saurabh
/
orbit-basic
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

New authorization

This commit is contained in:
chris 2013-08-19 18:54:35 +08:00
parent d24bd176cc
commit c474fa063f
25 changed files with 440 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

169
app/controllers/admin/authorizations_controller.rb
View File

@ -1,13 +1,13 @@
class Admin::AuthorizationsController < OrbitBackendController
before_filter :admin_or_manager
prepend_before_filter :admin_or_manager
def index
@module_apps ||= ModuleApp.where(is_authorizable: true).order_by([:title, :asc])
@module_apps ||= ModuleApp.any_of({is_authorizable: true}, {is_approvable: true}).order_by([:title, :asc])
if @module_apps && @module_apps.include?(@module_app)
if @type
case @type
when 'category', 'approval'
when 'category_authorization', 'category_approval'
if @module_app.has_category
@objects = @module_app.categories
else
@ -18,12 +18,12 @@ class Admin::AuthorizationsController < OrbitBackendController
end
unless @objects.blank?
@object ||= @objects.first
@users = @object.get_object_auth_by_title("#{@type}_#{@module_app.key}").auth_users
@users = @object.get_authorization_by_title("#{@type}_#{@module_app.key}").authorized_users rescue nil
else
@error = t(:no_data)
end
else
@users = @module_app.managing_users
@users = @module_app.managers
end
elsif @module_apps
@module_app = @module_apps.first
@ -33,35 +33,42 @@ class Admin::AuthorizationsController < OrbitBackendController
end
end
def add(users)
unless users.blank?
if @type
if @object
object_auth = @object.get_object_auth_by_title("#{@type}_#{@module_app.key}")
add_users_to_object_auth(object_auth, users)
else
@error = t(:no_data)
end
else
add_managers(users) unless users.blank?
end
def add_roles
roles = Role.find(params[:role_ids]) rescue []
users = []
roles.each do |role|
users += role.users.all.entries
end
@users = users
render 'admin/authorizations/insert_users'
unless roles.blank?
authorization = get_or_create_authorization
add_roles_to_auth(authorization, roles) unless @error
end
@users = authorization.authorized_users
render 'admin/authorizations/reload_users'
end
def add_sub_roles
sub_roles = SubRole.find(params[:sub_role_ids]) rescue []
users = []
sub_roles.each do |sub_role|
users += sub_role.users.all.entries
end
unless sub_roles.blank?
authorization = get_or_create_authorization
add_sub_roles_to_auth(authorization, sub_roles) unless @error
end
@users = authorization.authorized_users
render 'admin/authorizations/reload_users'
end
def add_users
users = User.find(params[:user_ids]) rescue []
add(users)
end
def add_roles
roles = Role.find(params[:role_ids]) rescue []
users = roles.inject([]) do |users, role|
users += role.users.all.entries
users
unless users.blank?
authorization = get_or_create_authorization
add_users_to_auth(authorization, users) unless @error
end
add(users)
@users = authorization.authorized_users
render 'admin/authorizations/reload_users'
end
def modal_select
@ -70,63 +77,111 @@ class Admin::AuthorizationsController < OrbitBackendController
if @type
@object_id = @object.id if @object
@sorted_users = roles.inject({}) do |users, role|
users[role] = role.users.where(admin: false).not_guest_user - existing_users - @module_app.managing_users
users[role] = role.users.where(admin: false) - existing_users - @module_app.managers
users
end
else
@sorted_users = roles.inject({}) do |users, role|
users[role] = role.users.where(admin: false).not_guest_user - existing_users
users[role] = role.users.where(admin: false) - existing_users
users
end
end
end
def remove_roles
