1.make module app forbid unearthed access except from admin

2.override sidebar link when it's object_auth or app_auth.
This commit is contained in:
Fu Matthew 2013-03-07 16:51:47 +08:00 committed by Matt K. Fu
parent 15be80a35f
commit 4a08a1992b
6 changed files with 39 additions and 6 deletions

View File

@ -1,10 +1,24 @@
class Admin::ModuleAppsNewInterfaceController < OrbitBackendController class Admin::ModuleAppsNewInterfaceController < OrbitBackendController
before_filter :authenticate_user! before_filter :check_auth
before_filter :is_admin? # before_filter :authenticate_user!
# before_filter :is_admin?
include AdminHelper include AdminHelper
layout "new_admin" layout "new_admin"
def check_auth
unless is_admin? and is_manager?
flash[:error] = "unauthorized access"
if request.env["HTTP_REFERER"]
redirect_to :back
else
render(:file => File.join(Rails.root, 'public/403.html'), :status => 403, :layout => false)
end
false
end
end
def setting def setting
@sys_users = User.all(conditions: {admin: false}).includes(:avatar).not_guest_user @sys_users = User.all(conditions: {admin: false}).includes(:avatar).not_guest_user
@module_app = ModuleApp.find(params[:module_app_id]) @module_app = ModuleApp.find(params[:module_app_id])

View File

@ -138,9 +138,9 @@ module OrbitApp
def initialize(label_i18n="NoNameLink",options={}) def initialize(label_i18n="NoNameLink",options={})
@label_i18n = label_i18n @label_i18n = label_i18n
@available_for = options[:available_for]
@priority = options[:priority] || 0 @priority = options[:priority] || 0
@path = options[:link_path] || "" @path = options[:link_path] || ""
set_available_for_avoiding_sensitive_links(options[:available_for] )
@active_for_action = options[:active_for_action] || [] @active_for_action = options[:active_for_action] || []
@active_for_object_auth = options[:active_for_object_auth] || [] @active_for_object_auth = options[:active_for_object_auth] || []
@active_for_app_auth = options[:active_for_app_auth] || [] @active_for_app_auth = options[:active_for_app_auth] || []
@ -148,6 +148,24 @@ module OrbitApp
@get_module_app = options[:get_module_app] @get_module_app = options[:get_module_app]
end end
def set_available_for_avoiding_sensitive_links(available_for)
sensitive_list = {}
sensitive_list[:module_app] =/.*manager_auth_proc.*/
sensitive_list[:object_auth] = /.*object_auth.*/
sensitive_list.each do |index,regx|
if @path.match(regx)
@available_for = case index
when :module_app
[:admin]
when :object_auth
[:manager,:admin]
end #of case
end #of if
end #of each
@available_for = available_for if @available_for.nil?
end #of def
def get_module_app def get_module_app
@get_module_app.call @get_module_app.call
end end

1
public/403.html Normal file
View File

@ -0,0 +1 @@
403 FORIBDDEN

View File

@ -3,6 +3,8 @@ class Panel::Announcement::BackEnd::ApprovalsController < OrbitBackendControlle
before_filter :is_admin? before_filter :is_admin?
include AdminHelper include AdminHelper
# layout 'admin' # layout 'admin'
def preview_and_approve def preview_and_approve
@bulletin = Bulletin.find params[:bulletin_id] @bulletin = Bulletin.find params[:bulletin_id]
end end

View File

@ -1,5 +1,4 @@
class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
include AdminHelper
include OrbitControllerLib::DivisionForDisable include OrbitControllerLib::DivisionForDisable
before_filter :clean_values, :only => [:create, :update] before_filter :clean_values, :only => [:create, :update]

View File

@ -131,8 +131,7 @@ module Announcement
context_link 'module_authorization', context_link 'module_authorization',
:link_path=>"admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: 'Announcement'}))", :link_path=>"admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: 'Announcement'}))",
:priority=>6, :priority=>6,
:active_for_app_auth => 'Announcement', :active_for_app_auth => 'Announcement'
:available_for => [:admin]
end end
end end
end end