2014-05-01 07:14:16 +00:00
|
|
|
module OrbitCoreLib
|
|
|
|
|
module Preview
|
|
|
|
|
def self.included(base)
|
|
|
|
|
|
|
|
|
|
# base.instance_eval("field :is_preview,type: Boolean,:default => false")
|
|
|
|
|
# base.instance_eval("scope :not_preview,where(:is_preview=>false)")
|
|
|
|
|
base.class_eval ("
|
|
|
|
|
def to_preview
|
|
|
|
|
raise 'Developer,please override to_preview method'
|
|
|
|
|
end
|
|
|
|
|
")
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2014-06-12 10:35:02 +00:00
|
|
|
module ObjectDisable
|
|
|
|
|
def self.included(base)
|
|
|
|
|
|
|
|
|
|
base.instance_eval("field :disable,type: Boolean,:default => false")
|
|
|
|
|
base.instance_eval("scope :all, ->{ where(:disable.in => [false, nil, '']) }")
|
|
|
|
|
base.instance_eval("scope :admin_manager_all, ->{ find(:all) }")
|
|
|
|
|
|
|
|
|
|
base.define_singleton_method :find do |*args|
|
|
|
|
|
if args ==[:all]
|
|
|
|
|
unscoped
|
|
|
|
|
else
|
|
|
|
|
res = unscoped.find(args)
|
|
|
|
|
res.count == 1 ? res[0] : res
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
base.define_singleton_method :first do |*args|
|
|
|
|
|
all.first
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
base.define_singleton_method :last do |*args|
|
|
|
|
|
all.last
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|
|
|
|
|
end
|
2014-05-01 07:14:16 +00:00
|
|
|
# module ObjectAuthable
|
|
|
|
|
# def self.included(base)
|
|
|
|
|
# base.instance_eval("has_many :object_auths,as: :obj_authable,dependent: :delete")
|
|
|
|
|
|
|
|
|
|
# base.define_singleton_method :authed_for_user do |user,title = nil|
|
|
|
|
|
# sub_role_ids_ary=user.sub_roles.collect{|t| t.id}
|
|
|
|
|
# if title.nil?
|
|
|
|
|
# auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s)
|
|
|
|
|
# else
|
|
|
|
|
# auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s,title: title)
|
|
|
|
|
# end
|
|
|
|
|
# query1 = auth_object_space.any_in({sub_role_ids: sub_role_ids_ary}).excludes(blocked_user_ids: user.id)
|
|
|
|
|
# query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id}).excludes(blocked_user_ids: user.id)
|
|
|
|
|
# # query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id},{role_ids: user.role_ids}).excludes(blocked_user_ids: user.id) #save for backup if something went wrong (0626 Matt)