roles = Role.find(params[:role_ids]) rescue []
unless roles.blank?
authorization = get_or_create_authorization
remove_roles_form_auth(authorization, roles)
end
@users = authorization.authorized_users
render 'admin/authorizations/reload_users'
end
def remove_sub_roles
sub_roles = SubRole.find(params[:sub_role_ids]) rescue []
unless sub_roles.blank?
authorization = get_or_create_authorization
remove_sub_roles_from_auth(authorization, sub_roles)
end
@users = authorization.authorized_users
render 'admin/authorizations/reload_users'
end
def remove_users
@users = User.find(params[:ids]) rescue []
unless @users.blank?
if @type
if @object
object_auth = @object.get_object_auth_by_title("#{@type}_#{@module_app.key}")
remove_users_form_object_auth(object_auth, @users)
else
@error = t(:no_data)
end
else
remove_managers(@users)
end
authorization = get_or_create_authorization
remove_users_from_auth(authorization, @users)
end
render 'admin/authorizations/remove_users'
@users = authorization.authorized_users
render 'admin/authorizations/reload_users'
end
protected
def add_managers(users)
users.each do |user|
@module_app.assign_manager(user, current_user)
def add_managers_to_auth(users)
@module_app.add_managers(users)
end
def add_roles_to_auth(authorization, roles)
authorization.add_roles(roles)
end
def add_sub_roles_to_auth(authorization, sub_roles)
authorization.add_sub_roles(sub_roles)
end
def add_users_to_auth(authorization, users)
authorization.add_users(users)
end
def get_or_create_authorization
case @type
when 'category_approval'
if @object
@object.auth_approval || @object.create_auth_approval(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}")
else
@error = t(:no_data)
end
when 'category_authorization'
if @object
@object.auth_sub_manager || @object.create_auth_sub_manager(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}")
else
@error = t(:no_data)
end
when nil
@module_app.auth_manager || @module_app.create_auth_manager(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}")
else
auth = @object.get_authorization_by_title("#{@type}_#{@module_app.key}")
unless auth
auth = @object.create_auth_approval(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}") if @type.include?('approval')
auth = @object.create_auth_sub_manager(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}") if @type.include?('authorization')
end
auth
end
end
def add_users_to_object_auth(object_auth, users)
users.each do |user|
object_auth.add_user_to_privilege_list(user)
end
def remove_managers_from_auth(users)
@module_app.remove_manager(users)
end
def remove_managers(users)
users.each do |user|
@module_app.remove_manager(user)
end
def remove_roles_form_auth(authorization, roles)
authorization.remove_roles(roles)
end
def remove_users_form_object_auth(object_auth, users)
users.each do |user|
object_auth.remove_user_from_privilege_list(user)
end
def remove_sub_roles_from_auth(authorization, sub_roles)
authorization.remove_sub_roles(sub_roles)
end
def remove_users_from_auth(authorization, users)
authorization.remove_users(users)
end
private
def admin_or_manager
@override_can_use = true
setup_vars
authenticate_user!
user_is_manager?
@ -136,7 +191,7 @@ class Admin::AuthorizationsController < OrbitBackendController
@module_app = ModuleApp.first(conditions: {:key => params[:module]} ) if params[:module]
@type = params[:type].underscore if params[:type]
if @type
@klass = @type.classify.constantize rescue nil
@klass = @type.gsub('_authorization', '').gsub('_approval', '').classify.constantize rescue nil
@object = @klass.find(params[:id]) rescue nil
end
end

