Make the filter for authorisation easier for developers

2013-08-22 12:17:50 +08:00 · 2013-08-22 12:17:50 +08:00 · ec40591489
parent 4078d426a6
commit ec40591489
2 changed files with 110 additions and 20 deletions
--- a/lib/orbit_core_lib.rb
+++ b/lib/orbit_core_lib.rb
@ -144,36 +144,126 @@ module  OrbitCoreLib
    def self.included(base)
      base.class_eval do
        before_filter :can_use
+        send :include, InstanceMethods
      end
+      base.extend(ClassMethods)
    end

-    def setup_vars
-      @app_title ||= controller_path.split('/')[1].singularize
-      @module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
-      # raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil?
+    module ClassMethods
+      protected
+
+      def open_for_admin(arg = nil)
+        if arg
+          key = arg.shift
+          prepend_before_filter key[0] => key[1] {|f| f.open_for :admin}
+        else
+          prepend_before_filter {|f| f.open_for :admin}
+        end
+      end
+
+      def open_for_manager(arg = nil)
+        if arg
+          key = arg.shift
+          prepend_before_filter key[0] => key[1] {|f| f.open_for :manager}
+        else
+          prepend_before_filter {|f| f.open_for :manager}
+        end
+      end
+
+      def open_for_sub_manager(arg = nil)
+        if arg
+          key = arg.shift
+          prepend_before_filter key[0] => key[1] {|f| f.open_for :sub_manager}
+        else
+          prepend_before_filter {|f| f.open_for :sub_manager}
+        end
+      end
+
+      def open_for_approver(arg = nil)
+        if arg
+          key = arg.shift
+          prepend_before_filter key[0] => key[1] {|f| f.open_for :approver}
+        else
+          prepend_before_filter {|f| f.open_for :approver}
+        end
+      end
+
+      def open_for_visitor(arg = nil)
+        if arg
+          key = arg.shift
+          prepend_before_filter key[0] => key[1] {|f| f.open_for :visitor}
+        else
+          prepend_before_filter {|f| f.open_for :visitor}
+        end
+      end
+
    end

-    private
-
-    def can_use
-      unless @override_can_use
-        check_backend_openness if @public
-        setup_vars
-        set_current_user
-        unless @public
+    module InstanceMethods
+      protected
+      def can_use
+        if @user_type
+          @user_type.each do |user_type|
+            open = false
+            visitor = false
+            case user_type
+            when :admin
+              open ||= check_admin
+            when :manager
+              open ||= check_manager
+            when :sub_manager
+              open ||= check_sub_manager
+            when :approver
+              open ||= check_sub_manager
+            when :visitor
+              open ||= true
+              visitor ||= true
+            end
+            check_backend_openness if visitor
+            setup_vars
+            set_current_user
+            authenticate_user! unless visitor
+            redirect_to root_url unless open
+          end
+        else
+          setup_vars
+          set_current_user
          authenticate_user!
          check_user_can_use
        end
      end
-    end

-    def set_public
-      @public = true
-    end
+      def check_admin
+        current_or_guest_user.admin?
+      end

-    def check_user_can_use
-      unless current_or_guest_user.admin? || @module_app.is_manager?(current_or_guest_user) || @module_app.is_sub_manager?(current_or_guest_user) || @module_app.can_approve?(current_or_guest_user)
-        redirect_to root_url
+      def check_manager
+        check_admin || @module_app.is_manager?(current_or_guest_user)
+      end
+
+      def check_sub_manager
+        check_admin || check_manager || @module_app.is_sub_manager?(current_or_guest_user)
+      end
+
+      def check_approver
+        check_admin || check_manager || @module_app.can_approve?(current_or_guest_user)
+      end
+
+      def open_for(var)
+         @user_type ||= []
+        @user_type << var
+      end
+
+      def check_user_can_use
+        unless current_or_guest_user.admin? || @module_app.is_manager?(current_or_guest_user) || @module_app.is_sub_manager?(current_or_guest_user) || @module_app.can_approve?(current_or_guest_user)
+          redirect_to root_url
+        end
+      end
+
+      def setup_vars
+        @app_title ||= controller_path.split('/')[1].singularize
+        @module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
+        # raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil?
      end
    end
  end
--- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
+++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
@ -3,7 +3,7 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController

  before_filter :clean_values, :only => [:create, :update]

-  prepend_before_filter :set_public, :only => [:index, :show, :get_sorted_and_filtered_bulletins]
+  open_for_visitor :only => [:index, :show, :get_sorted_and_filtered_bulletins]

  before_filter :only => [ :new, :create, :edit, :update ] do |controller|
    @categories = get_categories_for_form