From 3a8dbd6af4baebcda062f264df80b41ccd6aeb56 Mon Sep 17 00:00:00 2001 From: Matthew Kaito Juyuan Fu Date: Tue, 7 Feb 2012 16:16:48 +0800 Subject: [PATCH 1/3] first commit for object auth,will take new_blog for experiment --- .../admin/object_auths_controller.rb | 71 ++++++++++++++ app/models/app_auth.rb | 93 +------------------ app/models/object_auth.rb | 11 +++ app/models/prototype_auth.rb | 93 +++++++++++++++++++ .../components/_user_role_management.html.erb | 34 +++++++ app/views/admin/module_apps/edit.html.erb | 33 +------ .../admin/object_auths/_auth_unit.html.erb | 3 + app/views/admin/object_auths/edit.html.erb | 13 +++ app/views/admin/object_auths/index.html.erb | 39 ++++++++ config/routes.rb | 2 + .../new_blog/app/models/post.rb | 1 + 11 files changed, 271 insertions(+), 122 deletions(-) create mode 100644 app/controllers/admin/object_auths_controller.rb create mode 100644 app/models/object_auth.rb create mode 100644 app/models/prototype_auth.rb create mode 100644 app/views/admin/components/_user_role_management.html.erb create mode 100644 app/views/admin/object_auths/_auth_unit.html.erb create mode 100644 app/views/admin/object_auths/edit.html.erb create mode 100644 app/views/admin/object_auths/index.html.erb diff --git a/app/controllers/admin/object_auths_controller.rb b/app/controllers/admin/object_auths_controller.rb new file mode 100644 index 00000000..2b54cc5e --- /dev/null +++ b/app/controllers/admin/object_auths_controller.rb @@ -0,0 +1,71 @@ +class Admin::ObjectAuthsController < ApplicationController + layout "admin" + before_filter :authenticate_user! +# before_filter :is_admin? ,:only => :index + + def index + # @roles = Role.all.entries + # apps = Purchase.where(:type =>"App") + # @app_auth_data = apps.entries.map do |app| + # app_c = eval(app.app_controller) + # obj = app_c.new + # obj_auth = obj.send "auth" + # [:app_obj => app,:auth_field => obj_auth] + # end + # if current_user.admin? + @object_auths = ObjectAuth.all + # else + # @module_apps = current_user.managing_apps.collect{|t| t.managing_app} + # end + end + + def create + # app_auth = AppAuth.find_or_create_by(module_app_id: params[:module_app_id]) + # params[:new].each do |item| + # field = item[0] + # field_value = item[1] + # if field_value!='' + # case field + # when 'role' + # app_auth.send("add_#{field}",(Role.find field_value)) rescue nil + # when 'sub_role' + # app_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil + # when 'privilege_user' + # app_auth.add_user_to_privilege_list (User.find field_value) rescue nil + # when 'blocked_user' + # app_auth.add_user_to_black_list (User.find field_value) rescue nil + # end + # end + # end + # app = ModuleApp.find params[:module_app_id] rescue nil + # redirect_to edit_admin_module_app_path(app) + end + + def remove + # app_auth = AppAuth.find( params[:id] ) + # type = params[:type] + # field_value = params[:target_id] + # if field_value!='' + # case type + # when 'role' + # app_auth.remove_role(Role.find field_value) rescue nil + # when 'sub_role' + # app_auth.remove_sub_role(SubRole.find field_value) rescue nil + # when 'privilege_user' + # app_auth.remove_user_from_privilege_list (User.find field_value) rescue nil + # when 'blocked_user' + # app_auth.remove_user_from_black_list (User.find field_value) rescue nil + # end + # end + # + # app = ModuleApp.find params[:module_app_id] rescue nil + # redirect_to edit_admin_module_app_path(app) + end + + def edit + @object_auth = ObjectAuth.find(params[:id]) + end + + + +end \ No newline at end of file diff --git a/app/models/app_auth.rb b/app/models/app_auth.rb index b31add3c..5a3de60c 100644 --- a/app/models/app_auth.rb +++ b/app/models/app_auth.rb @@ -1,94 +1,5 @@ -class AppAuth - include Mongoid::Document - include Mongoid::Timestamps - # after_save :update_block_list,:update_privilage_list - - field :title - field :token - field :all ,type: Boolean,default: false +class AppAuth < PrototypeAuth + belongs_to :module_app - belongs_to :users - # belongs_to :users,as: :block_users, :inverse_of => :privilege_apps - has_and_belongs_to_many :blocked_users, :inverse_of => nil, :class_name => "User" - has_and_belongs_to_many :privilege_users, :inverse_of => nil, :class_name => "User" - - - has_and_belongs_to_many :roles - has_and_belongs_to_many :sub_roles - - attr_protected :roles,:sub_roles,:privilege_users,:blocked_users,:users - - def add_role role - add_operation(:roles,role) - end - - def add_sub_role role - add_operation(:sub_roles,role) - end - - def remove_role role - remove_operation(:roles,role) - end - - def remove_sub_role role - remove_operation(:sub_roles,role) - end - - def add_user_to_black_list user - add_operation(:blocked_users,user) - end - - def remove_user_from_black_list user - remove_operation(:blocked_users,user) - end - - def add_user_to_privilege_list user - add_operation(:privilege_users,user) - end - - def remove_user_from_privilege_list user - remove_operation(:privilege_users,user) - end - - def remove_operation(item,obj) - if (self.send item).include? obj - (self.send item).delete obj - self.save! - else - false #should put error message for user not existed in list - end - end - - def add_operation(item,obj) - unless (self.send item).include?(obj) - (self.send item) << obj - self.save! - else - false #should put error message for user existed in list already - end - end - - def auth_users - if self.all? - User.all.entries - else - ary=[] - [:roles,:sub_roles].each do |t_role| - ary += (self.send t_role).collect do |role| - role.users - end - end - ary << self.privilege_users - ary.flatten!.uniq - end - end - - def auth_users_after_block_list - auth_users - self.blocked_users - end - - # protected - - end \ No newline at end of file diff --git a/app/models/object_auth.rb b/app/models/object_auth.rb new file mode 100644 index 00000000..dab7acc7 --- /dev/null +++ b/app/models/object_auth.rb @@ -0,0 +1,11 @@ +class ObjectAuth < PrototypeAuth + + belongs_to :obj_authable, polymorphic: true + # > - Something.find_with_auth(query) + # > - or Something.find(query).auth + def auth_obj + class_obj = eval(self.obj_authable_type) + class_obj.find self.obj_authable_id + end + +end \ No newline at end of file diff --git a/app/models/prototype_auth.rb b/app/models/prototype_auth.rb new file mode 100644 index 00000000..734268c4 --- /dev/null +++ b/app/models/prototype_auth.rb @@ -0,0 +1,93 @@ +class PrototypeAuth + include Mongoid::Document + include Mongoid::Timestamps + # after_save :update_block_list,:update_privilage_list + + field :title + field :token + field :all ,type: Boolean,default: false + + belongs_to :users + # belongs_to :users,as: :block_users, :inverse_of => :privilege_apps + has_and_belongs_to_many :blocked_users, :inverse_of => nil, :class_name => "User" + has_and_belongs_to_many :privilege_users, :inverse_of => nil, :class_name => "User" + + + has_and_belongs_to_many :roles + has_and_belongs_to_many :sub_roles + + attr_protected :roles,:sub_roles,:privilege_users,:blocked_users,:users + + def add_role role + add_operation(:roles,role) + end + + def add_sub_role role + add_operation(:sub_roles,role) + end + + def remove_role role + remove_operation(:roles,role) + end + + def remove_sub_role role + remove_operation(:sub_roles,role) + end + + def add_user_to_black_list user + add_operation(:blocked_users,user) + end + + def remove_user_from_black_list user + remove_operation(:blocked_users,user) + end + + def add_user_to_privilege_list user + add_operation(:privilege_users,user) + end + + def remove_user_from_privilege_list user + remove_operation(:privilege_users,user) + end + + def remove_operation(item,obj) + if (self.send item).include? obj + (self.send item).delete obj + self.save! + else + false #should put error message for user not existed in list + end + end + + def add_operation(item,obj) + unless (self.send item).include?