2
app/controllers/admin/dashboards_controller.rb
View File

@ -4,6 +4,8 @@ class Admin::DashboardsController < OrbitBackendController
#before_filter :authenticate_user!, :except => [:index]
# before_filter :is_admin?
prepend_before_filter :set_public
layout "basic_back_end"
def index

11
app/controllers/admin/users_new_interface_controller.rb
View File

@ -2,18 +2,9 @@ class Admin::UsersNewInterfaceController < OrbitMemberController
helper MemberHelper
# before_filter :authenticate_user!
# before_filter :set_attribute, :only => [:index, :show, :new, :edit]
before_filter :force_order_for_visitor,:only=>[:index,:show]
before_filter :force_order_for_user,:except => [:index,:show]
before_filter :set_attribute,:except => [:index,:show]
prepend_filter :set_public, :only => [:index, :show]
def setup_vars
# @app_title ||= controller_path.split('/')[1].singularize
# @module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
# raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil?
end
def index
get_tags

32
app/controllers/orbit_backend_controller.rb
View File

@ -1,7 +1,6 @@
class OrbitBackendController < ApplicationController
include OrbitCategory::Categorizing
include OrbitCoreLib::AppBackendUtility
include OrbitCoreLib::PermissionUtility
include OrbitCoreLib::Authorization
include OrbitTag::Tagging
include AdminHelper
include ApplicationHelper
@ -10,12 +9,6 @@ class OrbitBackendController < ApplicationController
layout "back_end"
def setup_vars
@app_title ||= controller_path.split('/')[1].singularize
@module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil?
end
def get_statuses
status = []
status << 'is_top'
@ -28,27 +21,4 @@ class OrbitBackendController < ApplicationController
end
status
end
private
def force_order_for_visitor
check_backend_openness
setup_vars
set_current_user
end
def force_order_for_user
setup_vars
set_current_user
authenticate_user!
check_user_can_use
end
def check_user_can_use
unless check_permission
#redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
redirect_to root_url
end
end
end

32
app/controllers/orbit_member_controller.rb
View File

@ -1,7 +1,6 @@
class OrbitMemberController < ApplicationController
include OrbitCategory::Categorizing
include OrbitCoreLib::AppBackendUtility
include OrbitCoreLib::PermissionUtility
include OrbitCoreLib::Authorization
include OrbitTag::Tagging
include AdminHelper
include ApplicationHelper
@ -10,12 +9,6 @@ class OrbitMemberController < ApplicationController
layout "member"
def setup_vars
@app_title ||= controller_path.split('/')[1].singularize
@module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil?
end
def get_statuses
status = []
status << 'is_top'
@ -28,27 +21,4 @@ class OrbitMemberController < ApplicationController
end
status
end
private
def force_order_for_visitor
check_backend_openness
setup_vars
set_current_user
end
def force_order_for_user
setup_vars
set_current_user
authenticate_user!
check_user_can_use
end
def check_user_can_use
unless check_permission
#redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
redirect_to root_url
end
end
end

4
app/helpers/orbit_backend_helper.rb
View File

@ -321,9 +321,9 @@ module OrbitBackendHelper
def is_authorized(object)
autorized = @module_app.authorizable_models.inject(false) do |autorized, klass|
if object.is_a?(klass.constantize)
autorized ||= object.cur_user_is_sub_manager_of("#{klass.underscore}_#{@module_app.key}")
autorized ||= object.user_can_sub_manage?(current_user)
else
autorized ||= object.category.cur_user_is_sub_manager_of("category_#{@module_app.key}")
autorized ||= object.category.user_can_sub_manage?(current_user)
end
autorized
end

6
app/models/auth/auth_approval.rb Normal file
View File

@ -0,0 +1,6 @@
class AuthApproval < Authorization
field :title
belongs_to :approval_authorizable, polymorphic: true
has_and_belongs_to_many :authorized_users, class_name: 'User', inverse_of: 'approving_apps'
end

4
app/models/auth/auth_manager.rb Normal file
View File

@ -0,0 +1,4 @@
class AuthManager < Authorization
# belongs_to :manager_authorizable, polymorphic: true
has_and_belongs_to_many :authorized_users, class_name: 'User', inverse_of: 'managing_apps'
end

6
app/models/auth/auth_sub_manager.rb Normal file
View File

@ -0,0 +1,6 @@
class AuthSubManager < Authorization
field :title
belongs_to :sub_manager_authorizable, polymorphic: true
has_and_belongs_to_many :authorized_users, class_name: 'User', inverse_of: 'sub_managing_apps'
end

