorys','module_apps', 'approvals') do -%> <%= link_to content_tag(:i, nil, :class => 'icons-announcement') + t('admin.announcement'), panel_announcement_back_end_bulletins_path %> diff --git a/public/static/kernel.js b/public/static/kernel.js index c5b9a8a6..ba5b81c3 100644 --- a/public/static/kernel.js +++ b/public/static/kernel.js @@ -1,4 +1,5 @@ $(document).ready(function() { + $.each($(".notice"),function(k,v){ alert("EMPTY Cate");}); $.each($(".dymanic_load"),function(){ if($(this).attr("path")==''){$(this).html("App setting Failed");} diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/approvals_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/approvals_controller.rb index 2d10dd75..4338fdd1 100644 --- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/approvals_controller.rb +++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/approvals_controller.rb @@ -1,5 +1,6 @@ class Panel::Announcement::BackEnd::ApprovalsController < OrbitBackendController before_filter :authenticate_user! + before_filter :is_admin? include AdminHelper # layout 'admin' diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletin_categorys_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletin_categorys_controller.rb index 0e3894b9..b9151125 100644 --- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletin_categorys_controller.rb +++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletin_categorys_controller.rb @@ -1,5 +1,7 @@ class Panel::Announcement::BackEnd::BulletinCategorysController < OrbitBackendController - + before_filter :for_app_manager,:except => [:index] + + def index @bulletin_categorys = BulletinCategory.all @bulletin_category = BulletinCategory.new(:display => 'List') diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb index f77e70b7..b5ebd0c0 100644 --- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb +++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb @@ -1,8 +1,9 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController before_filter :authenticate_user! - before_filter :is_admin? - +# before_filter :for_admin_only,:only => [:] +# before_filter :for_app_manager,:only => [:index,:show,] + before_filter :for_app_sub_manager,:except => [:index,:show,:get_sorted_and_filtered_bulletins] def index # @bulletins = Bulletin.all # @bulletins = Bulletin.desc("postdate desc") @@ -39,6 +40,10 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController @bulletin_file = BulletinFile.new @file_url = panel_announcement_back_end_bulletins_path + @bulletins.delete_if{ |bulletin| + bulletin.is_pending == true && (!bulletin.bulletin_category.authed_users('fact_check').include?(current_user) || bulletin.create_user_id!=current_user.id) + } + respond_to do |format| format.html # index.html.erb format.js { } @@ -76,14 +81,17 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController # @bulletin.bulletin_files.build # @bulletin.bulletin_files.new - - get_categorys - get_tags - respond_to do |format| - format.html # new.html.erb - format.xml { render :xml => @bulletin } - end + if get_categorys.empty? + flash[:notice] = "You dont have any permission for post on cate" + redirect_to :action => :index + else + get_tags + respond_to do |format| + format.html # new.html.erb + format.xml { render :xml => @bulletin } + end + end end # GET /bulletins/1/edit @@ -311,7 +319,7 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController if(is_manager? || is_admin?) @bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.excludes('disabled' => true)) elsif is_sub_manager? - @bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit_new') + @bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit') end end diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb index a75440e5..8ad4578e 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/_bulletin_category.html.erb @@ -4,10 +4,13 @@ <%= bulletin_category.key %>
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb index 28d2fde0..392e50a3 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb @@ -17,7 +17,7 @@ -
<%= render :partial => "form" %>
+
<%= render :partial => "form" if is_manager?%>
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb index b8dd663d..3722fd81 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb @@ -1,5 +1,8 @@ - <%= check_box_tag 'to_delete[]', bulletin.id, false, :class => "checkbox_in_list" %> + + <% if (bulletin.create_user_id == current_user.id) || is_manager? %> + <%= check_box_tag 'to_delete[]', bulletin.id, false, :class => "checkbox_in_list" %> + <% end -%> <% if bulletin.is_top? %> <%= t(:top) %> @@ -23,8 +26,11 @@ <%= bulletin.bulletin_category.i18n_variable[I18n.locale] %> <%= link_to bulletin.title[I18n.locale], panel_announcement_front_end_bulletin_path(bulletin, :category_id => bulletin.bulletin_category.id) rescue ''%> +
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_sort_headers.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_sort_headers.html.erb index b48cca39..f53ef5a6 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_sort_headers.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_sort_headers.html.erb @@ -2,8 +2,10 @@ - - + <% if is_manager? %> + + + <% end -%> <%= link_to (t('bulletin.status') + content_tag(:b, nil, :class => is_sort?('status'))).html_safe, panel_announcement_back_end_bulletins_path({:filter => @filter}.merge(sortable('status'))), :class => 'js_history' %> diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb index 78532f00..f1a061e6 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb @@ -1,3 +1,5 @@ + + <%= form_for :bulletins, :url => delete_panel_announcement_back_end_bulletins_path(:direction => params[:direction], :sort => params[:sort], :filter => @filter, :new_filter => nil), :html => {:id => 'delete_bulletins'}, :remote => true do %> <%= render 'filter' %>