diff --git a/app/assets/javascripts/admin/dashboards.js.coffee b/app/assets/javascripts/admin/dashboards.js.coffee
deleted file mode 100644
index 24f83d1..0000000
--- a/app/assets/javascripts/admin/dashboards.js.coffee
+++ /dev/null
@@ -1,3 +0,0 @@
-# Place all the behaviors and hooks related to the matching controller here.
-# All this logic will automatically be available in application.js.
-# You can use CoffeeScript in this file: http://coffeescript.org/
diff --git a/app/assets/javascripts/admin/items.js.coffee b/app/assets/javascripts/admin/items.js.coffee
deleted file mode 100644
index 24f83d1..0000000
--- a/app/assets/javascripts/admin/items.js.coffee
+++ /dev/null
@@ -1,3 +0,0 @@
-# Place all the behaviors and hooks related to the matching controller here.
-# All this logic will automatically be available in application.js.
-# You can use CoffeeScript in this file: http://coffeescript.org/
diff --git a/app/assets/javascripts/announcements.js.coffee b/app/assets/javascripts/announcements.js.coffee
deleted file mode 100644
index 24f83d1..0000000
--- a/app/assets/javascripts/announcements.js.coffee
+++ /dev/null
@@ -1,3 +0,0 @@
-# Place all the behaviors and hooks related to the matching controller here.
-# All this logic will automatically be available in application.js.
-# You can use CoffeeScript in this file: http://coffeescript.org/
diff --git a/app/assets/javascripts/designs.js.coffee b/app/assets/javascripts/designs.js.coffee
deleted file mode 100644
index 24f83d1..0000000
--- a/app/assets/javascripts/designs.js.coffee
+++ /dev/null
@@ -1,3 +0,0 @@
-# Place all the behaviors and hooks related to the matching controller here.
-# All this logic will automatically be available in application.js.
-# You can use CoffeeScript in this file: http://coffeescript.org/
diff --git a/app/assets/javascripts/member-selection.js b/app/assets/javascripts/member-selection.js
new file mode 100644
index 0000000..700f8d5
--- /dev/null
+++ b/app/assets/javascripts/member-selection.js
@@ -0,0 +1,53 @@
+$(document).ready(function() {  
+  $(".select_user_modal").on('click', function(){
+    var ids = [];
+    var users = $(this).siblings('.selected_users').children('span.selected_user');
+    users.each(function(i) {
+      ids.push(users.eq(i).attr('id'));
+    });
+    $("#main-wrap").after("<span id='select_user'></span>");
+    $.ajax({
+      type: 'GET',
+      url: $(this).attr("rel"),
+      dataType: 'script',
+      data: {field: $(this).attr("field"), ids: ids},
+      success: function (msg) {
+        $("#member-filter").modal('show'); },
+      error: function(){
+        alert("ERROR");
+      }
+    });  
+    return false;
+  });
+
+  $(document).on('click', ".remove_user", function(){
+    $(this).parent().remove();
+  });
+
+  $("#remove_users").on('click', function(){
+    var ids = [];
+    var users = $('.selected_user input[type="checkbox"]:checked');
+    users.each(function(i) {
+      ids.push(users.eq(i).parent().attr('id'));
+    });
+    if (users.size() > 0) {
+      // TODO: i18n in javascript
+      if (confirm('Are you sure you want to delete this?')) {      
+        $.ajax({
+          type: 'DELETE',
+          url: $(this).attr("rel"),
+          dataType: 'script',
+          data: {ids: ids},
+          error: function(){
+            // TODO: i18n in javascript
+            alert("ERROR");
+          }
+        }); 
+      }
+    }
+    else {
+      // TODO: i18n in javascript
+      alert('You did not select anything to delete')
+    }
+  });
+});
\ No newline at end of file
diff --git a/app/assets/javascripts/member.js b/app/assets/javascripts/member.js
new file mode 100644
index 0000000..491ffd6
--- /dev/null
+++ b/app/assets/javascripts/member.js
@@ -0,0 +1,7 @@
+//= require basic
+//= require lib/footable-0.1.js
+//= require lib/all-list
+//= require lib/jquery.fastLiveFilter.js
+//= require lib/checkbox.card.js
+//= require lib/jquery.form.js
+//= require lib/member/member-role.js
\ No newline at end of file
diff --git a/app/assets/javascripts/module_store.js.coffee b/app/assets/javascripts/module_store.js.coffee
deleted file mode 100644
index 24f83d1..0000000
--- a/app/assets/javascripts/module_store.js.coffee
+++ /dev/null
@@ -1,3 +0,0 @@
-# Place all the behaviors and hooks related to the matching controller here.
-# All this logic will automatically be available in application.js.
-# You can use CoffeeScript in this file: http://coffeescript.org/
diff --git a/app/assets/javascripts/sessions.js.coffee b/app/assets/javascripts/sessions.js.coffee
deleted file mode 100644
index 24f83d1..0000000
--- a/app/assets/javascripts/sessions.js.coffee
+++ /dev/null
@@ -1,3 +0,0 @@
-# Place all the behaviors and hooks related to the matching controller here.
-# All this logic will automatically be available in application.js.
-# You can use CoffeeScript in this file: http://coffeescript.org/
diff --git a/app/assets/javascripts/sites.js.coffee b/app/assets/javascripts/sites.js.coffee
deleted file mode 100644
index 24f83d1..0000000
--- a/app/assets/javascripts/sites.js.coffee
+++ /dev/null
@@ -1,3 +0,0 @@
-# Place all the behaviors and hooks related to the matching controller here.
-# All this logic will automatically be available in application.js.
-# You can use CoffeeScript in this file: http://coffeescript.org/
diff --git a/app/assets/javascripts/users.js.coffee b/app/assets/javascripts/users.js.coffee
deleted file mode 100644
index 24f83d1..0000000
--- a/app/assets/javascripts/users.js.coffee
+++ /dev/null
@@ -1,3 +0,0 @@
-# Place all the behaviors and hooks related to the matching controller here.
-# All this logic will automatically be available in application.js.
-# You can use CoffeeScript in this file: http://coffeescript.org/
diff --git a/app/assets/stylesheets/admin/items.css.scss b/app/assets/stylesheets/admin/items.css.scss
deleted file mode 100644
index 6c4fb95..0000000
--- a/app/assets/stylesheets/admin/items.css.scss
+++ /dev/null
@@ -1,3 +0,0 @@
-// Place all the styles related to the admin/items controller here.
-// They will automatically be included in application.css.
-// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/app/assets/stylesheets/announcements.css.scss b/app/assets/stylesheets/announcements.css.scss
deleted file mode 100644
index 72e63be..0000000
--- a/app/assets/stylesheets/announcements.css.scss
+++ /dev/null
@@ -1,3 +0,0 @@
-// Place all the styles related to the announcements controller here.
-// They will automatically be included in application.css.
-// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/app/assets/stylesheets/designs.css.scss b/app/assets/stylesheets/designs.css.scss
deleted file mode 100644
index db79e0f..0000000
--- a/app/assets/stylesheets/designs.css.scss
+++ /dev/null
@@ -1,3 +0,0 @@
-// Place all the styles related to the designs controller here.
-// They will automatically be included in application.css.
-// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/app/assets/stylesheets/member.css b/app/assets/stylesheets/member.css
new file mode 100644
index 0000000..9106a19
--- /dev/null
+++ b/app/assets/stylesheets/member.css
@@ -0,0 +1,7 @@
+/*
+  *= require basic
+  *= require lib/wrap-nav
+  *= require lib/main-list
+  *= require lib/filter
+  *= require lib/pageslide
+*/
\ No newline at end of file
diff --git a/app/assets/stylesheets/member_select.css b/app/assets/stylesheets/member_select.css
new file mode 100644
index 0000000..0d4e9df
--- /dev/null
+++ b/app/assets/stylesheets/member_select.css
@@ -0,0 +1,237 @@
+/* Member Filter */
+#select_user #select_user_modal.modal {
+  width: 80%;
+  margin-left: -40%;
+}
+#select_user #select_user_modal .modal-body {
+  max-height: 425px;
+}
+#select_user #select_user_modal .modal-body form {
+  margin-bottom: 0px;
+}
+#select_user #select_user_modal .modal-body form fieldset {
+  min-height: 360px;
+}
+#select_user #select_user_modal .modal-body .radio.inline,
+#select_user #select_user_modal .modal-body .checkbox.inline {
+  display: inline-block;
+  padding-top: 5px;
+  margin-bottom: 0;
+  vertical-align: middle;
+  min-width: 100px;
+  margin-left: 0;
+}
+#select_user #select_user_modal .modal-body .form-actions {
+  margin: 20px 0 0;
+  padding: 10px 0 0;
+  background-color: transparent;
+  text-align: right;
+}
+#select_user #select_user_modal .modal-body .tabs-left > .nano {
+  width: 160px;
+  min-height: 425px;
+  float: left;
+}
+#select_user #select_user_modal .modal-body .tabs-left > .nano .pane {
+  right: 6px;
+}
+#select_user #select_user_modal .modal-body .tabs-left > .nano > .content > .nav-tabs {
+  width: 140px;
+  float: left;
+  margin-bottom: 0;
+  margin-right: 0;
+  border-right: 1px solid #ddd;
+  border-bottom: none;
+}
+#select_user #select_user_modal .modal-body .tabs-left > .nano > .content > .nav-tabs > li {
+  float: none;
+}
+#select_user #select_user_modal .modal-body .tabs-left > .nano > .content > .nav-tabs > li > a {
+  min-width: 74px;
+  margin-right: 0;
+  margin-bottom: 3px;
+}
+#select_user #select_user_modal .modal-body .tabs-left > .nano > .content > .nav-tabs > li > a {
+  margin-right: -1px;
+  -webkit-border-radius: 4px 0 0 4px;
+     -moz-border-radius: 4px 0 0 4px;
+          border-radius: 4px 0 0 4px;
+}
+#select_user #select_user_modal .modal-body .tabs-left > .nano > .content > .nav-tabs > li > a:hover {
+  border-color: #eeeeee #dddddd #eeeeee #eeeeee;
+}
+#select_user #select_user_modal .modal-body .tabs-left > .nano > .content > .nav-tabs .active > a,
+#select_user #select_user_modal .modal-body .tabs-left > .nano > .content > .nav-tabs .active > a:hover {
+  border-color: #ddd transparent #ddd #ddd;
+  *border-right-color: #ffffff;
+}
+#select_user #select_user_modal .member-filter-options {
+  float: left;
+  display: inline-block;
+  width: 175px;
+  min-height: 425px;
+  margin-right: 10px;
+  padding: 0 10px 0 0;
+}
+#select_user #select_user_modal .member-filter-options select {
+  width: 165px; 
+}
+#select_user #select_user_modal .member-filter-options .btn {
+  display: block;
+}
+#select_user #select_user_modal .member-filter-result {
+  padding-left: 15px;
+  min-height: 360px;
+  width: auto;
+}
+
+
+/* Check Box Card */
+.checkbox-card {
+  margin: 0;
+}
+.checkbox-card li {
+  position: relative;
+  list-style: none;
+  color: #FFFFFF;
+  width: 180px;
+  height: 40px;
+  margin: 0 10px 10px 0;
+  float: left;
+  display: inline-block;
+  background-color: #cccccc;
+  overflow: hidden;
+  -webkit-border-radius: 3px;
+     -moz-border-radius: 3px;
+      border-radius: 3px;
+  -webkit-transition: all .2s linear;
+     -moz-transition: all .2s linear;
+     -o-transition: all .2s linear;
+      transition: all .2s linear;
+}
+.checkbox-card li.mark {
+  width: 0;
+  height: 0;
+  padding: 0;
+  margin: 0;
+  -ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=0)";
+  filter: alpha(opacity=0);
+  opacity: 0;
+  visibility: hidden;
+}
+.checkbox-card li:hover {
+  background-color: #0088cc;
+}
+.checkbox-card li:after {
+  content: "";
+  display: block;
+  clear: both;
+  height: 0;
+  visibility: hidden;
+}
+.checkbox-card li.active:before {
+  -webkit-text-size-adjust : none;
+  font-family: FontAwesome;
+  font-weight: normal;
+  font-style: normal;
+  color: #FFF;
+  text-decoration: inherit;
+  content: "\f00c";
+  position: absolute;
+  right: 0px;
+  top: 0px;
+  line-height: 14px;
+  text-indent: 10px;
+  font-size: 10px;
+  width: 0px;
+  height: 0px;
+  border-style: solid;
+  border-width: 0 22px 22px 0;
+  border-color: transparent #51a351 transparent transparent;
+}
+.checkbox-card li.active label {
+}
+.checkbox-card li label {
+  margin-bottom: 0px;
+  overflow: hidden;
+  -webkit-border-radius: 3px;
+     -moz-border-radius: 3px;
+      border-radius: 3px;
+}
+.checkbox-card li input {
+  opacity: 0;
+  width: 100%;
+  height: 100%;
+  position: absolute;
+  top: 0;
+  left: 0;
+  margin: 0;
+  z-index: 10;
+}
+.checkbox-card li label span {
+  -webkit-text-size-adjust : none;
+  font-size: 10px;
+  display: block;
+  width: 130px;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  color: #666666;
+  margin-top: -3px;
+}
+.checkbox-card li:hover label span,
+.checkbox-card li:hover label span.user-name {
+  color: #FFFFFF;
+}
+.checkbox-card li label span.user-name {
+  font-size: 12px;
+  color: #363636;
+  padding: 2px 0 0;
+  margin-top: 0;
+}
+.checkbox-card li .user-pic {
+  float: left;
+  margin-right: 5px;
+  width: 40px;
+  height: 40px;
+}
+#selected_users .selected_user {
+  display: inline-block;
+  margin-bottom: 5px;
+}
+#selected_users .selected_user .remove_user {
+  font-size: 15px;
+}
+#selected_email_users .selected_user {
+  display: inline-block;
+  margin-bottom: 5px;
+}
+#selected_email_users .selected_user .remove_user {
+  font-size: 15px;
+}
+/*
+.promoter {
+  border-color: #CCCCCC;
+  border-style: solid;
+  border-width: 0 1px;
+  padding: 0 10px 5px 10px;
+}
+.promoter > div {
+  border-bottom: 1px solid #CCCCCC;
+}
+.promoter > div:after {
+  content: "";
+  clear: both;
+  display: block;
+  visibility: hidden;
+}
+.promoter > div > span {
+  display: block;
+  margin-left: 70px;
+  padding-bottom: 5px;
+}
+.promoter p {
+  width: 70px;
+  float: left;
+  text-align:right;
+}*/
\ No newline at end of file
diff --git a/app/assets/stylesheets/module_store.css.scss b/app/assets/stylesheets/module_store.css.scss
deleted file mode 100644
index b7d604b..0000000
--- a/app/assets/stylesheets/module_store.css.scss
+++ /dev/null
@@ -1,3 +0,0 @@
-// Place all the styles related to the module_store controller here.
-// They will automatically be included in application.css.
-// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/app/assets/stylesheets/sessions.css.scss b/app/assets/stylesheets/sessions.css.scss
deleted file mode 100644
index 7bef9cf..0000000
--- a/app/assets/stylesheets/sessions.css.scss
+++ /dev/null
@@ -1,3 +0,0 @@
-// Place all the styles related to the sessions controller here.
