diff --git a/app/assets/javascripts/lib/contenteditable.js.erb b/app/assets/javascripts/lib/contenteditable.js.erb
new file mode 100644
index 00000000..28dc9137
--- /dev/null
+++ b/app/assets/javascripts/lib/contenteditable.js.erb
@@ -0,0 +1,41 @@
+<%#= encoding: utf-8 %>
+$(function() {
+  var content_holder, content;
+  var selector = 'li[contenteditable="true"]';
+  // prevent clicks inside editable area to fire
+  // a click event on the body
+  // and therefor saving our content before we even edit it
+  $(selector).click(function(e) {
+    e.stopPropagation();
+  });
+  
+  // initialize the "save" function
+  $(selector).focus(function(e) {
+    content_holder = $(this);
+    content        = content_holder.html();
+    
+    // one click outside the editable area saves the content
+    $('body').one('click', function(e) {
+      // but not if the content didn't change
+      if ($(e.target).is(selector) || content == content_holder.html()) {
+        return;
+      }
+      
+      $.ajax({
+        url: content_holder.data('edit-url'),
+        type: 'POST',
+        dataType: 'json',
+        data: { body: content_holder.html() },
+        success: function(json) {
+          alert("<%= I18n.t("admin.contenteditable.update_done") %>");
+          //content_holder.effect('highlight', {'color': '#0f0'}, 3000);
+        },
+        error: function() {
+          alert("<%= I18n.t("admin.contenteditable.update_failed") %>");
+          //content_holder.effect('highlight', {'color': '#f00'}, 3000);
+          content_holder.html(content);
+        }
+      });
+    });
+  });
+});
\ No newline at end of file
diff --git a/app/controllers/admin/ad_banners_controller.rb b/app/controllers/admin/ad_banners_controller.rb
index 47d3d355..347b9e88 100644
--- a/app/controllers/admin/ad_banners_controller.rb
+++ b/app/controllers/admin/ad_banners_controller.rb
@@ -1,8 +1,14 @@
 class Admin::AdBannersController < OrbitBackendController
   layout "new_admin"
   before_filter :authenticate_user!
-  before_filter :for_app_manager
+  before_filter :for_app_manager,:except => [:index,:show] 
+  before_filter :for_app_sub_manager
 
+  def rename
+    @ad_banner = AdBanner.find(params[:id])
+    @ad_banner.title = Nokogiri::HTML.fragment(params["body"]).at("a").children().to_s
+    render :json => {:success =>@ad_banner.save!}
+  end
   def destroy
     @ad_banner = AdBanner.find(params[:id])
     @ad_banner.destroy
diff --git a/app/controllers/admin/module_apps_new_interface_controller.rb b/app/controllers/admin/module_apps_new_interface_controller.rb
index 52292588..404ac693 100644
--- a/app/controllers/admin/module_apps_new_interface_controller.rb
+++ b/app/controllers/admin/module_apps_new_interface_controller.rb
@@ -1,4 +1,4 @@
-class Admin::ModuleAppsNewInterfaceController < ApplicationController
+class Admin::ModuleAppsNewInterfaceController < OrbitBackendController
   before_filter :authenticate_user!
   before_filter :is_admin?
   include AdminHelper
@@ -25,9 +25,9 @@ class Admin::ModuleAppsNewInterfaceController < ApplicationController
   def update_setting
     module_app = update_setting_by_params
     if module_app.save!
-      flash[:notice] = "Update Done"
+      flash[:notice] = t("admin.object_auth.update_done")
     else
-      flash[:notice] = "Update Failed"
+      flash[:notice] = t("admin.object_auth.update_failed")
     end
   end
   
@@ -37,8 +37,9 @@ class Admin::ModuleAppsNewInterfaceController < ApplicationController
 
   protected
   def update_setting_by_params
+    user_sat = []
     ma = ModuleApp.find params[:module_app][:id]
-    user_sat = User.find params[:users].keys
+    user_sat = User.find params[:users].keys if params.has_key? :users
     users_to_new = user_sat - ma.managing_users
     users_to_remove = ma.managing_users - user_sat
 
diff --git a/app/controllers/admin/object_auths_new_interface_controller.rb b/app/controllers/admin/object_auths_new_interface_controller.rb
index 6018413b..bc546ac8 100644
--- a/app/controllers/admin/object_auths_new_interface_controller.rb
+++ b/app/controllers/admin/object_auths_new_interface_controller.rb
@@ -1,6 +1,5 @@
 class Admin::ObjectAuthsNewInterfaceController < OrbitBackendController
   include OrbitCoreLib::PermissionUnility
-
   before_filter :force_order
   