108
app/models/auth/authorization.rb Normal file
View File

@ -0,0 +1,108 @@
class Authorization
include Mongoid::Document
include Mongoid::Timestamps
field :title
belongs_to :module_app
has_and_belongs_to_many :roles
has_and_belongs_to_many :sub_roles
delegate :update_auth_approval_users, :update_auth_manager_users, :update_auth_sub_manager_users, to: :module_app, prefix: true, allow_nil: true
after_save :update_module_app
def add_roles(roles)
users = []
roles = Array(roles)
add_operation(:roles, roles)
sub_roles = []
roles.each{|role| role.sub_roles.each{|sub_role| sub_roles << sub_role.id}}
add_operation(:sub_roles, sub_roles)
roles.each{|role| role.users.where(admin: false).each{|user| users << user}}
add_users(users, false)
end
def add_sub_roles(sub_roles)
users = []
sub_roles = Array(sub_roles)
add_operation(:sub_roles, sub_roles)
sub_roles.each do |sub_role|
self.roles << sub_role.role unless self.roles.include?(sub_role.role)
sub_role.users.where(admin: false).each{|user| users << user}
end
add_users(users, false)
end
def add_users(users, with_parents = true)
users = Array(users)
add_operation(:authorized_users, users)
users.each do |user|
user.roles.each do |role|
self.roles << role unless self.roles.include?(role)
end
user.sub_roles.each do |sub_role|
self.sub_roles << sub_role unless self.sub_roles.include?(sub_role)
end
end if with_parents
self.save
end
def remove_roles(roles)
users = []
sub_roles = []
roles = Array(roles)
remove_operation(:roles, roles)
roles.each do |role|
role.sub_roles.each{|sub_role| sub_roles << sub_role}
role.users.where(admin: false).each{|user| users << user}
end
remove_operation(:sub_role_ids, sub_roles)
remove_operation(:authorized_user_ids, users)
add_roles(self.roles)
end
def remove_sub_roles(sub_roles)
users = []
sub_roles = Array(sub_roles)
remove_operation(:sub_roles, sub_roles)
sub_roles.each do |sub_role|
users << sub_role.users.where(admin: false)
end
remove_operation(:authorized_user_ids, users)
add_roles(self.roles)
end
def remove_users(users)
users = Array(users)
remove_operation(:authorized_user_ids, users)
self.save
end
protected
def add_operation(db_field, objs)
objs.each do |obj|
self.send(db_field) << obj unless self.send(db_field).include?(obj)
end
end
def remove_operation(db_field, obj)
self.write_attribute(db_field, self.send(db_field) - obj.map{|y| y.id})
end
private
def update_module_app
case self._type
when "AuthApproval"
self.module_app_update_auth_approval_users
when "AuthManager"
self.module_app_update_auth_manager_users
when "AuthSubManager"
self.module_app_update_auth_sub_manager_users
end
end
end

2
app/models/category.rb
View File

@ -1,7 +1,7 @@
class Category
include Mongoid::Document
include Mongoid::Timestamps
include OrbitCoreLib::ObjectAuthable
include OrbitModel::Authorizable
field :disable, type: Boolean, default: false
field :title, localize: true

82
app/models/module_app.rb
View File

@ -1,16 +1,26 @@
class ModuleApp
include Mongoid::Document
include Mongoid::Timestamps
include OrbitCoreLib::ObjectTokenUtility
include OrbitApp::ModuleAppMembershipTools
# include OrbitCoreLib::ObjectTokenUtility
# include OrbitApp::ModuleAppMembershipTools
field :auth_approval_users, type: Array, default: nil
field :auth_manager_users, type: Array, default: nil
field :auth_sub_manager_users, type: Array, default: nil
field :key
field :title
field :sidebar_order,type: Integer,default: 0
has_one :auth_manager, dependent: :destroy
has_many :auth_approvals, dependent: :destroy
has_many :auth_sub_managers, dependent: :destroy
has_many :categories, dependent: :destroy
has_many :module_tags, dependent: :destroy
has_many :approvals #to remove
delegate :authorized_users, to: :auth_manager, prefix: true, allow_nil: true
def refetch_setting!(reg)
# %w{module_label category base_url version organization author intro update_info create_date}.each do |field|
# self[field.to_sym] = reg.send field
@ -24,6 +34,7 @@ class ModuleApp
self[:has_category] = reg.get_has_category
self[:is_approvable] = reg.get_is_approvable
self[:is_authorizable] = reg.get_is_authorizable
self[:approvable_models] = reg.get_approvable_models
self[:authorizable_models] = reg.get_authorizable_models
end
@ -168,4 +179,71 @@ class ModuleApp
self.module_tags.map{|t| t.tag }
end
# authorization
def update_auth_approval_users
user_ids = self.auth_approvals.inject([]) do |users, auth|
users += auth.authorized_users.map{|user| user.id}
end
update_attribute(:auth_approval_users, user_ids.uniq)
end
def update_auth_manager_users
update_attribute(:auth_manager_users, self.auth_manager_authorized_users.map{|user| user.id})
end
def update_auth_sub_manager_users
user_ids = self.auth_sub_managers.inject([]) do |users, auth|
users += auth.authorized_users.map{|user| user.id}
end
update_attribute(:auth_sub_manager_users, user_ids.uniq)
end
def managers
auth_manager_authorized_users || []
end
def user_can_manage?(user)
managers.include?(user)
end
def add_managers(users)
users = Array(users)
if auth_manager = self.auth_manager
auth_manager.update_attribute(:authorized_users, (auth_manager.authorized_users + users).uniq)
else
self.create_auth_manager(authorized_users: users)
end
end
def remove_managers(users)
users = Array(users)
users = users.delete_if{|user| user == current_user || is_admin?}
self.auth_manager.update_attribute(:authorized_users, auth_manager.authorized_users - users)
end
def is_manager?(user)
if user && !auth_manager_users.blank?
auth_manager_users.include?(user.id)
else
false
end
end
def is_sub_manager?(user)
if user && !auth_sub_manager_users.blank?
auth_sub_manager_users.include?(user.id)
else
false
end
end
def can_approve?(user)
if user && !auth_approval_users.blank?
auth_approval_users.include?(user.id)
else
false
end
end
end

