diff --git a/Gemfile b/Gemfile index 906fa408..b945b635 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,7 @@ gem 'exception_notification' # Send error trace gem 'execjs' gem 'jquery-rails' gem 'jquery-ui-rails' - +gem "pry", "~> 0.9.10" gem 'kaminari', :git => 'git://github.com/amatsuda/kaminari.git' # gem "memcached", "~> 1.4.3" diff --git a/Gemfile.lock b/Gemfile.lock index 4e6e42c8..7be6a7e6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -68,6 +68,7 @@ GEM mongoid (~> 2.1) chinese_pinyin (0.4.1) chronic (0.6.7) + coderay (1.0.7) coffee-rails (3.1.1) coffee-script (>= 2.2.0) railties (~> 3.1.0) @@ -118,6 +119,7 @@ GEM i18n (>= 0.4.0) mime-types (~> 1.16) treetop (~> 1.4.8) + method_source (0.8) mime-types (1.17.2) mini_magick (3.4) subexec (~> 0.2.1) @@ -153,6 +155,10 @@ GEM progress_bar (0.4.0) highline (~> 1.6.1) options (~> 2.3.0) + pry (0.9.10) + coderay (~> 1.0.5) + method_source (~> 0.8) + slop (~> 3.3.1) rack (1.3.6) rack-cache (1.2) rack (>= 0.4) @@ -255,6 +261,7 @@ GEM rack-protection (~> 1.2) tilt (~> 1.3, >= 1.3.3) social-share-button (0.0.6) + slop (3.3.2) spork (0.9.0) spork (0.9.0-x86-mingw32) win32-process @@ -331,6 +338,7 @@ DEPENDENCIES net-ldap (~> 0.3.1) nokogiri progress_bar + pry (~> 0.9.10) radius rails (>= 3.1.0, < 3.2.0) rake diff --git a/app/controllers/admin/ad_banners_controller.rb b/app/controllers/admin/ad_banners_controller.rb index f43c19e5..7f49faf2 100644 --- a/app/controllers/admin/ad_banners_controller.rb +++ b/app/controllers/admin/ad_banners_controller.rb @@ -1,8 +1,10 @@ class Admin::AdBannersController < OrbitBackendController layout "new_admin" - before_filter :authenticate_user! + before_filter :force_order_for_visitor,:only=>[:index] + #before_filter :force_order_for_user,:except => [:index] + before_filter :for_app_sub_manager,:except => [:index] before_filter :for_app_manager,:except => [:index,:show,:update,:realtime_preview] - before_filter :for_app_sub_manager + def rename @ad_banner = AdBanner.find(params[:id]) diff --git a/app/controllers/admin/dashboards_controller.rb b/app/controllers/admin/dashboards_controller.rb index 991f19af..cd00b49d 100644 --- a/app/controllers/admin/dashboards_controller.rb +++ b/app/controllers/admin/dashboards_controller.rb @@ -1,7 +1,7 @@ -class Admin::DashboardsController < ApplicationController - +class Admin::DashboardsController < OrbitBackendController layout "new_admin" - before_filter :authenticate_user! + #before_filter :set_current_user + #before_filter :authenticate_user!, :except => [:index] # before_filter :is_admin? def index diff --git a/app/controllers/admin/tags_controller.rb b/app/controllers/admin/tags_controller.rb index d8d59f52..cd5e00c9 100644 --- a/app/controllers/admin/tags_controller.rb +++ b/app/controllers/admin/tags_controller.rb @@ -1,9 +1,13 @@ -class Admin::TagsController < ApplicationController +class Admin::TagsController < OrbitBackendController + before_filter :force_order_for_visitor,:only=>[:index] + before_filter :force_order_for_user,:except => [:index] + before_filter :for_app_sub_manager,:except => [:index] - layout 'new_admin' - before_filter :authenticate_user! - before_filter :is_admin? - before_filter :set_module_app + + # layout 'new_admin' + # before_filter :authenticate_user! + # before_filter :is_admin? + # before_filter :set_module_app def index get_tags diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 74274eeb..4c46faec 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -9,7 +9,7 @@ class ApplicationController < ActionController::Base before_filter :set_locale, :set_site def set_current_user - User.current = current_user + User.current = current_or_guest_user end def front_end_available(module_app_title='') @@ -50,11 +50,26 @@ class ApplicationController < ActionController::Base # Check if the current_user is admin def is_admin? - current_user.admin? ? true : auth_failed_in_backend + current_or_guest_user.admin? ? true : auth_failed_in_backend end def is_manager? - @module_app.managing_users.include?(current_user) || is_admin? + @module_app.is_manager?(current_or_guest_user) || is_admin? + end + + # Check if the current_user is admin + def is_member? + if (current_user rescue false) + return true + end + return false + end + + def is_guest? + if session[:guest_user_id] + return true + end + return false end def for_admin_only @@ -76,7 +91,7 @@ class ApplicationController < ActionController::Base end def for_app_sub_manager - if (@module_app.sub_managing_users.include?(current_user) || is_manager?) + if (@module_app.sub_managing_users.include?