   
diff --git a/app/controllers/orbit_backend_controller.rb b/app/controllers/orbit_backend_controller.rb
index cfa46847..98882ec3 100644
--- a/app/controllers/orbit_backend_controller.rb
+++ b/app/controllers/orbit_backend_controller.rb
@@ -1,6 +1,8 @@
 class OrbitBackendController< ApplicationController
   before_filter :force_order,:except => [:public]
   before_filter :setup_vars
+  before_filter :set_current_user
+
  # before_filter {|c| c.front_end_available(@app_title)}
   # before_filter :check_user_can_use
   include OrbitCoreLib::PermissionUnility
@@ -11,6 +13,7 @@ class OrbitBackendController< ApplicationController
   def setup_vars
     @app_title = request.fullpath.split('/')[2]
     @app_title = request.fullpath.split('/')[1] if(@app_title == "back_end") 
+    @app_title.gsub!(/[?].*/,'')
     @module_app = ModuleApp.first(conditions: {:key => @app_title} )
   end
 
diff --git a/app/helpers/admin/ad_banner_helper.rb b/app/helpers/admin/ad_banner_helper.rb
index eff12427..ecba9b3b 100644
--- a/app/helpers/admin/ad_banner_helper.rb
+++ b/app/helpers/admin/ad_banner_helper.rb
@@ -11,6 +11,21 @@ module Admin::AdBannerHelper
           
       printable_ad_images.shuffle!
  end
-  
+    def sub_manager?(ad_banner)
+      ad_banner.authed_users(:edit).include?(current_user)
+    end
+
+    def show_ad_banner_permission_link(ad_banner)
+      type = 'edit'
+      oa = ad_banner.get_object_auth_by_title(type)
+    if oa.nil?
+      ad_banner.object_auths.new(title: type ).save
+      oa = ad_banner.get_object_auth_by_title(type)
+    end
+#    link_to t('announcement.bulletin.cate_auth'), edit_admin_object_auth_path(oa)
+     link_to t('admin.ad.cate_auth'),admin_object_auth_ob_auth_path(oa),:class => "btn btn-warning"
+  end
+
+
 
 end
\ No newline at end of file
diff --git a/app/helpers/admin/web_link_helper.rb b/app/helpers/admin/web_link_helper.rb
new file mode 100644
index 00000000..813bc48c
--- /dev/null
+++ b/app/helpers/admin/web_link_helper.rb
@@ -0,0 +1,11 @@
+module Admin::WebLinkHelper
+    def show_web_link_permission_link(web_link)
+      type = 'edit'
+      oa = web_link.get_object_auth_by_title(type)
+    if oa.nil?
+      web_link.object_auths.new(title: type ).save
+      oa = web_link.get_object_auth_by_title(type)
+    end
+     link_to t('admin.web_link.cate_auth'),admin_object_auth_ob_auth_path(oa)
+  end
+end
\ No newline at end of file
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 5f693965..fc93c29a 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -172,6 +172,10 @@ module ApplicationHelper
     locale.to_sym == I18n.locale ? 'active in': ''
   end
 
+  def at_least_module_manager
+      is_manager? || is_admin? 
+  end
+  
   def dislpay_view_count(object)
     "#{t(:view_count)}: #{object.view_count}"
   end
@@ -196,4 +200,8 @@ module ApplicationHelper
     display_visitors(created_at: {'$gte' => Date.today.beginning_of_year, '$lte' => Date.today.end_of_year})
   end
 
+  def at_least_module_manager
+    is_manager? || is_admin? 
+  end
+
 end
diff --git a/app/models/ad_banner.rb b/app/models/ad_banner.rb
index 09aa79c8..18c6d448 100644
--- a/app/models/ad_banner.rb
+++ b/app/models/ad_banner.rb
@@ -3,10 +3,11 @@ class AdBanner
   include Mongoid::Timestamps
   include Mongoid::MultiParameterAttributes
   include OrbitCoreLib::ObjectAuthable
-  
+
   field :title
   field :transition_msec,type: Integer
   field :ad_fx  #TODO Design should explain
+  field :best_size,:default => ''
 