-// They will automatically be included in application.css.
-// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/app/assets/stylesheets/sites.css.scss b/app/assets/stylesheets/sites.css.scss
deleted file mode 100644
index 682e55c..0000000
--- a/app/assets/stylesheets/sites.css.scss
+++ /dev/null
@@ -1,3 +0,0 @@
-// Place all the styles related to the sites controller here.
-// They will automatically be included in application.css.
-// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/app/assets/stylesheets/users.css.scss b/app/assets/stylesheets/users.css.scss
deleted file mode 100644
index 1efc835..0000000
--- a/app/assets/stylesheets/users.css.scss
+++ /dev/null
@@ -1,3 +0,0 @@
-// Place all the styles related to the users controller here.
-// They will automatically be included in application.css.
-// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/app/controllers/admin/authorizations_controller.rb b/app/controllers/admin/authorizations_controller.rb
new file mode 100644
index 0000000..3da0d14
--- /dev/null
+++ b/app/controllers/admin/authorizations_controller.rb
@@ -0,0 +1,79 @@
+class Admin::AuthorizationsController < OrbitAdminController
+  layout "back_end"
+
+  def index
+  	@module_apps ||= ModuleApp.any_of({authorizable: true}).order_by([:title, :asc])
+    if @module_apps && @module_apps.include?(@module_app)
+      if @type
+        case @type
+        when 'category_authorization'
+          if (@module_app.categorizable || @module_app.categories.present?)
+            @objects = @module_app.categories rescue nil
+          else
+            @error = t(:no_category)
+          end
+        else
+          @objects = @klass.all
+        end
+        unless @objects.blank?
+          @object ||= @objects.first
+          @authorizations = Authorization.category_authorized_users(@object.id)
+        else
+          @error = t(:no_data)
+        end
+      else 
+        @authorizations = Authorization.module_authorized_users(@module_app.id)
+      end
+    elsif @module_apps
+      @module_app = @module_apps.first
+    else
+        redirect_to :root
+    end
+  end
+
+    def add_users
+      users = User.find(params[:user_ids]) rescue nil
+      unless users.nil?
+        authorization = get_or_create_authorization
+        add_users_to_auth(authorization, users)
+      end
+      @users = authorization.authorized_users
+      render 'admin/authorizations/reload_users'
+    end
+
+  def modal_select
+    existing_users = User.find(params[:ids]) rescue []
+    roles = Role.all
+    if @type
+      @object_id = @object.id if @object
+      @sorted_users = roles.inject({}) do |users, role|
+        users[role] = role.users.where(admin: false) - existing_users - @module_app.managers
+        users
+      end
+    else
+      @sorted_users = roles.inject({}) do |users, role|
+        users[role] = role.users.where(admin: false) - existing_users
+        users
+      end
+    end
+  end
+
+
+  private
+
+  def admin_or_manager
+    @override_can_use = true
+    setup_vars   
+    authenticate_user!
+    current_user.is_manager?(@module_app) unless current_user.is_admin?
+  end
+
+  def setup_vars
+    @module_app = ModuleApp.find_by(key: params[:module]) if params[:module]
+    @type = params[:type].underscore if params[:type]
+    if @type
+      @klass = @type.gsub('_authorization', '').gsub('_approval', '').classify.constantize rescue nil
+      @object = @klass.find(params[:id]) rescue nil
+    end
+  end
+end
diff --git a/app/controllers/admin/members_controller.rb b/app/controllers/admin/members_controller.rb
new file mode 100644
index 0000000..26b341f
--- /dev/null
+++ b/app/controllers/admin/members_controller.rb
@@ -0,0 +1,81 @@
+class Admin::MembersController < OrbitMemberController
+  def index
+  	@roles = Role.all
+
+  	@filter = params[:filter]
+    @mq = params[:mq]
+    @new_filter = params[:new_filter]
+
+    if @filter && params[:clear]
+      @filter.delete(params[:type])
+    elsif @filter && @new_filter
+      if @filter.has_key?(@new_filter[:type]) && @filter[@new_filter[:type]].include?(@new_filter[:id].to_s)
+        @filter[@new_filter[:type]].delete(@new_filter[:id].to_s)
+      elsif @filter.has_key?(@new_filter[:type])
+        @filter[@new_filter[:type]] << @new_filter[:id].to_s
+      else
+        @filter.merge!({@new_filter[:type] => [@new_filter[:id].to_s]})
+      end
+    elsif @new_filter
+      @filter = {@new_filter[:type] => [@new_filter[:id].to_s]}
+    end
+
+        if @filter.blank? and @mq.blank?
+
+      render case params[:at]
+        when 'summary'
+          @users=User.all.desc("_id")
+          "index_summary"
+        when 'thumbnail'
+          @users=User.all.desc("_id")
+          "index_thumbnail"
+        else
+          @users=User.all.desc("_id")
+          "index"
+      end
+
+    elsif @filter.blank? and !@mq.blank?
+
+      render case params[:at]
+        when 'summary'
+          @users=User.all.any_of({:user_id => /#{@mq}/i}, {:first_name => /#{@mq}/i}, {:last_name => /#{@mq}/i}, {:email => /#{@mq}/i}, {:office_tel => /#{@mq}/i}).desc("_id")
+          "index_summary"
+        when 'thumbnail'
+          @users=User.all.any_of({:user_id => /#{@mq}/i}, {:first_name => /#{@mq}/i}, {:last_name => /#{@mq}/i}, {:email => /#{@mq}/i}, {:office_tel => /#{@mq}/i}).desc("_id")
+          "index_thumbnail"
+        else
+          @users=User.all.any_of({:user_id => /#{@mq}/i}, {:first_name => /#{@mq}/i}, {:last_name => /#{@mq}/i}, {:email => /#{@mq}/i}, {:office_tel => /#{@mq}/i}).desc("_id")
+          "index"
+      end
+
+    elsif !@filter.blank? and @mq.blank?
+
+      render case params[:at]
+        when 'summary'
+          @users=User.all.any_in(:role_ids=>@filter['role']).desc("_id")
+          "index_summary"
+        when 'thumbnail'
+          @users=User.all.any_in(:role_ids=>@filter['role']).desc("_id")
+          "index_thumbnail"
+        else
+          @users=User.all.any_in(:role_ids=>@filter['role']).desc("_id")
+          "index"
+      end
+
+    end
+
+  end
+
+  def new
+  	@member = MemberProfile.new
+  end
+
+  def edit
+  end
+
+  def create
+  end
+
+  def update
+  end
+end
diff --git a/app/controllers/admin/module_apps_controller.rb b/app/controllers/admin/module_apps_controller.rb
new file mode 100644
index 0000000..08fc64b
--- /dev/null
+++ b/app/controllers/admin/module_apps_controller.rb
@@ -0,0 +1,26 @@
+class Admin::ModuleAppsController < OrbitAdminController
+  before_action :check_auth 
+  include AdminHelper
+
+  def index
+  	@module_app = ModuleApp.find params[:module_app_id]
+    @managers = Authorization.module_authorized_users(@module_app)
+  end
+
+  def check_auth
+  	unless (is_admin? || is_manager?) 
+  	  flash[:error] = "unauthorized access"
+  	  if request.env["HTTP_REFERER"]
+        redirect_to :back
+      else
+        render 'public/403.html', :status => 403, :layout => false)
+      end
+      false
+    end
+  end
+
+  def setting
+  	@sys_users = User.not_admins
+  	@module_app = ModuleApp.find(params[:module_app_id])
+  end
+end
diff --git a/app/controllers/concerns/authorize.rb b/app/controllers/concerns/authorize.rb
new file mode 100644
index 0000000..06e3c8a
--- /dev/null
+++ b/app/controllers/concerns/authorize.rb
@@ -0,0 +1,29 @@
+module Authorize
+	extend ActiveSupport::Concern
+
+    	protected 
+
+		def open_for_admin
+			if current_user.is_admin?