(obj) + (self.send item) << obj + self.save! + else + false #should put error message for user existed in list already + end + end + + def auth_users + if self.all? + User.all.entries + else + ary=[] + [:roles,:sub_roles].each do |t_role| + ary += (self.send t_role).collect do |role| + role.users + end + end + ary << self.privilege_users + ary.flatten!.uniq + end + end + + def auth_users_after_block_list + auth_users - self.blocked_users + end + + # protected + + +end \ No newline at end of file diff --git a/app/views/admin/components/_user_role_management.html.erb b/app/views/admin/components/_user_role_management.html.erb new file mode 100644 index 00000000..7afca0a4 --- /dev/null +++ b/app/views/admin/components/_user_role_management.html.erb @@ -0,0 +1,34 @@ +
+ <%#= debugger %> +

User Role

+ <%= debugger %> + <%= form_tag(polymorphic_path([controller_path.split('/')[0],object,auth.class.name.underscore]),:method => :post) do %> + <%= collection_select(:new,:role, Role.all, :id, :key, :prompt => true) %> + <%= submit_tag 'Add Role' %>
+ <%= collection_select(:new,:sub_role, SubRole.all, :id, :key, :prompt => true) %> + <%= submit_tag 'Add SubRole' %>
+ <%= collection_select(:new,:privilege_user, User.all, :id, :name, :prompt => true) %> + <%= submit_tag 'Add PrivilegeList' %>
+ <%= collection_select(:new,:blocked_user, User.all, :id, :name, :prompt => true) %> + <%= submit_tag 'Add BlockedList' %>
+ <% end %> + + <% unless auth.nil? %> + <% auth.roles.each do |role| %> +
  • <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %> + <%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'role',:target_id=>role.id),:method => :delete %>
  • + <% end %> + + <% auth.sub_roles.each do |role| %> +
  • <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %>
  • <%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'sub_role',:target_id=>role.id),:method => :delete %> + <% end %> + + <% auth.privilege_users.each do |user| %> +
  • <%= user.name %> <%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'privilege_user',:target_id=>user.id),:method => :delete %>
  • + <% end %> + + <% auth.blocked_users.each do |user| %> +
  • <%= user.name %><%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'blocked_user',:target_id=>user.id),:method => :delete %>
  • + <% end %> +<% end %> +
    \ No newline at end of file diff --git a/app/views/admin/module_apps/edit.html.erb b/app/views/admin/module_apps/edit.html.erb index 9429e963..5a2d56ec 100644 --- a/app/views/admin/module_apps/edit.html.erb +++ b/app/views/admin/module_apps/edit.html.erb @@ -36,34 +36,5 @@ -
    -

    User Role

    - <%= form_tag(admin_module_app_app_auths_path(@module_app),:method => :post) do %> - <%= collection_select(:new,:role, Role.all, :id, :key, :prompt => true) %> - <%= submit_tag 'Add Role' %>
    - <%= collection_select(:new,:sub_role, SubRole.all, :id, :key, :prompt => true) %> - <%= submit_tag 'Add SubRole' %>
    - <%= collection_select(:new,:privilege_user, User.all, :id, :name, :prompt => true) %> - <%= submit_tag 'Add PrivilegeList' %>
    - <%= collection_select(:new,:blocked_user, User.all, :id, :name, :prompt => true) %> - <%= submit_tag 'Add BlockedList' %>
    - <% end %> - - <% unless @module_app.app_auth.nil? %> - <% @module_app.app_auth.roles.each do |role| %> -
  • <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %> <%= link_to '[X]',remove_admin_module_app_app_auth_path(@module_app,@module_app.app_auth,'role',role),:method => :delete %>
  • - <% end %> - - <% @module_app.app_auth.sub_roles.each do |role| %> -
  • <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %>
  • <%= link_to '[X]',remove_admin_module_app_app_auth_path(@module_app,@module_app.app_auth,'sub_role',role),:method => :delete %> - <% end %> - - <% @module_app.app_auth.privilege_users.each do |user| %> -