   before_save :save_or_destroy
   validates_uniqueness_of :title
diff --git a/app/models/object_auth.rb b/app/models/object_auth.rb
index d1c1c673..d5cc48de 100644
--- a/app/models/object_auth.rb
+++ b/app/models/object_auth.rb
@@ -11,7 +11,7 @@ class ObjectAuth  < PrototypeAuth
   end
 
   def check_user_has_app_auth
-    sub_managing_users = auth_obj.app_auth.sub_managing_users
+    sub_managing_users = auth_obj.app_auth.sub_managing_users rescue []
     app_auth =  auth_obj.app_auth
     self.auth_users.each do |auth_user|
       if !sub_managing_users.include? auth_user && !auth_user.admin?
diff --git a/app/views/admin/ad_banners/_ad_banner_tab.html.erb b/app/views/admin/ad_banners/_ad_banner_tab.html.erb
index 797624ff..ca98e42e 100644
--- a/app/views/admin/ad_banners/_ad_banner_tab.html.erb
+++ b/app/views/admin/ad_banners/_ad_banner_tab.html.erb
@@ -1,5 +1,5 @@
 <div class="tab-pane fade <%= "active in" if ad_banner_tab==@active%>" id=<%= ad_banner_tab.title.dehumanize %>>
-
+<% if at_least_module_manager || sub_manager?(ad_banner_tab)%>
 	<%= form_for ad_banner_tab,:url=> admin_ad_banner_path(ad_banner_tab),:method => :put,:class=>"input-medium" do |f| -%>
 		<div class="adbanner-setup well">
 			<!--<p><%#= t("admin.ad.banner_best_size") %>：</p>-->
@@ -11,17 +11,25 @@
 			<%= f.submit t("admin.ad.update_banner"), :class => 'btn' %>
 			<%= f.submit t("cancel"),:type=>'reset', :class => 'btn'  %>
 		</div>
-		<h3>圖片列表</h3>
+	<% end -%>
+<% end -%>
+		<h3><%= t("admin.ad.picture_list")%></h3>
 		<div class="adbanner-list">
-			<div class="adbanner-action">
-				<%= link_to t("admin.ad.new_image"),new_admin_ad_banner_ad_image_path(ad_banner_tab) ,:class => "btn btn-primary"%>
-				<%= link_to t("modal.preview"), admin_realtime_preview_ad_banner_path(ad_banner_tab.id) , :class=>'preview_trigger btn btn-success'%>
-			</div>
+			<%if  (at_least_module_manager || ad_banner_tab.cur_user_is_sub_manager_of(:edit) )%>
+				<%=  content_tag :div ,:class=>'adbanner-action' do%>
+					<%= link_to t("admin.ad.new_image"),new_admin_ad_banner_ad_image_path(ad_banner_tab) ,:class => "btn btn-primary"%>
+					<%= link_to t("modal.preview"), admin_realtime_preview_ad_banner_path(ad_banner_tab.id) , :class=>'preview_trigger btn btn-success'%>
+				<% end -%>
+			<% end -%>
 			<ul class="clear">
 				<%= render :partial => "ad_image_update", :collection => ad_banner_tab.ad_images,:as => :ad_image,:locals=>{:ad_banner => ad_banner_tab}  %>
 			</ul>
+			 <% if at_least_module_manager  %>
+				<%= show_ad_banner_permission_link ad_banner_tab%>
+				<%= link_to	t('admin.ad.delete_banner'),admin_ad_banner_path(ad_banner_tab),:class => 'btn',:method => :delete,:confirm => t('sure?') %>
+			<% end -%>
+
 			<%#= render :partial => 'new_add_banner_file', :object => ad_banner_tab.ad_images.build, :locals => { :field_name => "new_ad_images[]", :f => f, :classes => "r_destroy" } %>
 		</div>
-	<% end -%>
 	<%#= render :partial => 'preview_block',:locals=> {:ad_banner =>ad_banner_tab} %> 
 </div>
diff --git a/app/views/admin/ad_banners/_ad_image_update.html.erb b/app/views/admin/ad_banners/_ad_image_update.html.erb
index c055a8c9..0b4277a0 100644
--- a/app/views/admin/ad_banners/_ad_image_update.html.erb
+++ b/app/views/admin/ad_banners/_ad_image_update.html.erb
@@ -4,8 +4,10 @@
 				<%= ad_image.display? ? "[#{t('admin.ad.showing')}]" : "[#{t('admin.ad.not_showing')}]" %>
 				<%= "#{ad_image.post_date ||'NeedReset'  }~#{ad_image.unpost_date || 'NeedReset'}" %>
 			</p>
-			<p>
-				<%= link_to	t('edit'),edit_admin_ad_banner_ad_image_path(ad_banner,ad_image),:class => 'btn btn-primary'  %>
-				<%= link_to	t('delete'),admin_ad_banner_ad_image_path(ad_banner,ad_image),:class => 'btn',:method => :delete,:confirm => t('sure?') %>
-			</p>
+                  <%if at_least_module_manager || sub_manager?(ad_image.ad_banner) %>
+      			<p>
+	       			<%= link_to	t('edit'),edit_admin_ad_banner_ad_image_path(ad_banner,ad_image),:class => 'btn  btn-primary'  %>
+			       	<%= link_to	t('delete'),admin_ad_banner_ad_image_path(ad_banner,ad_image),:class => 'btn',:method => :delete,:confirm => t('sure?') %>
+			     </p>
+                  <% end -%>
 </li>
\ No newline at end of file
diff --git a/app/views/admin/ad_banners/_modal_ad_banner_form.html.erb b/app/views/admin/ad_banners/_modal_ad_banner_form.html.erb
index 4a3f2db4..cbc4de8e 100644
--- a/app/views/admin/ad_banners/_modal_ad_banner_form.html.erb
+++ b/app/views/admin/ad_banners/_modal_ad_banner_form.html.erb
@@ -30,6 +30,7 @@
 		</div>
 	</div>
 	<div class="modal-footer">
+		<span id="ad_banner-modal-info"></span>
 		<%= f.submit t('submit'), :class=>'btn btn-primary',:remote=>true %>
 		<a class="btn" data-dismiss="modal"><%= t('cancel')%></a>
 	</div>
diff --git a/app/views/admin/ad_banners/create_error_msg.js.erb b/app/views/admin/ad_banners/create_error_msg.js.erb
index 60f1d261..dbd013df 100644
--- a/app/views/admin/ad_banners/create_error_msg.js.erb
+++ b/app/views/admin/ad_banners/create_error_msg.js.erb
@@ -1 +1 @@
-alert("Error occures:<%= @ad_banner.errors.full_messages%>");
\ No newline at end of file
+$("#ad_banner-modal-info").append("<%= @ad_banner.errors.full_messages.join(',')%>");
\ No newline at end of file
diff --git a/app/views/admin/ad_banners/index.html.erb b/app/views/admin/ad_banners/index.html.erb
index c0e02ecc..3e3b4689 100644
--- a/app/views/admin/ad_banners/index.html.erb
+++ b/app/views/admin/ad_banners/index.html.erb
@@ -4,21 +4,23 @@
 <% content_for :page_specific_javascript do -%>
 	<%= javascript_include_tag "/static/jquery.cycle.all.latest.js" %>
 	<%= javascript_include_tag "inc/modal-preview" %>
+	<%= javascript_include_tag "lib/contenteditable" %>
+
 <% end -%>
 
