module OrbitCoreLib module Preview def self.included(base) # base.instance_eval("field :is_preview,type: Boolean,:default => false") # base.instance_eval("scope :not_preview,where(:is_preview=>false)") base.class_eval (" def to_preview raise 'Developer,please override to_preview method' end ") end end module ObjectDisable def self.included(base) base.instance_eval("field :disable,type: Boolean,:default => false") base.instance_eval("scope :all, where(:disable.in => [false, nil, ''])") base.instance_eval("scope :admin_manager_all,find(:all)") base.define_singleton_method :find do |*args| if args ==[:all] unscoped else res = unscoped.find(args) res.count == 1 ? res[0] : res end end base.define_singleton_method :first do |*args| all.first end base.define_singleton_method :last do |*args| all.last end end end module ObjectAuthable def self.included(base) base.instance_eval("has_many :object_auths,as: :obj_authable,dependent: :delete") base.define_singleton_method :authed_for_user do |user,title = nil| sub_role_ids_ary=user.sub_roles.collect{|t| t.id} if title.nil? auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s) else auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s,title: title) end query1 = auth_object_space.any_in({sub_role_ids: sub_role_ids_ary}).excludes(blocked_user_ids: user.id) query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id}).excludes(blocked_user_ids: user.id) # query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id},{role_ids: user.role_ids}).excludes(blocked_user_ids: user.id) #save for backup if something went wrong (0626 Matt) result = (query1 + query2).uniq result.collect{|t| t.obj_authable}.delete_if{|val| val==nil} end end def cur_user_is_sub_manager_of(title) authed_users(title).include?(User.current) end def module_app ModuleApp.first(conditions: {:title => self.class::APP_NAME} ) end def pp_object "Object Auth method 'pp_object' need to be defined for class #{self.class}" end def get_object_auth_by_title(title) oa = self.object_auths.where({title: title }).first if oa.nil? #&& (self.class::ObjectAuthTitlesOptions.include? title) oa = self.object_auths.create title: title end oa end def authed_users(title=nil) users = [] users = case title when :all ary = self.object_auths.collect{|t| t.auth_users} ary.flatten! when nil if self.object_auths.count ==1 self.object_auths.first.auth_users_after_block_list rescue [] else logger.info "Warning calling a auth commend without specificed value( has multi-auths ), return empty" [] end else get_object_auth_by_title(title).auth_users rescue [] end users end end module ObjectTokenUtility def self.included(base) base.instance_eval("field :s_token") base.instance_eval("after_create :generate_token") end def token return self.s_token end protected def generate_token self.s_token = SecureRandom.hex(16) self.save! end end module PermissionUtility private def check_permission(type = :use) permission_grant = current_or_guest_user.admin?? true : false module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app unless permission_grant permission_grant = case type when :use users_ary = module_app.app_auth.auth_users rescue nil users_ary = [] if users_ary.nil? (users_ary.include?(current_or_guest_user) || module_app.is_manager?(current_or_guest_user) || module_app.is_sub_manager?(current_or_guest_user)) when :manager module_app.is_manager?(current_or_guest_user) when :sub_manager module_app.is_manager?(current_or_guest_user) || module_app.is_sub_manager?(current_or_guest_user) end end permission_grant end def find_module_app_by_token(token) ModuleApp.first(conditions: {s_token: token}) end end module Authorization def self.included(base) base.class_eval do before_filter :can_use end end def setup_vars @app_title ||= controller_path.split('/')[1].singularize @module_app ||= ModuleApp.first(conditions: {:key => @app_title} ) # raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil? end private def can_use unless @override_can_use check_backend_openness if @public setup_vars set_current_user unless @public authenticate_user! check_user_can_use end end end def set_public @public = true end def check_user_can_use unless current_or_guest_user.admin? || @module_app.is_manager?(current_or_guest_user) || @module_app.is_sub_manager?(current_or_guest_user) || @module_app.can_approve?(current_or_guest_user) redirect_to root_url end end end end