  • <%= user.name %> <%= link_to '[X]',remove_admin_module_app_app_auth_path(@module_app,@module_app.app_auth,'privilege_user',user),:method => :delete %>
  • - <% end %> - - <% @module_app.app_auth.blocked_users.each do |user| %> -
  • <%= user.name %><%= link_to '[X]',remove_admin_module_app_app_auth_path(@module_app,@module_app.app_auth,'blocked_user',user),:method => :delete %>
  • - <% end %> -<% end %> -
    +<%= render :partial => "admin/components/user_role_management", :locals => { :object => @module_app ,:auth=> @module_app.app_auth } %> + diff --git a/app/views/admin/object_auths/_auth_unit.html.erb b/app/views/admin/object_auths/_auth_unit.html.erb new file mode 100644 index 00000000..5a246fc3 --- /dev/null +++ b/app/views/admin/object_auths/_auth_unit.html.erb @@ -0,0 +1,3 @@ +
    + <%= unit%> +
    \ No newline at end of file diff --git a/app/views/admin/object_auths/edit.html.erb b/app/views/admin/object_auths/edit.html.erb new file mode 100644 index 00000000..62e9b465 --- /dev/null +++ b/app/views/admin/object_auths/edit.html.erb @@ -0,0 +1,13 @@ +<% content_for :secondary do %> +<% end %> + + +
    +
    +
    + +

    <%= @object_auth.title %>

    + +<%= render :partial => "admin/components/user_role_management", :locals => { :object => @object_auth.auth_obj ,:auth=> @object_auth } %> + + diff --git a/app/views/admin/object_auths/index.html.erb b/app/views/admin/object_auths/index.html.erb new file mode 100644 index 00000000..7db021e5 --- /dev/null +++ b/app/views/admin/object_auths/index.html.erb @@ -0,0 +1,39 @@ +<% content_for :secondary do %> + <% #render 'side_bar' %> +<% end %> + +
    + <%= flash_messages %> +
    + <% #link_to t('admin.new_user'), new_admin_user_path, :class => 'new' %> +
    + + + + + + + + + + <% @object_auths.each do |object_auth| %> + + + + + + + + + + <% end %> + +
    <%= t('admin.object_auth.title') %><%= t('admin.object_auth.obj_type') %>
    <%= object_auth.title %><%= object_auth.obj_authable_type.to_s %> + <%= link_to t(:show), admin_object_auth_path(object_auth), :class => 'show' %> + <%= link_to t(:edit), edit_admin_object_auth_path(object_auth), :class => 'edit' %> + <%= link_to t(:delete), admin_object_auth_path(object_auth), :class => 'delete', :confirm => t('sure?'), :method => :delete %> +
    +
    + <%# link_to t('admin.new_user'), new_admin_user_path, :class => 'new' %> +
    +
    diff --git a/config/routes.rb b/config/routes.rb index 3d483d08..275ef202 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -13,6 +13,8 @@ PrototypeR4::Application.routes.draw do namespace :admin do resources :assets resources :app_auths + resources :object_auths + resources :ad_banners resources :designs do collection do diff --git a/vendor/built_in_modules/new_blog/app/models/post.rb b/vendor/built_in_modules/new_blog/app/models/post.rb index f60c1c19..2926c305 100644 --- a/vendor/built_in_modules/new_blog/app/models/post.rb +++ b/vendor/built_in_modules/new_blog/app/models/post.rb @@ -5,4 +5,5 @@ class Post field :body, :type => String embeds_many :comments validates_presence_of :title, :body + has_one :object_auth,as: :obj_authable,dependent: :delete end \ No newline at end of file From 31d7cd5b380e65d2e05fe6d7d423515ebc40e7e4 Mon Sep 17 00:00:00 2001 From: Matthew Kaito Juyuan Fu Date: Thu, 9 Feb 2012 17:48:51 +0800 Subject: [PATCH 2/3] Object Auth. Now object can be included with "include OrbitCoreLib::ObjectAuthable" to use kernel method,such as 1.Object.authed_for_user(user,title_of_object_auth). title_of_object_auth is optional 2.object.authed_users(user,title_of_object_auth) . title_of_object_auth is optional if title_of_object_auth is not given,then it will return calculation across all possiblity. --- .../admin/object_auths_controller.rb | 79 +++++++++---------- .../components/_user_role_management.html.erb | 12 ++- app/views/admin/module_apps/edit.html.erb | 2 +- app/views/admin/object_auths/edit.html.erb | 3 +- config/routes.rb | 7 +- lib/orbit_core_lib.rb | 42 ++++++++++ .../new_blog/app/models/post.rb | 3 +- 7 files changed, 96 insertions(+), 52 deletions(-) create mode 100644 lib/orbit_core_lib.rb diff --git a/app/controllers/admin/object_auths_controller.rb b/app/controllers/admin/object_auths_controller.rb index 2b54cc5e..7c6f60f0 100644 --- a/app/controllers/admin/object_auths_controller.rb +++ b/app/controllers/admin/object_auths_controller.rb @@ -19,53 +19,50 @@ class Admin::ObjectAuthsController < ApplicationController # end end - def create - # app_auth = AppAuth.find_or_create_by(module_app_id: params[:module_app_id]) - # params[:new].each do |item| - # field = item[0] - # field_value = item[1] - # if field_value!='' - # case field - # when 'role' - # app_auth.send("add_#{field}",(Role.find field_value)) rescue nil - # when 'sub_role' - # app_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil - # when 'privilege_user' - # app_auth.add_user_to_privilege_list (User.find field_value) rescue nil - # when 'blocked_user' - # app_auth.add_user_to_black_list (User.find field_value) rescue nil - # end - # end - # end - # app = ModuleApp.find params[:module_app_id] rescue nil - # redirect_to edit_admin_module_app_path(app) - end + def create_role + object_auth = ObjectAuth.find(params[:id]) + params[:new].each do |item| + field = item[0] + field_value = item[1] + if field_value!='' + case field + when 'role' + object_auth.send("add_#{field}",(Role.find field_value)) rescue nil + when 'sub_role' + object_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil + when 'privilege_user' + object_auth.add_user_to_privilege_list (User.find field_value) rescue nil + when 'blocked_user' + object_auth.add_user_to_black_list (User.find field_value) rescue nil + end + end + end + redirect_to edit_admin_object_auth_path(object_auth) + end - def remove - # app_auth = AppAuth.find( params[:id] ) - # type = params[:type] - # field_value = params[:target_id] - # if field_value!='' - # case type - # when 'role' - # app_auth.remove_role(Role.find field_value) rescue nil - # when 'sub_role' - # app_auth.remove_sub_role(SubRole.find field_value) rescue nil - # when 'privilege_user' - # app_auth.remove_user_from_privilege_list (User.find field_value) rescue nil - # when 'blocked_user' - # app_auth.remove_user_from_black_list (User.find field_value) rescue nil - # end - # end - # - # app = ModuleApp.find params[:module_app_id] rescue nil - # redirect_to edit_admin_module_app_path(app) + def remove_role + object_auth = ObjectAuth.find(params[:id]) + type = params[:type] + field_value = params[:target_id] + if field_value!='' + case type + when 'role' + object_auth.remove_role(Role.find field_value) rescue nil + when 'sub_role' + object_auth.remove_sub_role(SubRole.find field_value) rescue nil + when 'privilege_user' + object_auth.remove_user_from_privilege_list (User.find field_value) rescue nil + when 'blocked_user' + object_auth.remove_user_from_black_list (User.find field_value) rescue nil + end + end + redirect_to edit_admin_object_auth_path(object_auth) end def edit @object_auth = ObjectAuth.find(params[:id]) end - + end \ No newline at end of file diff --git a/app/views/admin/components/_user_role_management.html.erb b/app/views/admin/components/_user_role_management.html.erb index 7afca0a4..59307351 100644 --- a/app/views/admin/components/_user_role_management.html.erb +++ b/app/views/admin/components/_user_role_management.html.erb @@ -1,8 +1,6 @@
    - <%#= debugger %>

    User Role

    - <%= debugger %> - <%= form_tag(polymorphic_path([controller_path.split('/')[0],object,auth.class.name.underscore]),:method => :post) do %> + <%= form_tag(submit_url) do %> <%= collection_select(:new,:role, Role.all, :id, :key, :prompt => true) %> <%= submit_tag 'Add Role' %>