10
app/models/user/user.rb
View File

@ -19,12 +19,16 @@ class User
field :cache_dept,type: Hash
field :status_record,type: Hash
has_and_belongs_to_many :approving_apps, class_name: 'AuthApproval', inverse_of: 'authorized_users'
has_and_belongs_to_many :managing_apps, class_name: 'AuthManager', inverse_of: 'authorized_users'
has_and_belongs_to_many :sub_managing_apps, class_name: 'AuthSubManager', inverse_of: 'authorized_users'
has_many :attribute_values, :autosave => true, :dependent => :destroy
has_many :app_auths,as: :privilege_apps,:inverse_of => :privilege_lists
has_many :blocked_apps, :inverse_of => :blocked_users, :class_name => "AppAuth", :dependent => :destroy
has_many :privilege_apps, :inverse_of => :privilege_users, :class_name => "AppAuth", :dependent => :destroy
has_many :managing_apps,:class_name => "AppManager", :dependent => :destroy
# has_many :managing_apps,:class_name => "AppManager", :dependent => :destroy
has_one :desktop, :autosave => true, :dependent => :destroy
has_one :facebook, :autosave => true, :dependent => :destroy
has_many :other_accounts, :autosave => true, :dependent => :destroy
@ -273,8 +277,8 @@ class User
end
def managed_module_apps
self.managing_apps.inject([]) do |managed_apps, app_manager|
managed_apps << app_manager.managing_app unless app_manager.managing_app.blank?
self.managing_apps.inject([]) do |managed_apps, auth_manager|
managed_apps << auth_manager.module_app
managed_apps
end
end

4
app/views/admin/authorizations/_user.html.erb
View File

@ -1,10 +1,10 @@
<li class="filter-item selected_user <%= 'check-item' unless user == current_user || is_admin? %>" id="<%= user.id %>">
<li class="filter-item selected_user <%= 'check-item' unless user == current_user || user.admin %>" id="<%= user.id %>">
<label>
<%= image_tag (user.avatar? ? user.avatar.thumb : 'menber-pic.png'), :class => "user-pic" %>
<span class="user-name"><%= user.name %></span>
<span><%= get_user_module_role(user) %></span>
</label>
<% unless user == current_user || is_admin? %>
<% unless user == current_user || user.admin %>
<input type="checkbox">
<% end %>
</li>

