orbit4-5/lib/orbit_core_lib.rb

module  OrbitCoreLib
  module Preview
    def self.included(base)

      # base.instance_eval("field :is_preview,type: Boolean,:default => false")
      # base.instance_eval("scope :not_preview,where(:is_preview=>false)")
      base.class_eval ("
        def to_preview
          raise 'Developer,please override to_preview method'  
        end
      ")
    end
  end

  # module  ObjectAuthable
  #   def self.included(base)
  #     base.instance_eval("has_many :object_auths,as: :obj_authable,dependent: :delete")
      
  #     base.define_singleton_method :authed_for_user do |user,title = nil|
  #       sub_role_ids_ary=user.sub_roles.collect{|t| t.id}
  #       if title.nil?
  #         auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s)
  #       else
  #         auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s,title: title)
  #       end
  #       query1 = auth_object_space.any_in({sub_role_ids: sub_role_ids_ary}).excludes(blocked_user_ids: user.id)
  #       query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id}).excludes(blocked_user_ids: user.id)
  #       # query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id},{role_ids: user.role_ids}).excludes(blocked_user_ids: user.id) #save for backup if something went wrong (0626 Matt)

  #       result = (query1 + query2).uniq
  #       result.collect{|t| t.obj_authable}.delete_if{|val| val==nil}
  #     end
        
  #   end
    
  #   def cur_user_is_sub_manager_of(title)
  #      authed_users(title).include?(User.current)
  #   end 

  #   def module_app
  #      ModuleApp.first(conditions: {:title => self.class::APP_NAME} )
  #   end

  #   def pp_object
  #     "Object Auth method 'pp_object' need to be defined for class #{self.class}"
  #   end
    
  #   def get_object_auth_by_title(title)
  #     oa = self.object_auths.where({title: title }).first
  #     if oa.nil? #&& (self.class::ObjectAuthTitlesOptions.include? title)
  #       oa =  self.object_auths.create title: title
  #     end
  #     oa
  #   end
    
  #   def authed_users(title=nil)
  #     users = []
  #     users = case title
  #     when :all
  #        ary = self.object_auths.collect{|t| t.auth_users}
  #        ary.flatten!
  #     when nil
  #       if self.object_auths.count ==1 
  #         self.object_auths.first.auth_users_after_block_list rescue []
  #         else
  #           logger.info "Warning calling a auth commend without specificed value( has multi-auths ), return empty"
  #           []
  #         end
  #     else
  #       get_object_auth_by_title(title).auth_users rescue []
  #     end
  #     users
  #   end
    
  # end
  module  ObjectTokenUtility
    def self.included(base)
      base.instance_eval("field :s_token")
      base.instance_eval("after_create :generate_token")
    end
    
    def token
      return self.s_token
    end
    
    protected
     def generate_token
       self.s_token = SecureRandom.hex(16)
       self.save!
     end
  end
  
  module PermissionUtility
  private
    def check_permission(type = :use)
    permission_grant =  current_user.is_admin?? true : false
      module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app
      unless permission_grant
        permission_grant = case type
        when :use
          users_ary = @module_authorized_users rescue nil
          users_ary = [] if users_ary.nil?
          (users_ary.include?(current_user) || current_user.is_manager?(@module_app) || current_user.is_sub_manager?(@module_app))
        when :manager
          current_user.is_manager?(@module_app)
        when :sub_manager  
          current_user.is_manager?(@module_app) || current_user.is_sub_manager?(@module_app)
        end  
      end
      permission_grant
    end
    def find_module_app_by_token(token)
      ModuleApp.first(conditions: {s_token: token})
    end
  end

  module Authorize
    def self.included(base)
      base.class_eval do
        before_filter :can_use
        send :include, InstanceMethods
      end
    end