(current_or_guest_user) || is_manager?) true else flash[:error] = t("admin.access.denied.app.not_sub_manager") @@ -85,7 +100,7 @@ class ApplicationController < ActionController::Base end def for_app_user - if (@module_app.app_auth.auth_users.include?(current_user) || for_app_sub_manager ) + if (@module_app.app_auth.auth_users.include?(current_or_guest_user) || for_app_sub_manager ) true else flash[:error] = t("admin.access.denied.app.not_authed_user") @@ -95,7 +110,7 @@ class ApplicationController < ActionController::Base def check_object_premission(obj,title) flash[:error] = t("admin.access.denied.object") - auth_failed_in_backend unless (obj.get_object_auth_by_title(title).auth_users.include?(current_user) || is_manager? || is_admin? ) + auth_failed_in_backend unless (obj.get_object_auth_by_title(title).auth_users.include?(current_or_guest_user) || is_manager? || is_admin? ) end # Render the page @@ -189,6 +204,17 @@ class ApplicationController < ActionController::Base [shift_out] + a end end + # called (once) when the user logs in, insert any code your application needs + # to hand off from guest_user to current_user. + def logging_in + # For example: + # guest_comments = guest_user.comments.all + # guest_comments.each do |comment| + # comment.user_id = current_user.id + # comment.save + # end + end + def render_main_rss ret = '' diff --git a/app/controllers/orbit_backend_controller.rb b/app/controllers/orbit_backend_controller.rb index b43a6b9a..0ac853ed 100644 --- a/app/controllers/orbit_backend_controller.rb +++ b/app/controllers/orbit_backend_controller.rb @@ -1,12 +1,12 @@ class OrbitBackendController< ApplicationController - before_filter :force_order,:except => [:public] - before_filter :setup_vars - before_filter :set_current_user + #before_filter :setup_vars + #before_filter :set_current_user # before_filter {|c| c.front_end_available(@app_title)} # before_filter :check_user_can_use include OrbitCoreLib::PermissionUnility include AdminHelper + include ApplicationHelper layout 'new_admin' @@ -18,8 +18,16 @@ class OrbitBackendController< ApplicationController end private - - def force_order + + def force_order_for_visitor + setup_vars + set_current_user + end + + + def force_order_for_user + setup_vars + set_current_user authenticate_user! check_user_can_use end diff --git a/app/helpers/admin_helper.rb b/app/helpers/admin_helper.rb index 021687da..d6e54c1f 100644 --- a/app/helpers/admin_helper.rb +++ b/app/helpers/admin_helper.rb @@ -7,15 +7,15 @@ module AdminHelper # Check if the current_user is manager in current module app def is_manager? - @module_app.is_manager?(current_user) || is_admin? + @module_app.is_manager?(current_or_guest_user) || is_admin? end # Check if the current_user is sub manager in current module app def is_sub_manager? - @module_app.is_sub_manager?(current_user)|| is_admin? + @module_app.is_sub_manager?(current_or_guest_user)|| is_admin? end def is_admin? - current_user.admin? + current_or_guest_user.admin? end end \ No newline at end of file diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 6d5b896f..eaffb899 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -2,6 +2,37 @@ module ApplicationHelper FLASH_NOTICE_KEYS = [:error, :notice, :warning] + def create_guest_user + u = User.create(:name => "guest", :email => "guest_#{Time.now.to_i}#{rand(99)}@example.com") + u.admin = false + u.save(:validate => false) + u + end + + # if user is logged in, return current_user, else return guest_user + def current_or_guest_user + if current_user + if session[:guest_user_id] + logging_in + guest_user.destroy + session[:guest_user_id] = nil + end + current_user + else + guest_user + end + end + + + # find guest_user object associated with the current session, + # creating one as needed + def guest_user + User.find(session[:guest_user_id].nil? ? session[:guest_user_id] = create_guest_user.id : session[:guest_user_id]) + end + + + + def colorize_in_use_locale(locale) @site_in_use_locales.include?(locale)? 