 
 <div id="post-body-content" class="clear">
 	<ul id="banner_tab" class="nav nav-tabs">
 		<% @ad_banners.each do |ab| %>
-			<%= content_tag :li,link_to(ab.title,"##{ab.title.dehumanize}",:data=>{:toggle=>"tab"}),:class => (ab ==  @active ? 'active' : nil ) %>
+			<%= content_tag :li,link_to(ab.title,"##{ab.title.dehumanize}",:data=>{:toggle=>"tab"}),:class => (ab ==  @active ? 'active' : nil ), :contenteditable=>"true" ,"data-edit-url"=>(admin_rename_ad_banner_path ab)%>
 		<% end -%>
-		<%#= content_tag :li,link_to(t("admin.ad.new_banner"),"#new-a-banner",:data=>{:toggle=>"modal"}),:id=>'new_ad_banner_tab_but',:class => (@active.nil? ? 'active' : nil ) %>
+		<%= content_tag :li,link_to(t("admin.ad.new_banner"),"#new-a-banner",:data=>{:toggle=>"modal"}),:id=>'new_ad_banner_tab_but',:class => (@active.nil? ? 'active' : nil ) %>
 		
 	</ul>
 	
-	<div class="tab-content">
+	<div class="tab-content" id="ad_banner-tab-content">
 		<%= render :partial => 'ad_banner_tab',:collection => @ad_banners %>
 	</div>
-	<%#= render :partial => "modal_ad_banner_form"%>
+	<%= render :partial => "modal_ad_banner_form"%>
 		
