add authorization

2014-08-01 12:24:57 +08:00 · 2014-08-01 12:24:57 +08:00 · 40eea87a01
parent ee08037aad
commit 40eea87a01
4 changed files with 19 additions and 12 deletions
--- a/app/controllers/admin/project_types_controller.rb
+++ b/app/controllers/admin/project_types_controller.rb
@ -1,4 +1,6 @@
-class Admin::ProjectTypesController < OrbitAdminController
+class Admin::ProjectTypesController < OrbitMemberController
+  before_action :allow_admin_only
+  
  def new
    @project_type = ProjectType.new
    @url = admin_project_types_path(@project_type)
--- a/app/controllers/admin/projects_controller.rb
+++ b/app/controllers/admin/projects_controller.rb
@ -4,6 +4,9 @@ class Admin::ProjectsController < OrbitMemberController
  before_action :set_plugin
  before_action :get_settings,:only => [:new, :edit, :setting]

+  before_action :need_access_right
+  before_action :allow_admin_only, :only => [:index, :setting]
+
  def index
    @projects = Project.order_by(:period_start_date=>'desc',:year=>'desc').page(params[:page]).per(10)
  end
@ -17,7 +20,7 @@ class Admin::ProjectsController < OrbitMemberController
    @member = MemberProfile.find(project_params['member_profile_id']) rescue nil
    @project = Project.new(project_params)
    @project.save
-    redirect_to '/admin/members/'+@member.to_param+'/Project'
+    redirect_to params['referer_url']
  end

  def edit
@ -30,7 +33,7 @@ class Admin::ProjectsController < OrbitMemberController
    @project = Project.find(params[:id])
    @project.update_attributes(project_params)
    @project.save
-    redirect_to '/admin/members/'+@member.to_param+'/Project'
+    redirect_to params['referer_url']
  end

  def destroy
@ -66,7 +69,7 @@ class Admin::ProjectsController < OrbitMemberController
    @intro = @intro.nil? ? ProjectIntro.new({:member_profile_id=>@member.id}) : @intro
    @intro.update_attributes(intro_params)
    @intro.save
-    redirect_to '/admin/members/'+@member.to_param+'/Project'
+    redirect_to URI.encode('/admin/members/'+@member.to_param+'/Project')
  end

  def get_settings
--- a/app/views/admin/projects/_form.html.erb
+++ b/app/views/admin/projects/_form.html.erb
@ -231,6 +231,7 @@
 <!-- Form Actions -->
 <div class="form-actions">
  <%= f.hidden_field :user_id, :value => params[:user_id] if !params[:user_id].blank? %>
+  <input type="hidden" name="referer_url" value="<%= request.referer %>">
  <%= f.submit t('submit'), class: 'btn btn-primary' %>
  <%= link_to t('cancel'), get_go_back, :class=>"btn" %>  
 </div>
--- a/app/views/plugin/personal_project/_profile.html.erb
+++ b/app/views/plugin/personal_project/_profile.html.erb
@ -6,15 +6,14 @@
 <% end %>

 <%
-  is_autorized_user = (current_user==@member.user || current_user.is_admin?)
-  if is_autorized_user
+  if has_access?
    @projects = Project.where(member_profile_id: @member.id).desc(:year).page(params[:page]).per(10)
  else
    @projects = Project.where(is_hidden: false, member_profile_id: @member.id).desc(:year).page(params[:page]).per(10)
  end
 %>

-<% if is_autorized_user %>
+<% if has_access? %>
  <div class="list-active">
    <div class="btn-group">
      <%= link_to('Hide', '#', :class => "btn btn-mini list-active-btn disabled", "data-check-action" => "list-be-hide", :rel => toggle_hide_admin_projects_path(member_profile_id: params[:id], disable: 'true') ) %>
@ -26,7 +25,7 @@
 <table class="table table-condensed table-striped main-list">
  <thead>
    <tr>
-      <% if is_autorized_user %>
+      <% if has_access? %>
        <th><input type="checkbox" /></th>
      <% end -%>
      <th class="span2"><%= t('personal_project.year') %></th>
@ -37,7 +36,7 @@
  <tbody>
    <% @projects.each do |project| %> 
      <tr id="<%= dom_id project %>" class="<%= project.is_hidden ? "checkHide" : "" %>">
-        <% if is_autorized_user %>
+        <% if has_access? %>
          <td>
            <%= check_box_tag 'to_change[]', project.id.to_s, false, :class => "list-check" %>
          </td>
@ -47,8 +46,10 @@
          <%= link_to project.project_title, OrbitHelper.url_to_plugin_show(project.to_param,'personal_project').to_s, target: "blank"%>
          <div class="quick-edit">
            <ul class="nav nav-pills hide">
-              <li><%= link_to t('edit'), '/admin/members/'+@member.to_param+'/projects/'+project.id+'/edit' %></li>
-              <li><%= link_to t(:delete_), admin_project_path(id: project.id, member_profile_id: @member.id), method: :delete, remote: true, data: { confirm: t('sure?') } %></li>
+              <% if has_access? %>
+                <li><%= link_to t('edit'), '/admin/members/'+@member.to_param+'/projects/'+project.id+'/edit' %></li>
+                <li><%= link_to t(:delete_), admin_project_path(id: project.id, member_profile_id: @member.id), method: :delete, remote: true, data: { confirm: t('sure?') } %></li>
+              <% end %> 
            </ul>
          </div>
        </td>
@ -60,7 +61,7 @@


 <div class="bottomnav clearfix">
-  <% if is_autorized_user %>
+  <% if has_access? %>
    <div class="action pull-right">
      <%= link_to content_tag(:i, nil, :class => 'icon-edit') +' '+ t('setting'),'/admin/members/'+@member.to_param+'/projects/frontend_setting', :class => 'btn btn-primary' %>
      <%= link_to content_tag(:i, nil, :class => 'icon-plus') +' '+ t('new_'),