    <%= collection_select(:new,:sub_role, SubRole.all, :id, :key, :prompt => true) %> @@ -16,19 +14,19 @@ <% unless auth.nil? %> <% auth.roles.each do |role| %>
  • <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %> - <%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'role',:target_id=>role.id),:method => :delete %>
  • + <%= link_to '[X]',polymorphic_path(ploy_route_ary,:type=>'role',:target_id=>role.id),:method => :delete %> <% end %>
      Sub Roles
    <% auth.sub_roles.each do |role| %> -
  • <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %>
  • <%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'sub_role',:target_id=>role.id),:method => :delete %> +
  • <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %>
  • <%= link_to '[X]',polymorphic_path(ploy_route_ary,:type=>'sub_role',:target_id=>role.id),:method => :delete %> <% end %>
      PrivilegeList
    <% auth.privilege_users.each do |user| %> -
  • <%= user.name %> <%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'privilege_user',:target_id=>user.id),:method => :delete %>
  • +
  • <%= user.name %> <%= link_to '[X]',polymorphic_path(ploy_route_ary,:type=>'privilege_user',:target_id=>user.id),:method => :delete %>
  • <% end %>
      BlockedList
    <% auth.blocked_users.each do |user| %> -
  • <%= user.name %><%= link_to '[X]',polymorphic_path(['remove',:admin,object,auth],:type=>'blocked_user',:target_id=>user.id),:method => :delete %>
  • +
  • <%= user.name %><%= link_to '[X]',polymorphic_path(ploy_route_ary,:type=>'blocked_user',:target_id=>user.id),:method => :delete %>
  • <% end %> <% end %>
    \ No newline at end of file diff --git a/app/views/admin/module_apps/edit.html.erb b/app/views/admin/module_apps/edit.html.erb index 5a2d56ec..23745806 100644 --- a/app/views/admin/module_apps/edit.html.erb +++ b/app/views/admin/module_apps/edit.html.erb @@ -36,5 +36,5 @@
    -<%= render :partial => "admin/components/user_role_management", :locals => { :object => @module_app ,:auth=> @module_app.app_auth } %> +<%= render :partial => "admin/components/user_role_management", :locals => { :object => @module_app ,:auth=> @module_app.app_auth ,:submit_url=> admin_module_app_app_auths_path(@module_app),:ploy_route_ary=>['remove',:admin,@module_app,@module_app.app_auth] } %> diff --git a/app/views/admin/object_auths/edit.html.erb b/app/views/admin/object_auths/edit.html.erb index 62e9b465..67fb026e 100644 --- a/app/views/admin/object_auths/edit.html.erb +++ b/app/views/admin/object_auths/edit.html.erb @@ -8,6 +8,7 @@

    <%= @object_auth.title %>

    -<%= render :partial => "admin/components/user_role_management", :locals => { :object => @object_auth.auth_obj ,:auth=> @object_auth } %> +<%= render :partial => "admin/components/user_role_management", :locals => { + :object => @object_auth.auth_obj ,:auth=>@object_auth,:submit_url=>create_role_admin_object_auth_path(@object_auth),:ploy_route_ary=>['remove',:admin,@object_auth] } %> diff --git a/config/routes.rb b/config/routes.rb index 275ef202..abe29824 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -13,7 +13,12 @@ PrototypeR4::Application.routes.draw do namespace :admin do resources :assets resources :app_auths - resources :object_auths + resources :object_auths do + member do + match ':id/create_role',:action => 'create_role',:iia => "post",:as => :create_role + match 'remove/:type/:target_id' ,:action=> 'remove_role',:via => "delete",:as =>:remove + end + end resources :ad_banners resources :designs do diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb new file mode 100644 index 00000000..8056f4f9 --- /dev/null +++ b/lib/orbit_core_lib.rb @@ -0,0 +1,42 @@ +module OrbitCoreLib + module ObjectAuthable + def self.included(base) + base.instance_eval("has_many :object_auths,as: :obj_authable,dependent: :delete") + + base.define_singleton_method :authed_for_user do |user,title = nil| + sub_role_ids_ary=user.sub_roles.collect{|t| t.id} + if title.nil? + auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s) + else + auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s,title: title) + end + + query1 = auth_object_space.any_in({sub_role_ids: sub_role_ids_ary}).excludes(blocked_user_ids: user.id) + query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id},{role_ids: user.role.id}).excludes(blocked_user_ids: user.id) + result = (query1 + query2).uniq + result.collect{|t| t.obj_authable} + end + + end + + def authed_users(title=nil) + users = [] + unless title.nil? + users = self.object_auths.where(title: title )[0].auth_users_after_block_list rescue [] + else + users = self.object_auths.collect{|t| t.auth_users_after_block_list} rescue [] + users.flatten!.uniq! + end + users + end + + def tell_me_class + self.class.name + end + + def search_object_db + ObjectAuth.where(obj_authable_type: self.class.name) + end + + end +end diff --git a/vendor/built_in_modules/new_blog/app/models/post.rb b/vendor/built_in_modules/new_blog/app/models/post.rb index 2926c305..ef882a6d 100644 --- a/vendor/built_in_modules/new_blog/app/models/post.rb +++ b/vendor/built_in_modules/new_blog/app/models/post.rb @@ -1,9 +1,10 @@ class Post include Mongoid::Document include Mongoid::Timestamps + include OrbitCoreLib::ObjectAuthable + field :title, :type => String field :body, :type => String embeds_many :comments validates_presence_of :title, :body - has_one :object_auth,as: :obj_authable,dependent: :delete end \ No newline at end of file From 32159564cd83a5c64812109e0bf921f57b29d111 Mon Sep 17 00:00:00 2001 From: Matthew Kaito Juyuan Fu Date: Thu, 9 Feb 2012 19:04:06 +0800 Subject: [PATCH 3/3] build interface to work with object auth. Go to panel/new_blog/back_end/posts/ ,click New Auth link --- .../admin/object_auths_controller.rb | 57 +++++++++++-------- app/views/admin/object_auths/new.html.erb | 23 ++++++++ config/routes.rb | 5 +- lib/orbit_core_lib.rb | 8 --- .../new_blog/back_end/posts/index.html.erb | 1 + .../new_blog/back_end/posts/new.html.erb | 2 +- 6 files changed, 61 insertions(+), 35 deletions(-) create mode 100644 app/views/admin/object_auths/new.html.erb diff --git a/app/controllers/admin/object_auths_controller.rb b/app/controllers/admin/object_auths_controller.rb index 7c6f60f0..ce404e53 100644 --- a/app/controllers/admin/object_auths_controller.rb +++ b/app/controllers/admin/object_auths_controller.rb @@ -4,40 +4,47 @@ class Admin::ObjectAuthsController < ApplicationController # before_filter :is_admin? ,:only => :index def index - # @roles = Role.all.entries - # apps = Purchase.where(:type =>"App") - # @app_auth_data = apps.entries.map do |app| - # app_c = eval(app.app_controller) - # obj = app_c.new - # obj_auth = obj.send "auth" - # [:app_obj => app,:auth_field => obj_auth] - # end # if current_user.admin? @object_auths = ObjectAuth.all # else # @module_apps = current_user.managing_apps.collect{|t| t.managing_app} # end end + + def new + obj = eval(params[:type]).find params[:obj_id] + @object_auth=obj.object_auths.build + respond_to do |format| + format.html # new.html.erb + format.xml { render :xml => @post } + end + end + + def create + obj = eval(params[:object_auth][:type]).find params[:object_auth][:obj_id] + @object_auth=obj.object_auths.create :title=> params[:object_auth][:title] + redirect_to edit_admin_object_auth_path(@object_auth) + end def create_role object_auth = ObjectAuth.find(params[:id]) - params[:new].each do |item| - field = item[0] - field_value = item[1] - if field_value!