    module InstanceMethods
      protected
      def can_use
        setup_vars
        unless @no_authorization
          if @workgroup
            @open = false
            @visitor = false
            @workgroup.each do |workgroup|
              case workgroup
              when :admin
                @open ||= check_admin
              when :manager
                @open ||= check_manager
              when :sub_manager
                @open ||= check_sub_manager
              when :user
                @open ||= true
              end
            end
            authenticate_user if current_user.nil
            redirect_to root_url unless @open
          else
            authenticate_user
            check_user_can_use
          end
        end
      end

      def check_admin
        current_user.is_admin?
      end

      def check_manager
        check_admin || current_user.is_manager?(@module_app)
      end

      def check_sub_manager
        check_admin || check_manager || current_user.is_sub_manager?(@module_app)
      end

      def open_for(var)
        @user_type ||= []
        @user_type << var
      end

      def no_authorization
        @no_authorization = true
      end

      def check_user_can_use
        if ((current_user.is_admin? if current_user.present?) || (current_user.is_manager?(@module_app) if current_user.present?) || (current_user.is_sub_manager?(@module_app) if current_user.present?))
          # redirect_to admin_dashboards_url
        elsif ((current_user.is_admin? if current_user.present?) || (current_user.is_manager?(@module_app) if current_user.present?) || (current_user.is_sub_manager?(@module_app) if current_user.present?)).eql?(false)
          render "public/404" , layout: "back_end"
        end
      end

      def setup_vars
        @app_title ||= controller_path.split('/')[1].singularize rescue nil
        @module_app ||= ModuleApp.find_by(key: @app_title) rescue nil
        @module_authorized_users ||= Authorization.module_authorized_users(@module_app.id).pluck(:user_id) rescue nil
      end
    end
  end

end
authorization, module auth, category auth, member roles 2014-05-01 07:14:16 +00:00			`module OrbitCoreLib`
			`module Preview`
			`def self.included(base)`

			`# base.instance_eval("field :is_preview,type: Boolean,:default => false")`
			`# base.instance_eval("scope :not_preview,where(:is_preview=>false)")`
			`base.class_eval ("`
			`def to_preview`
			`raise 'Developer,please override to_preview method'`
			`end`
			`")`
			`end`
			`end`

			`# module ObjectAuthable`
			`# def self.included(base)`
			`# base.instance_eval("has_many :object_auths,as: :obj_authable,dependent: :delete")`

			`# base.define_singleton_method :authed_for_user do \|user,title = nil\|`
			`# sub_role_ids_ary=user.sub_roles.collect{\|t\| t.id}`
			`# if title.nil?`
			`# auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s)`
			`# else`
			`# auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s,title: title)`
			`# end`
			`# query1 = auth_object_space.any_in({sub_role_ids: sub_role_ids_ary}).excludes(blocked_user_ids: user.id)`
			`# query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id}).excludes(blocked_user_ids: user.id)`
			`# # query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id},{role_ids: user.role_ids}).excludes(blocked_user_ids: user.id) #save for backup if something went wrong (0626 Matt)`

			`# result = (query1 + query2).uniq`
			`# result.collect{\|t\| t.obj_authable}.delete_if{\|val\| val==nil}`
			`# end`

			`# end`

			`# def cur_user_is_sub_manager_of(title)`
			`# authed_users(title).include?(User.current)`
			`# end`

			`# def module_app`
			`# ModuleApp.first(conditions: {:title => self.class::APP_NAME} )`
			`# end`

			`# def pp_object`
			`# "Object Auth method 'pp_object' need to be defined for class #{self.class}"`
			`# end`

			`# def get_object_auth_by_title(title)`
			`# oa = self.object_auths.where({title: title }).first`
			`# if oa.nil? #&& (self.class::ObjectAuthTitlesOptions.include? title)`
			`# oa = self.object_auths.create title: title`
			`# end`
			`# oa`
			`# end`