+				"Authorized"
+			else
+				render "public/404" , layout: "back_end"
+			end
+		end
+
+		def open_for_manager
+			if ((@module_authorized_users.include?(current_user.id) && current_user.is_manager?(@module_app)) || current_user.is_admin?)
+				"Authorized"
+			else
+				render "public/404" , layout: "back_end"
+			end
+		end
+
+		private
+
+		def set_variables(module_app)
+			@module_app = ModuleApp.find_by(key: module_app)
+			@categories = @module_app.categories
+			@module_authorized_users = Authorization.module_authorized_users(@module_app).pluck(:user_id) rescue nil
+		end
+end
\ No newline at end of file
diff --git a/app/controllers/orbit_admin_controller.rb b/app/controllers/orbit_admin_controller.rb
index de52542..c5b11a2 100644
--- a/app/controllers/orbit_admin_controller.rb
+++ b/app/controllers/orbit_admin_controller.rb
@@ -1,4 +1,7 @@
 class OrbitAdminController < ApplicationController  
+  include OrbitCoreLib::Authorize
+  include OrbitCoreLib::PermissionUtility
+  include Authorize
   before_action :authenticate_user
   layout "back_end"
 end
diff --git a/app/controllers/orbit_member_controller.rb b/app/controllers/orbit_member_controller.rb
new file mode 100644
index 0000000..380d8bc
--- /dev/null
+++ b/app/controllers/orbit_member_controller.rb
@@ -0,0 +1,7 @@
+class OrbitMemberController < ApplicationController
+  include Authorize
+  include AdminHelper
+  include ApplicationHelper
+    
+  layout "member"
+end
diff --git a/app/helpers/admin/authorizations_helper.rb b/app/helpers/admin/authorizations_helper.rb
new file mode 100644
index 0000000..314abcf
--- /dev/null
+++ b/app/helpers/admin/authorizations_helper.rb
@@ -0,0 +1,2 @@
+module Admin::AuthorizationsHelper
+end
diff --git a/app/helpers/admin/members_helper.rb b/app/helpers/admin/members_helper.rb
new file mode 100644
index 0000000..81c843b
--- /dev/null
+++ b/app/helpers/admin/members_helper.rb
@@ -0,0 +1,2 @@
+module Admin::MembersHelper
+end
diff --git a/app/helpers/admin/module_apps_helper.rb b/app/helpers/admin/module_apps_helper.rb
new file mode 100644
index 0000000..9c73da9
--- /dev/null
+++ b/app/helpers/admin/module_apps_helper.rb
@@ -0,0 +1,2 @@
+module Admin::ModuleAppsHelper
+end
diff --git a/app/helpers/admin_helper.rb b/app/helpers/admin_helper.rb
new file mode 100644
index 0000000..e57690e
--- /dev/null
+++ b/app/helpers/admin_helper.rb
@@ -0,0 +1,34 @@
+module AdminHelper
+  
+  # Check if the current_user is manager in current module app
+  def is_manager?
+    (@current_user.is_manager?(@module_app) rescue nil) || is_admin?
+  end
+
+  # Check if the current_user is sub manager in current module app
+  def is_sub_manager?
+    (@current_user.is_sub_manager?(@module_app) rescue nil) || is_admin?
+  end
+  
+  def is_admin?
+    @current_user.is_admin? rescue false
+  end
+
+  def is_member?
+    if (@current_user rescue false)
+      return true
+    end
+    return false
+  end
+
+  def get_user_module_role(user)
+    if user.is_admin?
+      t(:admin)
+    elsif user.is_manager?(@module_app)
+      t(:manager)
+    elsif user.is_sub_manager?
+      t(:sub_manager)
+    end
+  end
+
+end
\ No newline at end of file
diff --git a/app/models/authorization.rb b/app/models/authorization.rb
new file mode 100644
index 0000000..22e0673
--- /dev/null
+++ b/app/models/authorization.rb
@@ -0,0 +1,29 @@
+class Authorization
+  include Mongoid::Document
+
+  belongs_to :module_app
+  belongs_to :user
+  belongs_to :category
+  belongs_to :workgroup
+  belongs_to :role
+
+  scope :module_authorized_users, ->(module_app){ where(module_app_id: module_app) }
+  scope :category_authorized_users, ->(category){ where(category_id: category) }
+
+  def self.create_authorization(module_app_id=nil,category_id=nil,user_id,type)
+  	user = User.find(user_id)
+  	if user.is_admin?
+  	elsif user.workgroup.nil?
+  		if type == "module_authorization"
+  			workgroup = Workgroup.find_by(key: "managers")
+  			user.update_attributes(workgroup_id: workgroup.id)
+        a = self.new(module_app_id: module_app_id, user_id: user_id, workgroup_id: workgroup.id)
+        a.save
+  		elsif type == "category_authorization"
+  			self.create(category_id: category_id, user_id: user_id )
+  			workgroup = Workgroup.find_by(key: "sub_managers")
+  			user.update_attributes(workgroup_id: workgroup.id)
+  		end
+  	end
+  end
+end
diff --git a/app/models/category.rb b/app/models/category.rb
index a4e94c5..86211bb 100644
--- a/app/models/category.rb
+++ b/app/models/category.rb
@@ -6,6 +6,11 @@ class Category
   field :title, localize: true
 
   belongs_to :module_app
+  has_many :authorizations
 
   scope :enabled, ->{ where(:disable.in => [false, nil, ''])}
+
+  def category_sub_managers
+    Authorization.category_authorized_users(self).pluck(:user_id)
+  end
 end
diff --git a/app/models/member_profile.rb b/app/models/member_profile.rb
new file mode 100644
index 0000000..0113887
--- /dev/null
+++ b/app/models/member_profile.rb
@@ -0,0 +1,15 @@
+class MemberProfile
+  include Mongoid::Document
+  field :first_name, type: String, localize: true
+  field :last_name, type: String, localize: true
+  field :gender
+
+  has_one :user
+  has_and_belongs_to_many :roles
+
+  mount_uploader :avatar, AvatarUploader
+
+  def name
+  	"#{self.first_name} #{self.last_name}"
+  end
+end
diff --git a/app/models/module_app.rb b/app/models/module_app.rb
index 45c85e4..6c65010 100644
--- a/app/models/module_app.rb
+++ b/app/models/module_app.rb
@@ -6,14 +6,19 @@ class ModuleApp
   field :key, type: String
   field :taggable, type: Boolean, default: false
   field :categorizable, type: Boolean, default: false
+  field :authorizable, type: Boolean, default: false
   field :sidebar_order,type: Integer,default: 0
+  field :authorizable_models, type: Array
   
   has_many :categories, dependent: :destroy, :autosave => true
   has_and_belongs_to_many :tags, dependent: :destroy, :autosave => true
+  has_many :authorizations
 
   def refetch_setting!(reg)
     self[:taggable] = reg.is_taggable
     self[:categorizable] = reg.is_categorizable
+    self[:authorizable] = reg.is_authorizable
+    self[:authorizable_models] = reg.get_authorizable_models
   end
 
   def get_registration
@@ -48,4 +53,22 @@ class ModuleApp
   def categorizable
     get_registration.is_categorizable
   end
+
+   def user_can_manage?