 </div>
diff --git a/app/views/admin/ad_banners/new_created_node.js.erb b/app/views/admin/ad_banners/new_created_node.js.erb
index 86970e6a..a53135da 100644
--- a/app/views/admin/ad_banners/new_created_node.js.erb
+++ b/app/views/admin/ad_banners/new_created_node.js.erb
@@ -1,8 +1,14 @@
 $('<%= escape_javascript(content_tag(:li,link_to(@ad_banner.title,"##{@ad_banner.title}",:data=>{:toggle=>"tab"}))) %>').insertBefore("#new_ad_banner_tab_but");
-$('<%= escape_javascript(render(:partial => "ad_banner_tab",:locals => {:ad_banner_tab => @ad_banner})) %>').insertBefore($("#new-a-banner"));
+$('<%= escape_javascript(render(:partial => "ad_banner_tab",:locals => {:ad_banner_tab => @ad_banner})) %>').insertAfter($("#ad_banner-tab-content").children(".tab-pane").last());
 
 $('.modal').modal('hide');
+$("#ad_banner-modal-info").empty();
+$("#new-a-banner form").each(function(){this.reset();});
+
 $('#new-a-banner').unbind();
 $('#post-body-content').find(".nav.nav-tabs").children('li.active').removeClass("active");
+$("#ad_banner-tab-content").children(".tab-pane").removeClass("active");
 $('#post-body-content').find(".nav.nav-tabs").children('li[id!="new_ad_banner_tab_but"]').last().addClass("active");
+$("#ad_banner-tab-content").children(".tab-pane").last().addClass("active");
+
 
diff --git a/app/views/admin/ad_images/_form.html.erb b/app/views/admin/ad_images/_form.html.erb
index be5f2b47..1513fa05 100644
--- a/app/views/admin/ad_images/_form.html.erb
+++ b/app/views/admin/ad_images/_form.html.erb
@@ -80,7 +80,7 @@
               <!--請程式務必將圖片尺寸加入到行內裡-->
               <%= image_tag @ad_image.file rescue ''%>
             </div>
-            <span class="alert widgetInfo">此區塊圖片尺寸請使用580px × 225px</span>
+            <span class="alert widgetInfo"><%= t("admin.ad.widget_info_for_ad_image_size",:best_size=> @ad_image.ad_banner.best_size) if !@ad_image.ad_banner.best_size.empty?%></span>
             <div class="controls file-upload input-prepend">
               <label class="control-label add-on btn" for="input-upload">
 								<%= t(:browse) %>
diff --git a/app/views/layouts/_side_bar.html.erb b/app/views/layouts/_side_bar.html.erb
index c1c16879..53314765 100644
--- a/app/views/layouts/_side_bar.html.erb
+++ b/app/views/layouts/_side_bar.html.erb
@@ -36,35 +36,38 @@
 	<%#= link_to content_tag(:i, nil, :class => 'icons-member') + t('admin.member'), admin_users_path %>
 <%# end -%>
 
-<%= content_tag :li, :class => active_for_controllers('page_contexts') do -%>
+<%= content_tag :li, :class => active_for_controllers('page_contexts') || active_for_app_auth('page_content') || active_for_ob_auths_object("PageContext")  do -%>
 	<%= link_to content_tag(:i, nil, :class => 'icons-page') + t('admin.page'), panel_page_content_back_end_page_contexts_path %>
-		<%#= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('page_contexts')) do -%>
+		<%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('page_contexts')) do -%>
 			<%#= content_tag :li, link_to(t('admin.all_articles'), panel_page_content_back_end_page_contexts_path), :class => active_for_action('page_context', 'index') %>
-		<%# end -%>
+			<%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "page_content"}))), :class => active_for_app_auth('page_content')  if (is_admin? rescue nil) %>
+		<% end -%>
+
 <% end -%>
 
 <%= content_tag :li, :class => active_for_controllers('designs') do -%>
 	<%= link_to content_tag(:i, nil, :class => 'icons-window-block') + t('admin.design'), admin_designs_path %>
 <% end -%>
 
-<%= content_tag :li, :class => active_for_controllers('ad_banners', 'ad_images') || active_for_app_auth('ad_banners') do -%>
+<%= content_tag :li, :class => active_for_controllers('ad_banners', 'ad_images') ||active_for_ob_auths_object("AdBanner") ||active_for_app_auth('ad_banners') do -%>
 	<%= link_to content_tag(:i, nil, :class => 'icons-link') + t('admin.ad_banner'), admin_ad_banners_path %>
 