			`# def authed_users(title=nil)`
			`# users = []`
			`# users = case title`
			`# when :all`
			`# ary = self.object_auths.collect{\|t\| t.auth_users}`
			`# ary.flatten!`
			`# when nil`
			`# if self.object_auths.count ==1`
			`# self.object_auths.first.auth_users_after_block_list rescue []`
			`# else`
			`# logger.info "Warning calling a auth commend without specificed value( has multi-auths ), return empty"`
			`# []`
			`# end`
			`# else`
			`# get_object_auth_by_title(title).auth_users rescue []`
			`# end`
			`# users`
			`# end`

			`# end`
			`module ObjectTokenUtility`
			`def self.included(base)`
			`base.instance_eval("field :s_token")`
			`base.instance_eval("after_create :generate_token")`
			`end`

			`def token`
			`return self.s_token`
			`end`

			`protected`
			`def generate_token`
			`self.s_token = SecureRandom.hex(16)`
			`self.save!`
			`end`
			`end`

			`module PermissionUtility`
			`private`
			`def check_permission(type = :use)`
			`permission_grant = current_user.is_admin?? true : false`
			`module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app`
			`unless permission_grant`
			`permission_grant = case type`
			`when :use`
			`users_ary = @module_authorized_users rescue nil`
			`users_ary = [] if users_ary.nil?`
			`(users_ary.include?(current_user) \|\| current_user.is_manager?(@module_app) \|\| current_user.is_sub_manager?(@module_app))`
			`when :manager`
			`current_user.is_manager?(@module_app)`
			`when :sub_manager`
			`current_user.is_manager?(@module_app) \|\| current_user.is_sub_manager?(@module_app)`
			`end`
			`end`
			`permission_grant`
			`end`
			`def find_module_app_by_token(token)`
			`ModuleApp.first(conditions: {s_token: token})`
			`end`
			`end`

			`module Authorize`
			`def self.included(base)`
			`base.class_eval do`
			`before_filter :can_use`
			`send :include, InstanceMethods`
			`end`
			`end`

			`module InstanceMethods`
			`protected`
			`def can_use`
			`setup_vars`
			`unless @no_authorization`
			`if @workgroup`
			`@open = false`
			`@visitor = false`
			`@workgroup.each do \|workgroup\|`
			`case workgroup`
			`when :admin`
			`@open \|\|= check_admin`
			`when :manager`
			`@open \|\|= check_manager`
			`when :sub_manager`
			`@open \|\|= check_sub_manager`
			`when :user`
			`@open \|\|= true`
			`end`
			`end`
			`authenticate_user if current_user.nil`
			`redirect_to root_url unless @open`
			`else`
			`authenticate_user`
			`check_user_can_use`
			`end`
			`end`
			`end`

			`def check_admin`
			`current_user.is_admin?`
			`end`

			`def check_manager`
			`check_admin \|\| current_user.is_manager?(@module_app)`
			`end`

			`def check_sub_manager`
			`check_admin \|\| check_manager \|\| current_user.is_sub_manager?(@module_app)`
			`end`

			`def open_for(var)`
			`@user_type \|\|= []`
			`@user_type << var`
			`end`

			`def no_authorization`
			`@no_authorization = true`
			`end`

			`def check_user_can_use`
			`if ((current_user.is_admin? if current_user.present?) \|\| (current_user.is_manager?(@module_app) if current_user.present?) \|\| (current_user.is_sub_manager?(@module_app) if current_user.present?))`
			`# redirect_to admin_dashboards_url`
			`elsif ((current_user.is_admin? if current_user.present?) \|\| (current_user.is_manager?(@module_app) if current_user.present?) \|\| (current_user.is_sub_manager?(@module_app) if current_user.present?)).eql?(false)`
			`render "public/404" , layout: "back_end"`
			`end`
			`end`

			`def setup_vars`
			`@app_title \|\|= controller_path.split('/')[1].singularize rescue nil`
			`@module_app \|\|= ModuleApp.find_by(key: @app_title) rescue nil`
			`@module_authorized_users \|\|= Authorization.module_authorized_users(@module_app.id).pluck(:user_id) rescue nil`
			`end`
			`end`
			`end`

			`end`