From 381c0ab3378899a569b54748e539b831593103ce Mon Sep 17 00:00:00 2001 From: manson Date: Fri, 1 Aug 2014 11:23:03 +0800 Subject: [PATCH] Add authorization --- .../admin/conference_author_types_controller.rb | 4 +++- .../admin/conference_paper_levels_controller.rb | 4 +++- .../admin/conference_paper_types_controller.rb | 4 +++- .../admin/writing_conferences_controller.rb | 7 +++++-- .../admin/writing_conferences/_form.html.erb | 1 + .../personal_conference/_profile.html.erb | 17 +++++++++-------- 6 files changed, 24 insertions(+), 13 deletions(-) diff --git a/app/controllers/admin/conference_author_types_controller.rb b/app/controllers/admin/conference_author_types_controller.rb index 12cd592..6b09399 100644 --- a/app/controllers/admin/conference_author_types_controller.rb +++ b/app/controllers/admin/conference_author_types_controller.rb @@ -1,4 +1,6 @@ -class Admin::ConferenceAuthorTypesController < OrbitAdminController +class Admin::ConferenceAuthorTypesController < OrbitMemberController + before_action :allow_admin_only + def new @author_type = ConferenceAuthorType.new @url = admin_conference_author_types_path(@author_type) diff --git a/app/controllers/admin/conference_paper_levels_controller.rb b/app/controllers/admin/conference_paper_levels_controller.rb index acd4551..f3464aa 100644 --- a/app/controllers/admin/conference_paper_levels_controller.rb +++ b/app/controllers/admin/conference_paper_levels_controller.rb @@ -1,4 +1,6 @@ -class Admin::ConferencePaperLevelsController < OrbitAdminController +class Admin::ConferencePaperLevelsController < OrbitMemberController + before_action :allow_admin_only + def new @paper_level = ConferencePaperLevel.new @url = admin_conference_paper_levels_path(@paper_level) diff --git a/app/controllers/admin/conference_paper_types_controller.rb b/app/controllers/admin/conference_paper_types_controller.rb index 0d34e2c..f598e10 100644 --- a/app/controllers/admin/conference_paper_types_controller.rb +++ b/app/controllers/admin/conference_paper_types_controller.rb @@ -1,4 +1,6 @@ -class Admin::ConferencePaperTypesController < OrbitAdminController +class Admin::ConferencePaperTypesController < OrbitMemberController + before_action :allow_admin_only + def new @paper_type = ConferencePaperType.new @url = admin_conference_paper_types_path(@paper_type) diff --git a/app/controllers/admin/writing_conferences_controller.rb b/app/controllers/admin/writing_conferences_controller.rb index b6564fa..d9d05d5 100644 --- a/app/controllers/admin/writing_conferences_controller.rb +++ b/app/controllers/admin/writing_conferences_controller.rb @@ -4,6 +4,9 @@ class Admin::WritingConferencesController < OrbitMemberController before_action :set_plugin before_action :get_settings,:only => [:new, :edit, :setting] + before_action :allow_admin_only, :only => [:setting] + before_action :need_access_right,:only => [ :new, :create, :edit, :update, :destroy, :frontend_setting, :update_frontend_setting] + def index @writing_conferences = WritingConference.order_by(:year=>'desc').page(params[:page]).per(10) end @@ -17,7 +20,7 @@ class Admin::WritingConferencesController < OrbitMemberController @member = MemberProfile.find(conference_params['member_profile_id']) rescue nil @writing_conference = WritingConference.new(conference_params) @writing_conference.save - redirect_to URI.encode('/admin/members/'+@member.to_param+'/WritingConference') + redirect_to params['referer_url'] end def edit @@ -30,7 +33,7 @@ class Admin::WritingConferencesController < OrbitMemberController @writing_conference = WritingConference.find(params[:id]) @writing_conference.update_attributes(conference_params) @writing_conference.save - redirect_to URI.encode('/admin/members/'+@member.to_param+'/WritingConference') + redirect_to params['referer_url'] end def destroy diff --git a/app/views/admin/writing_conferences/_form.html.erb b/app/views/admin/writing_conferences/_form.html.erb index 3ed9fba..23be3c4 100644 --- a/app/views/admin/writing_conferences/_form.html.erb +++ b/app/views/admin/writing_conferences/_form.html.erb @@ -300,6 +300,7 @@
<%= f.hidden_field :user_id, :value => params[:user_id] if !params[:user_id].blank? %> + <%= f.submit t('submit'), class: 'btn btn-primary' %> <%= link_to t('cancel'), get_go_back, :class=>"btn" %>
diff --git a/app/views/plugin/personal_conference/_profile.html.erb b/app/views/plugin/personal_conference/_profile.html.erb index a624043..971dac7 100644 --- a/app/views/plugin/personal_conference/_profile.html.erb +++ b/app/views/plugin/personal_conference/_profile.html.erb @@ -6,15 +6,14 @@ <% end %> <% - is_autorized_user = (current_user==@member.user || current_user.is_admin?) - if is_autorized_user + if has_access? @writing_conferences = WritingConference.where(member_profile_id: @member.id).desc(:year).page(params[:page]).per(10) else @writing_conferences = WritingConference.where(is_hidden: false, member_profile_id: @member.id).desc(:year).page(params[:page]).per(10) end %> -<% if is_autorized_user %> +<% if has_access? %>
<%= link_to('Hide', '#', :class => "btn btn-mini list-active-btn disabled", "data-check-action" => "list-be-hide", :rel => toggle_hide_admin_writing_conferences_path(member_profile_id: params[:id], disable: 'true') ) %> @@ -26,7 +25,7 @@ - <% if is_autorized_user %> + <% if has_access? %> <% end -%> @@ -39,7 +38,7 @@ <% @writing_conferences.each do |writing_conference| %> "> - <% if is_autorized_user %> + <% if has_access? %> @@ -49,8 +48,10 @@ <%= link_to writing_conference.paper_title, OrbitHelper.url_to_plugin_show(writing_conference.to_param,'personal_conference'), target: "blank"%>
@@ -62,7 +63,7 @@
- <% if is_autorized_user %> + <% if has_access? %>
<%= link_to content_tag(:i, nil, :class => 'icon-edit') +' '+ t('setting'),'/admin/members/'+@member.to_param+'/writing_conferences/frontend_setting', :class => 'btn btn-primary' %> <%= link_to content_tag(:i, nil, :class => 'icon-plus') +' '+ t('new_'),
<%= t('personal_plugins.year') %>
<%= check_box_tag 'to_change[]', writing_conference.id.to_s, false, :class => "list-check" %>