 	<%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('ad_banners', 'ad_images') ) do -%>
 		<%#= content_tag :li, link_to(t('admin.ad.all_banners'), admin_ad_banners_path), :class => active_for_action('ad_banners', 'index') %>
 		<%#= content_tag :li, link_to(t('admin.ad.new_banner'), new_admin_ad_banner_path), :class => active_for_action('ad_banners', 'new') %>
 		<%#= content_tag :li, link_to(t('admin.ad.new_image'), new_ad_image_admin_ad_banners_path), :class => active_for_action('ad_images', 'new') %>
-				<%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "ad_banners"}))), :class => active_for_app_auth('ad_banners')  if (is_admin? rescue nil) %>
+	<%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "ad_banners"}))), :class => active_for_app_auth('ad_banners')  if (is_admin? rescue nil) %>
 	<% end -%>
 <% end %>
 
-<%= content_tag :li, :class => active_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys') do -%>
+<%= content_tag :li, :class => active_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys') || active_for_app_auth('web_resource')  || active_for_ob_auths_object("WebLinkCategory")  do -%>
 	<%= link_to content_tag(:i, nil, :class => 'icons-link') + t('admin.link'), panel_web_resource_back_end_web_links_path %>
 	<%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys')) do -%>
 		<%= content_tag :li, link_to(t('admin.all_articles'), panel_web_resource_back_end_web_links_path), :class => active_for_action('web_links', 'index') %>
 		<%= content_tag :li, link_to(t('announcement.add_new'), new_panel_web_resource_back_end_web_link_path), :class => active_for_action('web_links', 'new') %>
-		<%= content_tag :li, link_to(t('announcement.categories'), panel_web_resource_back_end_web_link_categorys_path), :class => active_for_action('web_link_categorys', 'index') %>
+		<%= content_tag :li, link_to(t('announcement.categories'), panel_web_resource_back_end_web_link_categorys_path), :class => (active_for_action('web_link_categorys', 'index') || active_for_ob_auths_object("WebLinkCategory")) %>
 		<%= content_tag :li, link_to(t('announcement.tags'), panel_web_resource_back_end_tags_path), :class => active_for_action('/panel/web_resource/back_end/tags', 'index') %>
+		<%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "web_resource"}))), :class => active_for_app_auth('web_resource')  if (is_admin? rescue nil) %>
 	<% end -%>
 <% end -%>
 
@@ -75,4 +78,4 @@
 		<%= content_tag :li, link_to(t('admin.categories'), admin_asset_categories_path), :class => active_for_action('asset_categories', 'index') %>
 		<%= content_tag :li, link_to(t('admin.tags'), admin_asset_tags_path), :class => active_for_action('/admin/asset_tags', 'index') %>
 	<% end -%>
-<% end -%>
\ No newline at end of file
+<% end -%>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 908023d0..15598a8e 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -95,10 +95,12 @@ en:
       new_image: New image
       showing: Showing
       not_showing: NotShowing
+      picture_list: Picture List
       title: Title
       transition_sec: Transition time
       trans_unit_sec: sec
       update_banner: Update Banner
+      widget_info_for_ad_image_size: "Best size with: %{best_size}"
     add: Add
     add_item: Add item
     add_language: Add language
diff --git a/config/locales/zh_tw.yml b/config/locales/zh_tw.yml
index a7b67b53..b7030e16 100644
--- a/config/locales/zh_tw.yml
+++ b/config/locales/zh_tw.yml
@@ -88,14 +88,18 @@ zh_tw:
       ab_fx: 轉場特效
       all_banners: 輪播清單
       banner_best_size: Banner 尺寸
+      cate_auth: 分類授權
+      delete_banner: 刪除整組輪播
       new_banner: 新增輪播
       new_image: 新增橫幅
       showing: 顯示中
       not_showing: 沒有顯示
+      picture_list: 圖片列表
       title: 標題
       transition_sec: 轉場單位時間
       trans_unit_sec: 秒
       update_banner: 更新輪播
+      widget_info_for_ad_image_size: "此區塊圖片尺寸請使用 %{best_size}"
     add: 新增
     add_item: 新增項目
     add_language: 新增語言
@@ -119,6 +123,9 @@ zh_tw:
     choose_file: 請選擇一個文件...
     class: 階級
     content: 內容
+    contenteditable:
+      update_done: 更新完成
+      update_failed: 更新失敗
     create_error_link: 新增連接時出錯。
     create_error_page: 新增頁面時出錯。
     create_success_home: 首頁已成功新增。
diff --git a/config/routes.rb b/config/routes.rb
index fc346e28..75fa6142 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -40,6 +40,8 @@ Orbit::Application.routes.draw do
 