8
app/views/admin/authorizations/index.html.erb
View File

@ -13,11 +13,13 @@
</div>
</div>
<div class="mini-layout-body span10">
<%= link_to t(:module_authorization), admin_authorizations_path(@module_app.key) %>
<%= link_to t(:module_authorization), admin_authorizations_path(@module_app.key) if @module_app.is_authorizable %>
<% @module_app.authorizable_models.each do |authorizable_model| %>
<%= link_to (authorizable_model.eql?('Category') ? t(:category_auth) : "#{authorizable_model.underscore.humanize.capitalize} #{t(:authorization_)}"), admin_authorizations_path(@module_app.key, type: authorizable_model.underscore) %>
<%= link_to (authorizable_model.eql?('Category') ? t(:category_auth) : "#{authorizable_model.underscore.humanize.capitalize} #{t(:authorization_)}"), admin_authorizations_path(@module_app.key, type: "#{authorizable_model.underscore}_authorization") %>
<% end %>
<% @module_app.approvable_models.each do |approvable_model| %>
<%= link_to (approvable_model.eql?('Category') ? t(:approval_) : "#{approvable_model.underscore.humanize.capitalize} #{t(:approval_)}"), admin_authorizations_path(@module_app.key, type: "#{approvable_model.underscore}_approval") %>
<% end %>
<%= link_to t(:approval_), admin_authorizations_path(@module_app.key, type: 'approval') if @module_app.is_approvable %>
<% if @error %>
<%= @error %>
<% else %>

2
app/views/admin/authorizations/insert_users.js.erb
View File

@ -1,2 +0,0 @@
$("#card-list").append("<%= j render partial: 'user', collection: @users %>");
$("#member-filter").modal('hide');

2
app/views/admin/authorizations/reload_users.js.erb Normal file
View File

@ -0,0 +1,2 @@
$("#card-list").html("<%= j render partial: 'user', collection: @users %>");
$("#member-filter").modal('hide');

1
config/application.rb
View File

@ -27,6 +27,7 @@ module Orbit
# Custom directories with classes and modules you want to be autoloadable.
# config.autoload_paths += %W(#{config.root}/extras)
config.autoload_paths += %W(#{config.root}/app/models/auth)
config.autoload_paths += %W(#{config.root}/app/models/ckeditor)
config.autoload_paths += %W(#{config.root}/app/models/design)
config.autoload_paths += %W(#{config.root}/app/models/desktop)

18
lib/orbit_app/module/registration.rb
View File

@ -28,7 +28,7 @@ module OrbitApp
end
class DataSheet
attr_reader :name,:key,:base_path,:module_label,:data_count, :has_category, :has_tag, :authorizable_models, :is_approvable, :is_authorizable
attr_reader :name,:key,:base_path,:module_label,:data_count, :has_category, :has_tag, :approvable_models, :authorizable_models, :is_approvable, :is_authorizable
def initialize(name, &block)
@name = name
@ -39,6 +39,7 @@ module OrbitApp
@data_count = 1..15 # as default
@has_category = nil
@has_tag = nil
@approvable_models = []
@authorizable_models = []
@is_approvable = nil
@is_authorizable = nil
@ -145,8 +146,13 @@ module OrbitApp
define_method(field){|var| instance_variable_set( "@" + field, var)}
end
def approvable(link=true)
def approvable(link=true, &block)
@is_approvable = {:with_link => link}
if block
block.call
else
approvable_on
end
end
def authorizable(link=true, &block)
@ -158,6 +164,10 @@ module OrbitApp
end
end
def approvable_on(klass = 'Category')
@approvable_models << klass
end
def authorizable_on(klass = 'Category')
@authorizable_models << klass
end
@ -170,6 +180,10 @@ module OrbitApp
@has_tag = true
end
def get_approvable_models
@approvable_models
end
def get_authorizable_models
@authorizable_models
end

4
lib/orbit_category/categorizing.rb
View File

@ -9,11 +9,11 @@ module OrbitCategory
end
end
def get_categories_for_form(func_authed_for_sub_manager = "category_#{@module_app.key}")
def get_categories_for_form
categories = if is_manager? || is_admin?
@module_app.categories.enabled
elsif is_sub_manager?
@module_app.categories.enabled.authed_for_user(current_user, func_authed_for_sub_manager)
@module_app.categories.enabled.entries.delete_if{|category| !category.user_can_sub_manage?(current_user)}
end
if categories.empty?
flash[:alert] = t(:no_category)