+    self.workgroup.key.eql?("manager")
+  end
+  
+  def authorizable
+    get_registration.is_authorizable
+  end
+
+  def user_module_managers
+    Authorization.module_authorized_users(self).pluck(:user_id)
+  end
+
+  def role_module_managers
+    users = Authorization.module_authorized_users(self).pluck(:user_id)
+    roles = Authorization.module_authorized_users(self).pluck(:role_id)
+    users + roles
+  end
 end
diff --git a/app/models/role.rb b/app/models/role.rb
new file mode 100644
index 0000000..99bd231
--- /dev/null
+++ b/app/models/role.rb
@@ -0,0 +1,8 @@
+class Role
+  include Mongoid::Document
+  field :key, type: String
+  field :title, type: String, localize: true
+
+  has_and_belongs_to_many :member_profiles
+  has_many :authorizations
+end
diff --git a/app/models/site.rb b/app/models/site.rb
index a081b48..63135ab 100644
--- a/app/models/site.rb
+++ b/app/models/site.rb
@@ -37,4 +37,6 @@ class Site
     I18n.locale = :en
     title.parameterize
   end
+
+  mount_uploader :default_image, ImageUploader
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index fa69d5a..2d49f44 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -10,9 +10,50 @@ class User
 
   has_secure_password
 
+  belongs_to :workgroup
+  has_many :authorizations
+  belongs_to :member_profile
+
   VALID_EMAIL_FORMAT = /\A[^@\s]+@([^@.\s]+\.)+[^@.\s]+\z/
 
   validates :user_name, presence: true, uniqueness: true
   validates :password, presence: true, :on => :create, length: {:in => 8..20}
   validates :email, presence: true, uniqueness: true, format: { with: VALID_EMAIL_FORMAT }
+
+  def is_admin?
+    if (self.workgroup.present? && self.workgroup.key.eql?("admin"))
+      true
+    else
+      false
+    end
+  end
+
+  def is_manager?(module_app)
+    if ((module_app.user_module_managers.include?(self.id) rescue nil) && (!self.is_admin?))
+      true
+    else
+      false
+    end
+  end
+  
+  def is_sub_manager?(module_app)
+    module_app_categories = module_app.categories.map {|c| c.id} rescue nil
+    authorized_categories = self.authorizations.map {|a| a.category.id if (a.category.present? && a.workgroup.key.eql?("sub_managers"))}
+    intersection = (module_app_categories & authorized_categories)
+
+    if ((intersection.count > 0 if intersection.present?) && !self.is_admin? && !self.is_manager?(module_app))
+      true
+    else
+      false
+    end
+  end
+
+  def is_authorized_with_role?(module_app)
+  end
+
+  def self.not_admins
+    workgroup = Workgroup.find_by(key: "admin")
+    self.where(:workgroup_id.ne => workgroup.id) 
+  end
+
 end
diff --git a/app/models/workgroup.rb b/app/models/workgroup.rb
new file mode 100644
index 0000000..3351dbd
--- /dev/null
+++ b/app/models/workgroup.rb
@@ -0,0 +1,10 @@
+class Workgroup
+  include Mongoid::Document
+  include Mongoid::Timestamps
+
+  field :key, type: String
+  field :title, type: String
+
+  has_many :authorizations
+  has_many :users
+end
diff --git a/app/uploaders/avatar_uploader.rb b/app/uploaders/avatar_uploader.rb
new file mode 100644
index 0000000..e291b43
--- /dev/null
+++ b/app/uploaders/avatar_uploader.rb
@@ -0,0 +1,65 @@
+# encoding: utf-8
+require 'carrierwave/processing/mime_types'
+
+class AvatarUploader < CarrierWave::Uploader::Base
+
+  # Include RMagick or MiniMagick support:
+  # include CarrierWave::RMagick
+  # include CarrierWave::MiniMagick
+  include CarrierWave::MiniMagick
+  include CarrierWave::MimeTypes
+
+  process :set_content_type
+  # Choose what kind of storage to use for this uploader:
+  storage :file
+  # storage :fog
+
+  # Override the directory where uploaded files will be stored.
+  # This is a sensible default for uploaders that are meant to be mounted:
+  def store_dir
+    "uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
+  end
+
+  # Provide a default URL as a default if there hasn't been a file uploaded:
+  # def default_url
+  #   # For Rails 3.1+ asset pipeline compatibility:
+  #   # ActionController::Base.helpers.asset_path("fallback/" + [version_name, "default.png"].compact.join('_'))
+  #
+  #   "/images/fallback/" + [version_name, "default.png"].compact.join('_')
+  # end
+
+  def default_url
+    [version_name, (Site.first.default_image.file.url rescue "person.png")].compact.join('_')
+  end
+
+  # Process files as they are uploaded:
+  # process :scale => [200, 300]
+  #
+  # def scale(width, height)
+  #   # do something
+  # end
+
+  # Create different versions of your uploaded files:
+  # version :thumb do
+  #   process :resize_to_fit => [50, 50]
+  # end
+  version :thumb do
+    process :resize_to_fit => [200, 200]
+  end
+
+  # Add a white list of extensions which are allowed to be uploaded.
+  # For images you might use something like this:
+  def extension_white_list
+    %w(jpg jpeg gif png)
+  end
+
+  # Override the filename of the uploaded files:
+  # Avoid using model.id or version_name here, see uploader/store.rb for details.
+  # def filename
+  #   "something.jpg" if original_filename
+  # end
+  def cache_dir
+    "#{Rails.root}/tmp/uploads"
+  end
+
+end
diff --git a/app/views/admin/authorizations/_user.html.erb b/app/views/admin/authorizations/_user.html.erb
new file mode 100644
index 0000000..0f081fa
--- /dev/null
+++ b/app/views/admin/authorizations/_user.html.erb
@@ -0,0 +1,16 @@
+<% if user.user.present?%>
+<li class="filter-item selected_user <%= 'check-item' unless user == current_user || user.user.is_admin? %>" id="<%= user.user.id %>">
+  <label>
+    <%= image_tag (user.user.member_profile.avatar? ? user.user.member_profile.avatar.thumb : 'menber-pic.png'), :class => "user-pic" %>
+    <span class="user-name"><%= user.user.member_profile.name %></span>
+    <% if user.user.is_admin?%>
+    	<span>Admin</span>
+	<% else %> 
+    	<span><%= user.workgroup.title.singularize if user.workgroup %></span>
+    <% end %>
+  </label>
+  <% unless user == current_user || user.user.is_admin? %>
+  	<input type="checkbox">
+  <% end %>
+</li>
+<% end %>
\ No newline at end of file
diff --git a/app/views/admin/authorizations/index.html.erb b/app/views/admin/authorizations/index.html.erb
new file mode 100644
index 0000000..cabf858
--- /dev/null
+++ b/app/views/admin/authorizations/index.html.erb
@@ -0,0 +1,38 @@
+<div class="mini-layout row-fluid">
+  <div class="mini-layout-sidebar span2">
+    <div class="nano">
+      <div class="content">
+        <ul class="nav nav-pills nav-stacked">
+          <% @module_apps.each do |module_app| %>
+            <li class="<%= @module_app == module_app ? 'active' : '' %>">
+              <%= link_to content_tag(:i, nil, class: (module_app.get_registration.get_icon_class rescue nil)) + ' ' + module_app.title, admin_authorizations_path(module_app.key, (@type if (@type && module_app.authorizable_models.include?(@type.camelize)))) %>
+            </li>
+          <% end %>
+        </ul>
+      </div>
+    </div>
+  </div>
+
+  <div class="mini-layout-body span10">
+   <%= link_to t(:module_authorization), admin_authorizations_path(@module_app.key) if @module_app.authorizable %>
+    <% @module_app.authorizable_models.each do |authorizable_model| %>
+      <%= link_to (authorizable_model.eql?('Category') ? t(:category_auth) : "#{authorizable_model.underscore.humanize.capitalize} #{t(:authorization_)}"), admin_authorizations_path(@module_app.key, type: "#{authorizable_model.underscore}_authorization") %>
+    <% end %>
+    <% if @error %>
+      <%= @error %>
+    <% else %>