 
     match 'ad_banners/:id/preview' => 'ad_banners#realtime_preview',:as => :realtime_preview_ad_banner,:via => :put
+    match 'ad_banners/:id/rename' => 'ad_banners#rename',:as => :rename_ad_banner,:via => :post
+
     resources :ad_banners do 
         collection do
           match 'new_ad_image' => 'ad_images#new',:as => :new_ad_image,:via => :get
diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb
index a6c9917f..ad4f6756 100644
--- a/lib/orbit_core_lib.rb
+++ b/lib/orbit_core_lib.rb
@@ -19,6 +19,10 @@ module  OrbitCoreLib
         
     end
     
+    def cur_user_is_sub_manager_of(title)
+       authed_users(title).include?(User.current)
+    end 
+
     def app_auth
        ModuleApp.first(conditions: {:title => self.class::APP_NAME} )
     end
diff --git a/vendor/built_in_modules/announcement/app/helpers/panel/announcement/back_end/bulletins_helper.rb b/vendor/built_in_modules/announcement/app/helpers/panel/announcement/back_end/bulletins_helper.rb
index 8e6b9bff..68286c3e 100644
--- a/vendor/built_in_modules/announcement/app/helpers/panel/announcement/back_end/bulletins_helper.rb
+++ b/vendor/built_in_modules/announcement/app/helpers/panel/announcement/back_end/bulletins_helper.rb
@@ -2,7 +2,7 @@ module Panel::Announcement::BackEnd::BulletinsHelper
   
   def show_approval_link(bulletin)
     by_bulletin = (!bulletin.is_expired? and !bulletin.is_checked?)
-    by_user = (bulletin.bulletin_category.authed_users('fact_check').include?(current_user) or is_manager?)
+    by_user = (bulletin.bulletin_category.authed_users('fact_check').include?(current_user) or is_manager? or is_admin?)
     by_bulletin and  by_user
   end
 
diff --git a/vendor/built_in_modules/web_resource/app/controllers/panel/web_resource/back_end/web_link_categorys_controller.rb b/vendor/built_in_modules/web_resource/app/controllers/panel/web_resource/back_end/web_link_categorys_controller.rb
index 46e8933f..8c961cba 100644
--- a/vendor/built_in_modules/web_resource/app/controllers/panel/web_resource/back_end/web_link_categorys_controller.rb
+++ b/vendor/built_in_modules/web_resource/app/controllers/panel/web_resource/back_end/web_link_categorys_controller.rb
@@ -1,5 +1,6 @@
 class Panel::WebResource::BackEnd::WebLinkCategorysController < OrbitBackendController
-  
+    before_filter :for_app_manager,:except => [:index] 
+
   def index
     @web_link_categorys = WebLinkCategory.all
     @web_link_category = WebLinkCategory.new(:display => 'List')
diff --git a/vendor/built_in_modules/web_resource/app/controllers/panel/web_resource/back_end/web_links_controller.rb b/vendor/built_in_modules/web_resource/app/controllers/panel/web_resource/back_end/web_links_controller.rb
index 69aa8c1a..af557bcb 100644
--- a/vendor/built_in_modules/web_resource/app/controllers/panel/web_resource/back_end/web_links_controller.rb
+++ b/vendor/built_in_modules/web_resource/app/controllers/panel/web_resource/back_end/web_links_controller.rb
@@ -1,7 +1,7 @@
 class Panel::WebResource::BackEnd::WebLinksController < OrbitBackendController
-  
   before_filter :authenticate_user!
-  before_filter :is_admin?
+  # before_filter :for_app_manager,:except => [:index,:show] 
+  before_filter :for_app_sub_manager,:except => [:index]
 
   def index
   
@@ -134,6 +134,13 @@ class Panel::WebResource::BackEnd::WebLinksController < OrbitBackendController
   