'green' : 'red' end @@ -204,10 +235,6 @@ module ApplicationHelper display_visitors(created_at: {'$gte' => Date.today.beginning_of_year, '$lte' => Date.today.end_of_year}) end - def at_least_module_manager - is_manager? || is_admin? - end - def display_date_time(object) object.strftime("%Y-%m-%d %H:%M") end diff --git a/app/models/site.rb b/app/models/site.rb index af3b3239..992ef9a7 100644 --- a/app/models/site.rb +++ b/app/models/site.rb @@ -12,7 +12,7 @@ class Site field :private_key, :type => Binary field :public_key, :type => Binary field :title_always_on, :type => Boolean, :default => false - + field :dashbroad_allow_visitor, :type => Boolean, :default => false field :mail_settings, :type => Hash field :school diff --git a/app/views/layouts/_side_bar.html.erb b/app/views/layouts/_side_bar.html.erb index a9d29d0c..0088787b 100644 --- a/app/views/layouts/_side_bar.html.erb +++ b/app/views/layouts/_side_bar.html.erb @@ -9,11 +9,11 @@ <%= link_to content_tag(:i, nil, :class => 'icons-announcement') + t('admin.announcement'), panel_announcement_back_end_bulletins_path %> <%= content_tag :ul, :class => ("nav nav-list " + (visible_for_controllers('bulletins', '/panel/announcement/back_end/tags', 'bulletin_categorys', 'approvals')||active_for_ob_auths_object("BulletinCategory"))) do -%> <%= content_tag :li, link_to(t('announcement.all_articles'), panel_announcement_back_end_bulletins_path), :class => active_for_action('bulletins', 'index') %> - <%= content_tag :li, link_to(t('announcement.add_new'), new_panel_announcement_back_end_bulletin_path), :class => active_for_action('bulletins', 'new') %> - <%= content_tag :li, link_to(t('announcement.categories'), panel_announcement_back_end_bulletin_categorys_path), :class =>( active_for_action('bulletin_categorys', 'index') || active_for_ob_auths_object("BulletinCategory") ) %> - <%= content_tag :li, link_to(t('announcement.tags'), panel_announcement_back_end_tags_path), :class => active_for_action('/panel/announcement/back_end/tags', 'index') %> - <%= content_tag :li, link_to(t('announcement.bulletin.approval_setting'), panel_announcement_back_end_approval_setting_path), :class => active_for_action('approvals', 'setting') if (is_manager? rescue true) %> - <%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {key: "announcement"}))), :class => active_for_app_auth('Announcement') if (is_admin? rescue nil) %> + <%= content_tag :li, link_to(t('announcement.add_new'), new_panel_announcement_back_end_bulletin_path), :class => active_for_action('bulletins', 'new') if (is_manager? rescue nil) %> + <%= content_tag :li, link_to(t('announcement.categories'), panel_announcement_back_end_bulletin_categorys_path), :class =>( active_for_action('bulletin_categorys', 'index') || active_for_ob_auths_object("BulletinCategory") )if (is_manager? rescue nil) %> + <%= content_tag :li, link_to(t('announcement.tags'), panel_announcement_back_end_tags_path), :class => active_for_action('/panel/announcement/back_end/tags', 'index')if (is_manager? rescue nil) %> + <%= content_tag :li, link_to(t('announcement.bulletin.approval_setting'), panel_announcement_back_end_approval_setting_path), :class => active_for_action('approvals', 'setting') if (is_manager? rescue nil) %> + <%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "Announcement"}))), :class => active_for_app_auth('Announcement') if (is_admin? rescue nil) %> <% end -%> @@ -23,10 +23,10 @@ <%= link_to content_tag(:i, nil, :class => 'icons-announcement') + t('admin.news'), panel_news_back_end_news_bulletins_path %> <%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('news_bulletins', '/panel/news/back_end/tags', 'news_bulletin_categorys', 'news_approvals')) do -%> <%= content_tag :li, link_to(t('announcement.all_articles'), panel_news_back_end_news_bulletins_path), :class => active_for_action('news_bulletins', 'index') %> - <%= content_tag :li, link_to(t('announcement.add_new'), new_panel_news_back_end_news_bulletin_path), :class => active_for_action('news_bulletins', 'new') %> - <%= content_tag :li, link_to(t('announcement.categories'), panel_news_back_end_news_bulletin_categorys_path), :class => active_for_action('news_bulletin_categorys', 'index') || active_for_ob_auths_object("NewsBulletinCategory") %> - <%= content_tag :li, link_to(t('announcement.tags'), panel_news_back_end_tags_path), :class => active_for_action('/panel/news/back_end/tags', 'index') %> - <%= content_tag :li, link_to(t('announcement.bulletin.approval_setting'), panel_news_back_end_approval_setting_path), :class => active_for_action('news_approvals', 'setting') if (is_manager? rescue true) %> + <%= content_tag :li, link_to(t('announcement.add_new'), new_panel_news_back_end_news_bulletin_path), :class => active_for_action('news_bulletins', 'new') if (is_manager? rescue nil) %> + <%= content_tag :li, link_to(t('announcement.categories'), panel_news_back_end_news_bulletin_categorys_path), :class => active_for_action('news_bulletin_categorys', 'index') || active_for_ob_auths_object("NewsBulletinCategory") if (is_manager? rescue nil) %> + <%= content_tag :li, link_to(t('announcement.tags'), panel_news_back_end_tags_path), :class => active_for_action('/panel/news/back_end/tags', 'index') if (is_manager? rescue nil)%> + <%= content_tag :li, link_to(t('announcement.bulletin.approval_setting'), panel_news_back_end_approval_setting_path), :class => active_for_action('news_approvals', 'setting') if (is_manager? rescue nil) %> <%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {key: "news"}))), :class => active_for_app_auth('news') if (is_admin? rescue nil) %> <% end -%> @@ -60,10 +60,10 @@ <%= link_to content_tag(:i, nil, :class => 'icons-link') + t('admin.link'), panel_web_resource_back_end_web_links_path %> <%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys')) do -%> <%= content_tag :li, link_to(t('admin.all_articles'), panel_web_resource_back_end_web_links_path), :class => active_for_action('web_links', 'index') %> - <%= content_tag :li, link_to(t('announcement.add_new'), new_panel_web_resource_back_end_web_link_path), :class => active_for_action('web_links', 'new') %> - <%= content_tag :li, link_to(t('announcement.categories'), panel_web_resource_back_end_web_link_categorys_path), :class => (active_for_action('web_link_categorys', 'index') || active_for_ob_auths_object("WebLinkCategory")) %> - <%= content_tag :li, link_to(t('announcement.tags'), panel_web_resource_back_end_tags_path), :class => active_for_action('/panel/web_resource/back_end/tags', 'index') %> - <%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {key: "web_resource"}))), :class => active_for_app_auth('web_resource') if (is_admin? rescue nil) %> + <%= content_tag :li, link_to(t('announcement.add_new'), new_panel_web_resource_back_end_web_link_path), :class => active_for_action('web_links', 'new') if (is_manager? rescue nil)%> + <%= content_tag :li, link_to(t('announcement.categories'), panel_web_resource_back_end_web_link_categorys_path), :class => (active_for_action('web_link_categorys', 'index') || active_for_ob_auths_object("WebLinkCategory")) if (is_manager? rescue nil)%> + <%= content_tag :li, link_to(t('announcement.tags'), panel_web_resource_back_end_tags_path), :class => active_for_action('/panel/web_resource/back_end/tags', 'index') if (is_manager? rescue nil)%> + <%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "web_resource"}))), :class => active_for_app_auth('web_resource') if (is_admin? rescue nil) %> <% end -%> <% end -%> diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb index 8aea2b8c..d318b28c 100644 --- a/lib/orbit_core_lib.rb +++ b/lib/orbit_core_lib.rb @@ -135,19 +135,18 @@ module OrbitCoreLib module PermissionUnility private def check_permission(type = :use) - setup_vars - permission_grant = current_user.admin?? true : false + permission_grant = current_or_guest_user.admin?? true : false module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app unless permission_grant permission_grant = case type when :use users_ary = module_app.app_auth.auth_users rescue nil users_ary = [] if users_ary.nil? - (users_ary.include?(current_user) || module_app.is_manager?(current_user) || module_app.is_sub_manager?(current_user)) + (users_ary.include?(current_or_guest_user) || module_app.is_manager?(current_or_guest_user) || module_app.is_sub_manager?(current_or_guest_user)) when :manager - module_app.is_manager?(current_user) + module_app.is_manager?(current_or_guest_user) when :sub_manager - module_app.is_manager?(current_user) || module_app.is_sub_manager?(current_user) + module_app.is_manager?(current_or_guest_user) || module_app.is_sub_manager?(current_or_guest_user) end end permission_grant diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb index c013d7f4..498ad2c2 100644 --- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb +++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb @@ -10,7 +10,12 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController end # before_filter :for_admin_only,:only => [:] # before_filter :for_app_manager,:only => [:index,:show,] + before_filter :force_order_for_visitor,:only=>[:index,:show,:get_sorted_and_filtered_bulletins] + before_filter :force_order_for_user,:except => [:index,:show,:get_sorted_and_filtered_bulletins] before_filter :for_app_sub_manager,:except => [:index,:show,:get_sorted_and_filtered_bulletins] + + + def index # @bulletins = Bulletin.all # @bulletins = Bulletin.desc("postdate desc") diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb index f6d9d240..02f4220a 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/_bulletin.html.erb @@ -1,6 +1,6 @@