+      <%= select_tag @type.underscore.humanize, options_from_collection_for_select(@objects, "id", "title", @object.id), :onchange => "window.location.href = '/admin/authorizations/'+'#{@module_app.key}/#{@type}/'+$(this).val();" if @objects %>
+      <ul id="card-list" class="checkbox-card clearfix">
+        <%= render partial: 'user', collection: @authorizations %>
+      </ul>
+    <% end %>
+  </div>
+</div>
+
+<!-- footer -->
+<div class="bottomnav clearfix">
+  <div class="action pull-right">
+    <%= link_to content_tag(:i, nil, class: "icons-plus") + ' ' + t(:add), '#', class: 'btn btn-primary select_user_modal', rel: admin_modal_select_authorizations_path(@module_app.key, @type, @object) %>
+    <%= link_to content_tag(:i, nil, class: "icon-trash") + ' ' + t(:delete_), '#', id: 'remove_users', class: 'btn btn-danger' %>
+  </div>
+</div>
diff --git a/app/views/admin/authorizations/modal_select.js.erb b/app/views/admin/authorizations/modal_select.js.erb
new file mode 100644
index 0000000..fe82819
--- /dev/null
+++ b/app/views/admin/authorizations/modal_select.js.erb
@@ -0,0 +1,2 @@
+$("#select_user").html("<%= j render partial: 'admin/member_selects/modal_select', locals: {role_form_url: admin_add_roles_authorizations_path(@module_app.key, @type, @object_id), user_form_url: admin_add_users_authorizations_path(@module_app.key, @type, @object_id)} %>");
+$("#member-filter").modal();
\ No newline at end of file
diff --git a/app/views/admin/authorizations/unauthorized.html.erb b/app/views/admin/authorizations/unauthorized.html.erb
new file mode 100644
index 0000000..bb7da83
--- /dev/null
+++ b/app/views/admin/authorizations/unauthorized.html.erb
@@ -0,0 +1 @@
+<p>Aww Snap! You are not allowed to access this page!</p>
\ No newline at end of file
diff --git a/app/views/admin/member_selects/_modal_select.html.erb b/app/views/admin/member_selects/_modal_select.html.erb
new file mode 100644
index 0000000..e8d14e7
--- /dev/null
+++ b/app/views/admin/member_selects/_modal_select.html.erb
@@ -0,0 +1,80 @@
+<div id="member-filter" class="modal hide fade">
+  <div class="modal-header">
+    <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
+    <h3><%= t('list.user') %></h3>
+  </div>
+  <div class="modal-body">
+    <div class="tabbable tabs-left">
+      <div class="nano">
+        <div class="content">
+          <ul class="nav nav-pills nav-stacked">
+            <li class="active"><a href="#all" data-toggle="tab"><%= t('list.role') %></a></li>
+            <% @sorted_users.each_key do |role| %>
+              <li class=""><a href="#r_<%= role.id %>" data-toggle="tab"><%= role.title %></a></li>
+            <% end %>
+          </ul>
+        </div>
+      </div>
+      <div class="tab-content">
+        <div class="tab-pane fade in active" id="all">
+          <%= form_tag role_form_url, remote: true do %>
+            <fieldset>
+              <% @sorted_users.each_key do |role| %>
+                <label class="checkbox inline">
+                  <%= check_box_tag 'role_ids[]', role.id , false %> <%= role.title %>
+                </label>
+              <% end %>
+            </fieldset>
+            <div class="form-actions">
+              <button type="button" class="btn" data-dismiss="modal"><%= t(:cancel) %></button>
+              <%= submit_tag t(:submit), class: "btn btn-primary" %>
+              <%= hidden_field_tag field, @field %>              
+            </div>
+          <% end %>
+        </div>
+        <% @sorted_users.each do |role, users| %>
+          <div class="tab-pane fade" id="r_<%= role.id %>">
+            <%= form_tag user_form_url, remote: true do %>
+              <fieldset class="clearfix">
+                <div class="member-filter-result nano">
+                  <div class="content">
+                    <ul class="checkbox-card clearfix">
+                      <% users.each do |user| %>
+                        <li class="check-item">
+                          <label>
+                            <%= image_tag (user.avatar.file ? user.avatar : "menber-pic.png"), class: "user-pic" %>
+                            <span class="user-name"><%= user.name %></span>
+                          </label>
+                          <%= check_box_tag 'user_ids[]', user.id , false %>
+                        </li>
+                      <% end %>
+                    </ul>
+                  </div>
+                </div>
+                <div class="form-actions condition">
+                  <button type="button" class="btn" data-dismiss="modal"><%= t(:cancel) %></button>
+                  <%= submit_tag t(:submit), class: "btn btn-primary" %>
+                  <%= hidden_field_tag field, @field %>                  
+                </div>
+              </fieldset>
+            <% end %>
+          </div>
+        <% end %>
+      </div>
+    </div>
+  </div>
+</div>
+
+
+<script type="text/javascript">
+  $(document).ready(function() {
+    $(".modal").on("hidden", function () {
+      $("#select_user").remove();
+    });
+    $('#member-filter').on('shown', function() {
+      $('#member-filter').off('shown')
+      $(this).find('.nano').nanoScroller({ scrollTop: 0, iOSNativeScrolling: true });
+      $(this).find('.checkbox-card').cardCheck();
+    });
+  });
+</script>
\ No newline at end of file
diff --git a/app/views/admin/members/_clear_filters.html.erb b/app/views/admin/members/_clear_filters.html.erb
new file mode 100644
index 0000000..d8ff178
--- /dev/null
+++ b/app/views/admin/members/_clear_filters.html.erb
@@ -0,0 +1,3 @@
+<div class="filter-clear">
+  <%= link_to content_tag(:i, nil, :class => 'icons-cycle') + t(:clear), url_for(:filter => @filter, :sort => params[:sort], :direction => params[:direction], :clear => true, :type => type), :class => "btn btn-link btn-small" %>
+</div>
\ No newline at end of file
diff --git a/app/views/admin/members/_filter.html.erb b/app/views/admin/members/_filter.html.erb
new file mode 100644
index 0000000..93f395f
--- /dev/null
+++ b/app/views/admin/members/_filter.html.erb
@@ -0,0 +1,7 @@
+<div class="accordion-inner pagination-right" data-toggle="buttons-checkbox">     
+  <% @roles.each do |role| %>
+    <%#= link_to role.title, url_for(:filter => @filter, :new_filter => {:type => 'role', :id => role.id}, :sort => params[:sort], :direction => params[:direction], :sort_options => params[:sort_options]), :class => "btn btn-small #{is_filter_active?('role', role.id)}" %>
+    <%= link_to role.title, url_for(:at=>params[:at],:filter => @filter, :new_filter => {:type => 'role', :id => role.id}, :sort => params[:sort], :direction => params[:direction], :sort_options => params[:sort_options]), :class => "btn btn-small #{' active' if (@filter['role'].include?(role.id) rescue nil)}" %>
+  <% end %> 
+
+  <%= render :partial => 'clear_filters', :locals => {:type => 'role'} %>
\ No newline at end of file
diff --git a/app/views/admin/members/_member_for_listing.html.erb b/app/views/admin/members/_member_for_listing.html.erb
new file mode 100644
index 0000000..f7e3094
--- /dev/null
+++ b/app/views/admin/members/_member_for_listing.html.erb
@@ -0,0 +1,32 @@
+  <% if member_for_listing.member_profile.present?%>
+    <% 
+      if member_for_listing.member_profile.gender == 'male'
+        @member_gender = 'gender-man'
+      elsif member_for_listing.member_profile.gender == 'female'
+        @member_gender = 'gender-woman'
+      elsif member_for_listing.member_profile.gender.nil?
