From e95334496568b113f1aa184d16dfbeeb0afa760c Mon Sep 17 00:00:00 2001
From: Christophe Vilayphiou <chris.vilayphiou@gmail.com>
Date: Tue, 20 Mar 2012 14:17:28 +0800
Subject: [PATCH] Fix before_filter order for object_auth

---
 app/controllers/admin/object_auths_controller.rb | 9 +++++++--
 app/controllers/orbit_backend_controller.rb      | 9 +++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/app/controllers/admin/object_auths_controller.rb b/app/controllers/admin/object_auths_controller.rb
index 58219acf..e8779dc4 100644
--- a/app/controllers/admin/object_auths_controller.rb
+++ b/app/controllers/admin/object_auths_controller.rb
@@ -1,8 +1,7 @@
 class Admin::ObjectAuthsController < ApplicationController
   include OrbitCoreLib::PermissionUnility
   layout "admin"
-  before_filter :authenticate_user!
-  before_filter :check_if_user_can_do_object_auth
+  before_filter :force_order
 #  before_filter :is_admin? ,:only => :index
   
 
@@ -84,6 +83,12 @@ class Admin::ObjectAuthsController < ApplicationController
   end
 
 private
+
+  def force_order
+    authenticate_user!
+    check_if_user_can_do_object_auth
+  end
+
   def check_if_user_can_do_object_auth
     unless  check_permission(:manager)
       render :nothing => true, :status => 403 
diff --git a/app/controllers/orbit_backend_controller.rb b/app/controllers/orbit_backend_controller.rb
index b52384c6..c71bbf15 100644
--- a/app/controllers/orbit_backend_controller.rb
+++ b/app/controllers/orbit_backend_controller.rb
@@ -1,8 +1,8 @@
 class OrbitBackendController< ApplicationController
-  before_filter :authenticate_user!
+  before_filter :force_order,:except => [:public]
   before_filter :setup_vars
  # before_filter {|c| c.front_end_available(@app_title)}
-  before_filter :check_user_can_use,:except => [:public]
+  # before_filter :check_user_can_use
   include OrbitCoreLib::PermissionUnility
   include AdminHelper
   
@@ -15,6 +15,11 @@ class OrbitBackendController< ApplicationController
   
   private
   
+  def force_order
+    authenticate_user!
+    check_user_can_use
+  end
+
   def check_user_can_use 
     unless check_permission
       redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])