   def get_categorys(id = nil)
     @web_link_categorys = (id ? WebLinkCategory.find(id).to_a : WebLinkCategory.excludes('disabled' => true))
+
+    @web_link_categorys = []
+    if(is_manager? || is_admin?)
+      @web_link_categorys = (id ? WebLinkCategory.find(id).to_a : WebLinkCategory.excludes('disabled' => true))
+    elsif is_sub_manager?
+      @web_link_categorys = WebLinkCategory.authed_for_user(current_user,'edit')
+    end
   end
   
   def get_tags
diff --git a/vendor/built_in_modules/web_resource/app/models/web_link_category.rb b/vendor/built_in_modules/web_resource/app/models/web_link_category.rb
index c2a95f4b..f9ef5989 100644
--- a/vendor/built_in_modules/web_resource/app/models/web_link_category.rb
+++ b/vendor/built_in_modules/web_resource/app/models/web_link_category.rb
@@ -3,12 +3,21 @@
 class WebLinkCategory
   include Mongoid::Document
   include Mongoid::Timestamps
+  include OrbitCoreLib::ObjectAuthable
+
   # include Mongoid::MultiParameterAttributes
-  
+  AfterObjectAuthUrl = '/panel/page_content/back_end/page_contexts'
+  APP_NAME = 'web_resource'
+  ObjectAuthTitlesOptions = %W{edit}
+
   field :key
   
   has_one :i18n_variable, :as => :language_value, :autosave => true, :dependent => :destroy
   
   has_many :web_links
   
+  def pp_object
+    i18n_variable[I18n.locale]
+  end
+
 end
\ No newline at end of file
diff --git a/vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_link_categorys/_web_link_category.html.erb b/vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_link_categorys/_web_link_category.html.erb
index 9d43b94c..b17e634b 100644
--- a/vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_link_categorys/_web_link_category.html.erb
+++ b/vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_link_categorys/_web_link_category.html.erb
@@ -3,12 +3,15 @@
 	<tr id="<%= dom_id web_link_category %>" class="with_action">
 		<td>
 			<%= web_link_category.key %>
-			<div class="quick-edit">
-				<ul class="nav nav-pills hide">
-					<li><%= link_to t('web_link_category.edit'), edit_panel_web_resource_back_end_web_link_category_path(web_link_category), :remote => true %></li>
-					<li><%= link_to t('web_link_category.delete'), panel_web_resource_back_end_web_link_category_path(web_link_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
-				</ul>
-			</div>
+			<%if at_least_module_manager %>
+				<div class="quick-edit">
+					<ul class="nav nav-pills hide">
+						<li><%= link_to t('web_link_category.edit'), edit_panel_web_resource_back_end_web_link_category_path(web_link_category), :remote => true %></li>
+						<li><%= link_to t('web_link_category.delete'), panel_web_resource_back_end_web_link_category_path(web_link_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
+						<li><%= show_web_link_permission_link web_link_category %></li>
+					</ul>
+				</div>
+			<% end -%>
 		</td>
 		<% @site_valid_locales.each do |locale| %>
 		<td><%= web_link_category.i18n_variable[locale] rescue nil %></td>
diff --git a/vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_link_categorys/index.html.erb b/vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_link_categorys/index.html.erb
index 87defb11..4a2e8c59 100644
--- a/vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_link_categorys/index.html.erb
+++ b/vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_link_categorys/index.html.erb
@@ -34,6 +34,6 @@
 	</tbody>
 </table>
 
-<div id="form"><%= render :partial => "form" %></div>
+<div id="form"><%= render :partial => "form"  if at_least_module_manager%></div>
 
 
diff --git a/vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_links/_web_link.html.erb b/vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_links/_web_link.html.erb
index 457a05a8..f7d70250 100644
--- a/vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_links/_web_link.html.erb
+++ b/vendor/built_in_modules/web_resource/app/views/panel/web_resource/back_end/web_links/_web_link.html.erb
@@ -24,8 +24,10 @@
 	<%= link_to web_link.name[I18n.locale], panel_web_resource_back_end_web_link_path(web_link) %>
 	<div class="quick-edit">
 		<ul class="nav nav-pills hide">
+			<%if at_least_module_manager || web_link.web_link_category.cur_user_is_sub_manager_of(:edit)%>
 			<li><%= link_to t('web_link.edit'), edit_panel_web_resource_back_end_web_link_path(web_link) %></li>
 			<li><%= link_to t('web_link.delete'), panel_web_resource_back_end_web_link_path(web_link), :confirm => t('sure?'), :method => :delete, :remote => true %></li>
+			<% end -%>
 		</ul>
 	</div>
 	</td>