+        @member_gender = 'gender-none'
+      end
+    %>
+
+    <tr id="<%= dom_id member_for_listing %>">
+      <td class="<%= @member_gender %>"></td>
+      <td>
+        <% member_for_listing.member_profile.roles.each do |rf| %>
+        <% @roledata = Role.find(rf.id) %>
+        <span class="label label-info"><%= @roledata.title %></span>
+        <% end %>
+      </td>
+      <td>
+        <%= link_to (member_for_listing.member_profile.name && member_for_listing.member_profile.name != member_for_listing.email ? member_for_listing.member_profile.name : member_for_listing.id),admin_members_path(member_for_listing) %>
+        <div class="quick-edit">
+          <ul class="nav nav-pills">
+            <%= content_tag(:li, link_to(t(:edit),edit_admin_users_new_interface_path(member_for_listing))) if is_admin? %>
+            <%= content_tag(:li, link_to(t("users.setting_privilege"),admin_users_new_interface_edit_privilege_path(member_for_listing))) if is_admin? and current_user.id != member_for_listing.id %>
+            <%= content_tag(:li, link_to(t(:delete_),admin_users_new_interface_path(member_for_listing, :at=>params[:at]), :confirm => t(:sure?), :method => :delete, :class=>"text-error", :remote => true)) if is_admin? %>
+          </ul>
+        </div>
+      </td>
+      <td><%= member_for_listing.email %></td>
+    </tr>
+<% end %>
\ No newline at end of file
diff --git a/app/views/admin/members/_side_bar.html.erb b/app/views/admin/members/_side_bar.html.erb
new file mode 100644
index 0000000..f36436b
--- /dev/null
+++ b/app/views/admin/members/_side_bar.html.erb
@@ -0,0 +1,55 @@
+<nav id="sidebar">
+  <h2 class="position">
+    <%#= link_to content_tag(:i, nil, :class => "icons-users"), admin_site_site_info_path(@site) %>
+    <%= content_tag(:i, nil, :class => "icons-users") %>
+  </h2>
+  <div id="sidebar-menu">
+    <div class="scroller">
+      <%= content_tag :ul, :class => "sidebar-nav" do -%>
+        <%= content_tag :li, :class => active_for_controllers('users_new_interface','roles') do -%>
+          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-user'))), admin_members_path) %>
+        <% end -%>
+        <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
+          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-graduation')))) %>
+        <% end -%>
+        <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
+          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-pie'))), '#') %>
+        <% end -%>
+        <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
+          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-layout'))), '#') %>
+        <% end -%>
+      <% end -%>
+    </div>
+    <div class="sub-nav-arrow"></div>
+  </div>
+  <div class="sub-nav-block-list">
+    <div class="sub-nav-block" data-icons="&#xe00d;">
+      <h4><%= t(:member_) %></h4>
+      <%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('users_new_interface', 'roles', 'role_statuses', 'role_categorys','infos','plugins')) do -%>
+        <%= content_tag :li, link_to((content_tag(:span, t(:all_member))), admin_members_path), :class => active_for_action('users_new_interface', 'index') %>
+        <%= content_tag :li, link_to((content_tag(:span, t(:add_member))), new_member_path), :class => active_for_action('users_new_interface', 'new') if (is_admin? rescue nil) %>
+        <%= content_tag :li, link_to((content_tag(:span, t(:member_authorization))), '#'), :class => active_for_action('users_new_interfacexx', 'index')  if (is_admin? rescue nil) %>
+        <%= content_tag :li, link_to((content_tag(:span, t(:member_registration)) + (User.not_guest_and_approved_user.count > 0 ? content_tag(:span,"(#{User.not_guest_and_approved_user.count})",:style=>"margin-left:3px;", :id=>"registration_count") : ""))), :class => active_for_action('users_new_interface', 'registration_approval')  if (is_admin? rescue nil) %>
+        <%= content_tag :li, link_to((content_tag(:span, t(:member_role))),admin_roles_path ), :class => active_for_action('roles', 'index')  if (is_admin? rescue nil) %>
+        <%= content_tag :li, link_to((content_tag(:span, t(:member_info))), edit_admin_info_path(Info.first.id.to_s)), :class => active_for_action('users_new_interfacexx', 'index') if (is_admin? rescue nil) and Info.first %>
+      <% end -%>
+    </div>
+    <div class="sub-nav-block" data-icons="&#xe070;">
+      <h4><%= t(:academic_info) %></h4>
+      <%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('users_new_interface', 'roles', 'role_statuses', 'role_categorys','infos','plugins')) do -%>
+        <%= content_tag :li, link_to((content_tag(:span, t(:list_)))), :class => active_for_action('users_new_interface', 'index') %>
+      <% end -%>
+    </div>
+    <div class="sub-nav-block" data-icons="&#xe070;">
+      <h4><%= t(:analysis) %></h4>
+      <%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('users_new_interface', 'roles', 'role_statuses', 'role_categorys','infos','plugins')) do -%>
+      <% end -%>
+    </div>
+    <div class="sub-nav-block" data-icons="&#xe070;">
+      <h4><%= t(:groups) %></h4>
+      <%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('users_new_interface', 'roles', 'role_statuses', 'role_categorys','infos','plugins')) do -%>
+      <% end -%>
+    </div>
+  </div>
+</nav>
+
diff --git a/app/views/admin/members/index.html.erb b/app/views/admin/members/index.html.erb
new file mode 100644
index 0000000..30630e0
--- /dev/null
+++ b/app/views/admin/members/index.html.erb
@@ -0,0 +1,53 @@
+<% content_for :side_bar do %>
+  <%= render :partial => 'admin/members/side_bar' %>
+<% end %>
+
+<% content_for :right_nav do %>
+
+  <div class="searchClear pull-left" style="clear: left;">
+    <form action="" method="get">
+      <%= text_field_tag 'mq',( params[:mq] ? params[:mq] : '' ), {:id=>'filter-input', :class => "search-query input-medium", :placeholder => 'Search'} %>
+    </form>
+  </div>
+  <div class="view-switch pull-right" data-toggle="buttons-radio">
+
+    <form action="" method="get" class="btn-group">
+      <button class="btn btn-small <%= "active" if params[:at].blank? %>"><i class="icon-list"></i> <%= t("show_mode.index")%></button>
+      <button name="at" value="summary" class="btn btn-small <%= "active" if params[:at] == "summary" %>"><i class="icon-th-list"></i> <%= t("show_mode.summary")%></button>
+      <button name="at" value="thumbnail" class="btn btn-small <%= "active" if params[:at] == "thumbnail" %>"><i class="icon-th"></i> <%= t("show_mode.thumbnail")%></button>
+    </form>
+
+  </div>
+  <ul class="nav nav-pills filter-nav pull-right">
+    <li class="accordion-group">
+      <div class="accordion-heading">
+        <a href="#collapse-role" data-toggle="collapse" data-parent="#filter" class="accordion-toggle">Roles</a>
+      </div>
+    </li>
+  </ul>
+  <div class="filter-group accordion-group">
+    <div class="accordion-body collapse" id="collapse-role">
+
+    <%= render :partial => "filter"%>
+
+    </div>
+  </div>
+  
+<% end %>
+
+
+<div id="list-view">
+  <table id="member-list" class="table main-list">
+    <thead>
+      <tr class="sort-header">
+        <th class="gender"></th>
+        <th class="span3"><a href="#"><%= t('roles') %></a></th>
+        <th class="span4"><a href="#"><%= t('name') %></a></th>
+        <th><a href="#"><%= t('email') %></a></th>
+      </tr>
+    </thead>
+    <tbody>