|
|
|
|
|
|
|
|
|
|
# result = (query1 + query2).uniq
|
|
|
|
|
# result.collect{|t| t.obj_authable}.delete_if{|val| val==nil}
|
|
|
|
|
# end
|
|
|
|
|
|
|
|
|
|
# end
|
|
|
|
|
|
|
|
|
|
# def cur_user_is_sub_manager_of(title)
|
|
|
|
|
# authed_users(title).include?(User.current)
|
|
|
|
|
# end
|
|
|
|
|
|
|
|
|
|
# def module_app
|
|
|
|
|
# ModuleApp.first(conditions: {:title => self.class::APP_NAME} )
|
|
|
|
|
# end
|
|
|
|
|
|
|
|
|
|
# def pp_object
|
|
|
|
|
# "Object Auth method 'pp_object' need to be defined for class #{self.class}"
|
|
|
|
|
# end
|
|
|
|
|
|
|
|
|
|
# def get_object_auth_by_title(title)
|
|
|
|
|
# oa = self.object_auths.where({title: title }).first
|
|
|
|
|
# if oa.nil? #&& (self.class::ObjectAuthTitlesOptions.include? title)
|
|
|
|
|
# oa = self.object_auths.create title: title
|
|
|
|
|
# end
|
|
|
|
|
# oa
|
|
|
|
|
# end
|
|
|
|
|
|
|
|
|
|
# def authed_users(title=nil)
|
|
|
|
|
# users = []
|
|
|
|
|
# users = case title
|
|
|
|
|
# when :all
|
|
|
|
|
# ary = self.object_auths.collect{|t| t.auth_users}
|
|
|
|
|
# ary.flatten!
|
|
|
|
|
# when nil
|
|
|
|
|
# if self.object_auths.count ==1
|
|
|
|
|
# self.object_auths.first.auth_users_after_block_list rescue []
|
|
|
|
|
# else
|
|
|
|
|
# logger.info "Warning calling a auth commend without specificed value( has multi-auths ), return empty"
|
|
|
|
|
# []
|
|
|
|
|
# end
|
|
|
|
|
# else
|
|
|
|
|
# get_object_auth_by_title(title).auth_users rescue []
|
|
|
|
|
# end
|
|
|
|
|
# users
|
|
|
|
|
# end
|
|
|
|
|
|
|
|
|
|
# end
|
|
|
|
|
module ObjectTokenUtility
|
|
|
|
|
def self.included(base)
|
|
|
|
|
base.instance_eval("field :s_token")
|
|
|
|
|
base.instance_eval("after_create :generate_token")
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def token
|
|
|
|
|
return self.s_token
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
protected
|
|
|
|
|
def generate_token
|
|
|
|
|
self.s_token = SecureRandom.hex(16)
|
|
|
|
|
self.save!
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
module PermissionUtility
|
|
|
|
|
private
|
|
|
|
|
def check_permission(type = :use)
|
|
|
|
|
permission_grant = current_user.is_admin?? true : false
|
|
|
|
|
module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app
|
|
|
|
|
unless permission_grant
|
|
|
|
|
permission_grant = case type
|
|
|
|
|
when :use
|
|
|
|
|
users_ary = @module_authorized_users rescue nil
|
|
|
|
|
users_ary = [] if users_ary.nil?
|
|
|
|
|
(users_ary.include?(current_user) || current_user.is_manager?(@module_app) || current_user.is_sub_manager?(@module_app))
|
|
|
|
|
when :manager
|
|
|
|
|
current_user.is_manager?(@module_app)
|
|
|
|
|
when :sub_manager
|
|
|
|
|
current_user.is_manager?(@module_app) || current_user.is_sub_manager?(@module_app)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
permission_grant
|
|
|
|
|
end
|
|
|
|
|
def find_module_app_by_token(token)
|
|
|
|
|
ModuleApp.first(conditions: {s_token: token})
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
module Authorize
|
|
|
|
|
def self.included(base)
|
|
|
|
|
base.class_eval do
|
|
|
|
|
before_filter :can_use
|
|
|
|
|
send :include, InstanceMethods
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
module InstanceMethods
|
|
|
|
|
protected
|
|
|
|
|
def can_use
|
|
|
|
|
setup_vars
|
|
|
|
|
unless @no_authorization
|
|
|
|
|
if @workgroup
|
|
|
|
|
@open = false
|
|
|
|
|
@visitor = false
|
|
|
|
|
@workgroup.each do |workgroup|
|
|
|
|
|
case workgroup
|
|
|
|
|
when :admin
|
|
|
|
|
@open ||= check_admin
|
|
|
|
|
when :manager
|
|
|
|
|
@open ||= check_manager
|
|
|
|
|
when :sub_manager
|
|
|
|
|
@open ||= check_sub_manager
|
|
|
|
|
when :user
|
|
|
|
|
@open ||= true
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
authenticate_user if current_user.nil
|
|
|
|
|
redirect_to root_url unless @open
|
|
|
|
|
else
|
|
|
|
|
authenticate_user
|
|
|
|
|
check_user_can_use
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def check_admin
|
|
|
|
|
current_user.is_admin?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def check_manager
|
|
|
|
|
check_admin || current_user.is_manager?(@module_app)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def check_sub_manager
|
|
|
|
|
check_admin || check_manager || current_user.is_sub_manager?(@module_app)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def open_for(var)
|
|
|
|
|
@user_type ||= []
|
|
|
|
|
@user_type << var
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def no_authorization
|
|
|
|
|
@no_authorization = true
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def check_user_can_use
|
2014-05-05 04:29:39 +00:00
|
|
|
condition_check = ((current_user.is_admin? if current_user.present?) || (current_user.is_manager?(@module_app) if current_user.present?) || (current_user.is_sub_manager?(@module_app) if current_user.present?) || (current_user.is_manager_with_role?(@module_app) if current_user.present?))
|
|
|
|
|
if condition_check.eql?(true)
|
2014-05-01 07:14:16 +00:00
|
|
|
# redirect_to admin_dashboards_url
|
2014-05-05 04:29:39 +00:00
|
|
|
elsif condition_check.eql?(false)
|
2014-05-01 07:14:16 +00:00
|
|
|
render "public/404" , layout: "back_end"
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def setup_vars
|
|
|
|
|
@app_title ||= controller_path.split('/')[1].singularize rescue nil
|
|
|
|
|
@module_app ||= ModuleApp.find_by(key: @app_title) rescue nil
|
|
|
|
|
@module_authorized_users ||= Authorization.module_authorized_users(@module_app.id).pluck(:user_id) rescue nil
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|