='' - case field - when 'role' - object_auth.send("add_#{field}",(Role.find field_value)) rescue nil - when 'sub_role' - object_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil - when 'privilege_user' - object_auth.add_user_to_privilege_list (User.find field_value) rescue nil - when 'blocked_user' - object_auth.add_user_to_black_list (User.find field_value) rescue nil - end - end - end - redirect_to edit_admin_object_auth_path(object_auth) + params[:new].each do |item| + field = item[0] + field_value = item[1] + if field_value!='' + case field + when 'role' + object_auth.send("add_#{field}",(Role.find field_value)) rescue nil + when 'sub_role' + object_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil + when 'privilege_user' + object_auth.add_user_to_privilege_list (User.find field_value) rescue nil + when 'blocked_user' + object_auth.add_user_to_black_list (User.find field_value) rescue nil + end + end + end + redirect_to edit_admin_object_auth_path(object_auth) end def remove_role diff --git a/app/views/admin/object_auths/new.html.erb b/app/views/admin/object_auths/new.html.erb new file mode 100644 index 00000000..25fd6fd5 --- /dev/null +++ b/app/views/admin/object_auths/new.html.erb @@ -0,0 +1,23 @@ +<% content_for :secondary do %> +
      +
    +<% end -%> + +
    +
    +
    +
    + +<%= flash_messages %> +

    <%= t('object_auth.new_object_auth') %>

    +<%= form_for @object_auth, :url => admin_object_auths_path do |f| %> + <%= f.label :title %> + <%= f.text_field :title, :class => 'text' %> + <%= f.hidden_field :obj_id, :value => params[:obj_id] %> + <%= f.hidden_field :type, :value => params[:type] %> + + <%= submit_tag 'Add Auth' %>
    + +<% end %> + +<%= link_back %> \ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index abe29824..d2fe14b8 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -14,8 +14,11 @@ PrototypeR4::Application.routes.draw do resources :assets resources :app_auths resources :object_auths do + collection do + match 'new/:type/:obj_id',:action => 'new',:via => "get",:as => :init + end member do - match ':id/create_role',:action => 'create_role',:iia => "post",:as => :create_role + match ':id/create_role',:action => 'create_role',:via => "post",:as => :create_role match 'remove/:type/:target_id' ,:action=> 'remove_role',:via => "delete",:as =>:remove end end diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb index 8056f4f9..bf1d66a3 100644 --- a/lib/orbit_core_lib.rb +++ b/lib/orbit_core_lib.rb @@ -30,13 +30,5 @@ module OrbitCoreLib users end - def tell_me_class - self.class.name - end - - def search_object_db - ObjectAuth.where(obj_authable_type: self.class.name) - end - end end diff --git a/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/index.html.erb b/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/index.html.erb index 9473b70b..54ed9f1e 100644 --- a/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/index.html.erb +++ b/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/index.html.erb @@ -21,6 +21,7 @@ <%= post.title %> <%= truncate(post.body,:length=>15) %> + <%= link_to t('blog.new_auth'), init_admin_object_auths_path("Post",post) %> <%= link_to t('blog.show'), panel_new_blog_back_end_post_path(post) %> <%= link_to t('blog.edit'), edit_panel_new_blog_back_end_post_path(post) %> <%= link_to t('blog.delete'), panel_new_blog_back_end_post_path(post), :confirm => t('blog.sure?'), :method => :delete %> diff --git a/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/new.html.erb b/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/new.html.erb index af5aa326..21758da8 100644 --- a/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/new.html.erb +++ b/vendor/built_in_modules/new_blog/app/views/panel/new_blog/back_end/posts/new.html.erb @@ -7,7 +7,7 @@ <%= flash_messages %>

    <%= t('blog.new_post') %>

    <%= form_for @post, :url => panel_new_blog_back_end_posts_path do |f| %> - <%= render :partial => 'form', :locals => {:f => f} %> + <%= f.text_field :title, :class => 'text' %> <% end %> <%= link_back %>