add authorization

2014-08-01 12:23:53 +08:00 · 2014-08-01 12:23:53 +08:00 · e9e29da1fc
parent c503d45791
commit e9e29da1fc
8 changed files with 26 additions and 19 deletions
--- a/app/controllers/admin/journal_levels_controller.rb
+++ b/app/controllers/admin/journal_levels_controller.rb
@ -1,4 +1,5 @@
-class Admin::JournalLevelsController < ApplicationController
+class Admin::JournalLevelsController < OrbitMemberController
+  before_action :allow_admin_only
  before_action :set_journal_level, only: [:edit, :update, :destroy]

  def initialize
--- a/app/controllers/admin/journal_paper_author_types_controller.rb
+++ b/app/controllers/admin/journal_paper_author_types_controller.rb
@ -1,4 +1,5 @@
-class Admin::JournalPaperAuthorTypesController < ApplicationController
+class Admin::JournalPaperAuthorTypesController < OrbitMemberController
+  before_action :allow_admin_only
  before_action :set_journal_paper_author_type, only: [:edit, :update, :destroy]

  def initialize
--- a/app/controllers/admin/journal_paper_types_controller.rb
+++ b/app/controllers/admin/journal_paper_types_controller.rb
@ -1,5 +1,5 @@
-class Admin::JournalPaperTypesController < ApplicationController
-
+class Admin::JournalPaperTypesController < OrbitMemberController
+  before_action :allow_admin_only
  before_action :set_journal_paper_type, only: [:edit, :update, :destroy]

  def initialize
--- a/app/controllers/admin/journal_papers_controller.rb
+++ b/app/controllers/admin/journal_papers_controller.rb
@ -8,6 +8,8 @@ class Admin::JournalPapersController < OrbitMemberController
  before_action :find_journal_paper, only: [:destroy]
  before_action :set_plugin

+  before_action :need_access_right
+  before_action :allow_admin_only, :only => [:index, :writing_journal_setting]

  def index
    @writing_journals = JournalPaper.order_by(:year=>'desc').page(params[:page]).per(10)
@ -39,7 +41,7 @@ class Admin::JournalPapersController < OrbitMemberController
    @journal_paper = JournalPaper.new(journal_paper_attributes)
    respond_to do |format|
      if @journal_paper.save
-        format.html { redirect_to admin_journal_papers_path }
+        format.html { redirect_to params['referer_url'] }
        format.json { render action: 'show', status: :created, location: @journal_paper }
      else
        format.html { render action: 'new' }
@ -53,7 +55,7 @@ class Admin::JournalPapersController < OrbitMemberController
    
    respond_to do |format|
      if @journal_paper.update_attributes(journal_paper_attributes)
-        format.html { redirect_to admin_journal_papers_path }
+        format.html { redirect_to params['referer_url'] }
          # format.js  { render 'toggle_enable' }
        format.json { head :no_content }
      else
--- a/app/controllers/journal_papers_controller.rb
+++ b/app/controllers/journal_papers_controller.rb
@ -24,6 +24,8 @@ class JournalPapersController < ApplicationController
  def show
    params = OrbitHelper.params
    journal_paper = JournalPaper.find_by(uid: params[:uid])
+    field_to_show = ["year", "language", "vol_no", "issue_no", "form_to_start", "form_to_end", "total_pages", "isbn", "publication_date", "url", "note", "journal_title", "paper_title", "updated_at", "created_at", "uid", "journal_level_ids", "journal_paper_author_type_ids", "member_profile_id"]
+
    publication_date = journal_paper.publication_date.to_date.strftime("%Y/%m/%d") rescue nil
  	files = journal_paper.journal_paper_files.map{|file|  { "file_url" =>  file.journal_file.url, "file_title" => (file.title.blank? ? File.basename(file.file.path) : file.title) } } rescue []
  	{
--- a/app/views/admin/journal_papers/_form.html.erb
+++ b/app/views/admin/journal_papers/_form.html.erb
@ -309,6 +309,7 @@