35
lib/orbit_core_lib.rb
View File

@ -140,30 +140,39 @@ module OrbitCoreLib
end
end
module AppBackendUtility
module Authorization
def self.included(base)
base.class_eval do
before_filter :can_use
end
end
def setup_vars
@app_title ||= controller_path.split('/')[1].singularize
@module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
# raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil?
end
private
def force_order_for_visitor
setup_vars
set_current_user
def can_use
unless @override_can_use
check_backend_openness if @public
setup_vars
set_current_user
unless @public
authenticate_user!
check_user_can_use
end
end
end
def force_order_for_user
setup_vars
set_current_user
authenticate_user!
check_user_can_use
def set_public
@public = true
end
def check_user_can_use
unless check_permission
#redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
def check_user_can_use
unless current_or_guest_user.admin? || @module_app.is_manager?(current_or_guest_user) || @module_app.is_sub_manager?(current_or_guest_user) || @module_app.can_approve?(current_or_guest_user)
redirect_to root_url
end
end

55
lib/orbit_model/authorizable.rb Normal file
View File

@ -0,0 +1,55 @@
module OrbitModel
module Authorizable
def self.included(base)
base.class_eval do
has_one :auth_approval, as: :approval_authorizable, dependent: :destroy
has_one :auth_sub_manager, as: :sub_manager_authorizable, dependent: :destroy
delegate :authorized_users, to: :auth_approval, prefix: true, allow_nil: true
delegate :authorized_users, to: :auth_sub_manager, prefix: true, allow_nil: true
send :include, InstanceMethods
end
end
module InstanceMethods
# Normal case
# Use of categories to define approval and sub-manager
def approval_users
auth_approval_authorized_users
end
def sub_managers
auth_sub_manager_authorized_users
end
def user_can_approve?(user)
approval_users.include?(user) if approval_users
end
def user_can_sub_manage?(user)
sub_managers.include?(user) if sub_managers
end
# Specific case
# Approval or sub-manager is defined on something else than categories
def authorized_users_by_title(title)
approval_users if auth_approval && auth_approval.title.eql?(title)
sub_managers if auth_sub_manager && auth_sub_manager.title.eql?(title)
end
def get_authorization_by_title(title)
auth_approval if auth_approval && auth_approval.title.eql?(title)
auth_sub_manager if auth_sub_manager && auth_sub_manager.title.eql?(title)
end
def user_is_authorized_by_title?(user, title)
authorized_users_by_title(title).include?(user)
end
end
end
end

6
vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb vendored
View File

@ -3,11 +3,7 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
before_filter :clean_values, :only => [:create, :update]
# before_filter :for_admin_only,:only => [:]
# before_filter :for_app_manager,:only => [:index,:show,]
before_filter :force_order_for_visitor,:only=>[:index,:show,:get_sorted_and_filtered_bulletins]
before_filter :force_order_for_user,:except => [:index,:show,:get_sorted_and_filtered_bulletins]
before_filter :for_app_sub_manager,:except => [:index,:show,:get_sorted_and_filtered_bulletins]
prepend_before_filter :set_public, :only => [:index, :show, :get_sorted_and_filtered_bulletins]
before_filter :only => [ :new, :create, :edit, :update ] do |controller|
@categories = get_categories_for_form

7
vendor/built_in_modules/page_content/app/controllers/panel/page_content/back_end/page_contexts_controller.rb vendored
View File

@ -1,9 +1,6 @@
class Panel::PageContent::BackEnd::PageContextsController < OrbitBackendController
before_filter :force_order_for_visitor,:only=>[:index]
before_filter :force_order_for_user,:except => [:index]
before_filter :for_app_manager,:except => [:index]
before_filter :for_app_sub_manager,:except => [:index]
prepend_before_filter :set_public, :only => [:index]
#before_filter :is_admin?

2
vendor/built_in_modules/page_content/app/models/page_context.rb vendored
View File

@ -5,7 +5,7 @@ class PageContext
include Mongoid::Timestamps
include Mongoid::MultiParameterAttributes
include Impressionist::Impressionable
include OrbitCoreLib::ObjectAuthable
include OrbitModel::Authorizable
is_impressionable :counter_cache => { :column_name => :view_count }