 <!-- Form Actions -->
 <div class="form-actions">
+  <input type="hidden" name="referer_url" value="<%= request.referer %>">
  <%= f.submit t('submit'), class: 'btn btn-primary' %>
  <%= link_to t('cancel'), get_go_back, :class=>"btn" %>  
 </div>
--- a/app/views/admin/journal_papers/index.html.erb
+++ b/app/views/admin/journal_papers/index.html.erb
@ -14,7 +14,6 @@
 <div class="bottomnav clearfix">
 	<div class="action pull-right">
 	<%= link_to content_tag(:i, nil, :class => 'icon-cog icon-white') + t('setting'), admin_writing_journal_setting_path, :class => 'btn btn-primary pull-right' %>
-	<%= link_to content_tag(:i, nil, :class => 'icon-plus icon-white') + t('announcement.add_new'), new_admin_journal_paper_path, :class => 'btn btn-primary pull-right' %>
 	</div>
 	<div class="pagination pagination-centered">
 		<%= content_tag :div, paginate(@writing_journals), class: "pagination pagination-centered" %>
--- a/app/views/plugin/journal_paper/_profile.html.erb
+++ b/app/views/plugin/journal_paper/_profile.html.erb
@ -23,8 +23,7 @@
    @filter = {new_filter[:type] => [new_filter[:id].to_s]}
  end

-  is_autorized_user = (current_user==@member.user || current_user.is_admin?)
-  if is_autorized_user
+  if has_access?
    @writing_journals = JournalPaper.where(member_profile_id: @member.id).desc(:year).page(params[:page]).per(10)
  else
    @writing_journals = JournalPaper.where(is_hidden: false, member_profile_id: @member.id).desc(:year).page(params[:page]).per(10)
@ -32,7 +31,7 @@

 %>

-<% if current_user.is_admin? %>
+<% if has_access? %>
 <div class="list-active">
  <div class="btn-group">
    <%= link_to('Hide', '#', :class => "btn btn-mini list-active-btn disabled", "data-check-action" => "list-be-hide", :rel => data_share_admin_journal_papers_path(member_profile_id: params[:id], disable: 'true') ) %>
@ -44,7 +43,7 @@
 <table class="table table-condensed table-striped main-list">
  <thead>
    <tr>
-      <% if current_user.is_admin? %>
+      <% if has_access? %>
      <th><input type="checkbox" /></th>
      <% end -%>
      <th class="span1"><%= t('personal_journal.year') %></th>
@ -59,7 +58,7 @@
  <% @writing_journals.each do |writing_journal| %> 
      
    <tr id="<%= dom_id writing_journal %>" class="<%= writing_journal.is_hidden ? "checkHide" : "" %>">
-      <% if is_admin? %>
+      <% if has_access? %>
      <td>
        <%= check_box_tag 'to_change[]', writing_journal.id.to_s, false, :class => "list-check" %>
      </td>
@ -69,8 +68,10 @@
      <%= link_to writing_journal.create_link, page_for_journal_paper(writing_journal), target: "blank"%>
      <div class="quick-edit">
        <ul class="nav nav-pills hide">
+          <% if has_access? %>
            <li><%= link_to t('edit'), edit_admin_journal_paper_path(writing_journal, member_profile_id: @member.id) %></li>
            <li><%= link_to t(:delete_), admin_journal_paper_path(id: writing_journal.id, member_profile_id: @member.id), method: :delete, remote: true, data: { confirm: t('sure?') } %></li>
+          <% end %> 
        </ul>
      </div>

@ -83,13 +84,13 @@
  </tbody>
 </table>

-<% if current_user.is_admin? %>
+<% if has_access? %>
 <div class="bottomnav clearfix">

  <div class="action pull-right">
-    <%= link_to content_tag(:i, nil, :class => 'icon-plus') + t('personal_plugins.edit_brief_intro'),admin_journal_paper_intros_path(member_profile_id: @member.id), :class => 'btn btn-primary' %>
+    <%= link_to content_tag(:i, nil, :class => 'icon-edit') +' '+ t('setting'),admin_journal_paper_intros_path(member_profile_id: @member.id), :class => 'btn btn-primary' %>

-    <%= link_to content_tag(:i, nil, :class => 'icon-plus') + t('announcement.add_new'), new_admin_journal_paper_path(member_profile_id: @member.id), :class => 'btn btn-primary' %>
+    <%= link_to content_tag(:i, nil, :class => 'icon-plus') + t('new_'), new_admin_journal_paper_path(member_profile_id: @member.id), :class => 'btn btn-primary' %>
  </div>
  <div class="pagination pagination-centered">
    <%= paginate @writing_journals, :params => {:direction => params[:direction], :sort => params[:sort], :filter => @filter, :new_filter => nil} %>