+      <%= render :partial => "member_for_listing",:collection=> @users%>
+    </tbody>
+  </table>
+</div>
\ No newline at end of file
diff --git a/app/views/admin/module_apps/_side_bar.html.erb b/app/views/admin/module_apps/_side_bar.html.erb
new file mode 100644
index 0000000..500179d
--- /dev/null
+++ b/app/views/admin/module_apps/_side_bar.html.erb
@@ -0,0 +1,55 @@
+<nav id="sidebar">
+  <h2 class="position">
+    <%#= link_to content_tag(:i, nil, :class => "icons-users"), admin_site_site_info_path(@site) %>
+    <%= content_tag(:i, nil, :class => "icons-users") %>
+  </h2>
+  <div id="sidebar-menu">
+    <div class="scroller">
+      <%= content_tag :ul, :class => "sidebar-nav" do -%>
+        <%= content_tag :li, :class => active_for_controllers('users_new_interface','roles') do -%>
+          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-user'))), admin_users_new_interface_index_path) %>
+        <% end -%>
+        <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
+          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-graduation'))), admin_plugins_path) %>
+        <% end -%>
+        <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
+          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-pie'))), '#') %>
+        <% end -%>
+        <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
+          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-layout'))), '#') %>
+        <% end -%>
+      <% end -%>
+    </div>
+    <div class="sub-nav-arrow"></div>
+  </div>
+  <div class="sub-nav-block-list">
+    <div class="sub-nav-block" data-icons="&#xe00d;">
+      <h4><%= t(:member_) %></h4>
+      <%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('users_new_interface', 'roles', 'role_statuses', 'role_categorys','infos','plugins')) do -%>
+        <%= content_tag :li, link_to((content_tag(:span, t(:all_member))), admin_users_new_interface_index_path), :class => active_for_action('users_new_interface', 'index') %>
+        <%= content_tag :li, link_to((content_tag(:span, t(:add_member))), new_admin_users_new_interface_path), :class => active_for_action('users_new_interface', 'new') if (is_admin? rescue nil) %>
+        <%= content_tag :li, link_to((content_tag(:span, t(:member_authorization))), '#'), :class => active_for_action('users_new_interfacexx', 'index')  if (is_admin? rescue nil) %>
+        <%= content_tag :li, link_to((content_tag(:span, t(:member_registration)) + (User.not_guest_and_approved_user.count > 0 ? content_tag(:span,"(#{User.not_guest_and_approved_user.count})",:style=>"margin-left:3px;", :id=>"registration_count") : "")), admin_users_new_interface_registration_approval_path), :class => active_for_action('users_new_interface', 'registration_approval')  if (is_admin? rescue nil) %>
+        <%= content_tag :li, link_to((content_tag(:span, t(:member_role))),admin_roles_path ), :class => active_for_action('roles', 'index')  if (is_admin? rescue nil) %>
+        <%= content_tag :li, link_to((content_tag(:span, t(:member_info))), edit_admin_info_path(Info.first.id.to_s)), :class => active_for_action('users_new_interfacexx', 'index') if (is_admin? rescue nil) and Info.first %>
+      <% end -%>
+    </div>
+    <div class="sub-nav-block" data-icons="&#xe070;">
+      <h4><%= t(:academic_info) %></h4>
+      <%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('users_new_interface', 'roles', 'role_statuses', 'role_categorys','infos','plugins')) do -%>
+        <%= content_tag :li, link_to((content_tag(:span, t(:list_))), admin_plugins_path), :class => active_for_action('users_new_interface', 'index') %>
+      <% end -%>
+    </div>
+    <div class="sub-nav-block" data-icons="&#xe070;">
+      <h4><%= t(:analysis) %></h4>
+      <%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('users_new_interface', 'roles', 'role_statuses', 'role_categorys','infos','plugins')) do -%>
+      <% end -%>
+    </div>
+    <div class="sub-nav-block" data-icons="&#xe070;">
+      <h4><%= t(:groups) %></h4>
+      <%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('users_new_interface', 'roles', 'role_statuses', 'role_categorys','infos','plugins')) do -%>
+      <% end -%>
+    </div>
+  </div>
+</nav>
+
diff --git a/app/views/admin/module_apps/index.html.erb b/app/views/admin/module_apps/index.html.erb
new file mode 100644
index 0000000..22ad012
--- /dev/null
+++ b/app/views/admin/module_apps/index.html.erb
@@ -0,0 +1,2 @@
+<h1>Admin::ModuleApps#index</h1>
+<p>Find me in app/views/admin/module_apps/index.html.erb</p>
diff --git a/app/views/layouts/_left_menu.html.erb b/app/views/layouts/_left_menu.html.erb
index d3ad656..17b7178 100644
--- a/app/views/layouts/_left_menu.html.erb
+++ b/app/views/layouts/_left_menu.html.erb
@@ -5,9 +5,11 @@
     <a class="orbitlogo" href="<%= admin_dashboards_path %>" role="button" class="dropdown-toggle" data-toggle="dropdown" title="<%= t('dashboard_')%>"></a>
     <ul class="dropdown-menu" role="menu" aria-labelledby="orbit-start">
       <li><%= link_to content_tag(:i, nil, :class => 'icons-gauge') + ' ' + t(:dashboard_), admin_dashboards_path, tabindex: '-1' %></li>
-      <li><%= link_to content_tag(:i, nil, :class => 'icons-users') + ' ' + t(:member_), tabindex: '-1' %></li>
+      <li><%= link_to content_tag(:i, nil, :class => 'icons-users') + ' ' + t(:member_), admin_members_path, tabindex: '-1' %></li>
+      <% if (current_user.present? && current_user.workgroup.present? && current_user.is_admin?) %>
         <li class="divider"></li>
         <li><%= link_to content_tag(:i, nil, :class => 'icons-cog') + ' ' + t('site.settings'), admin_items_path, tabindex: '-1' %></li>
+      <% end%>
     </ul>
   </li>
 
diff --git a/app/views/layouts/_right_menu.html.erb b/app/views/layouts/_right_menu.html.erb
index b0c7953..b541b67 100644
--- a/app/views/layouts/_right_menu.html.erb
+++ b/app/views/layouts/_right_menu.html.erb
@@ -22,7 +22,11 @@
       <li id="orbit-user" class="dropdown">
         <a href="#" role="button" class="dropdown-toggle" data-toggle="dropdown">
           <%= image_tag 'menber-pic.png', class: "user-pic" %>
+          <% if current_user.member_profile.present?%>
+            <span><%= current_user.member_profile.name %></span>
+          <% else %>
             <span><%= current_user.user_name %></span>
+          <% end %>          
         </a>
         <ul class="dropdown-menu" role="menu" aria-labelledby="orbit-user">
           <li><%= link_to content_tag(:i, nil, class: 'icons-tools') + ' ' +  t("users.change_passwd"), tabindex: '-1' %></li>
diff --git a/app/views/layouts/_side_bar_content.html.erb b/app/views/layouts/_side_bar_content.html.erb
index c0796fa..b2756de 100644
--- a/app/views/layouts/_side_bar_content.html.erb
+++ b/app/views/layouts/_side_bar_content.html.erb
@@ -2,7 +2,7 @@
 	<div class="scroller">
 	  <ul class="sidebar-nav">
 	    <% OrbitApp::Module::SideBarRegistration.all.sort{|x,y| x.get_module_app_key <=> y.get_module_app_key}.each do |t| %>
-	      <%= t.render_head(request, params, @module_app) %>
+	      <%= t.render_head(request, params, current_user, @module_app) %>
  	    <% end %>
 	  </ul>
 	</div>
@@ -11,6 +11,6 @@
 
 <div class="sub-nav-block-list">
   <% OrbitApp::Module::SideBarRegistration.all.sort{|x,y| x.get_module_app_key <=> y.get_module_app_key}.each do |t| %>
-    <%= t.render(request, params, @module_app) %>
+    <%= t.render(request, params, current_user, @module_app) %>
  <% end %>
 </div>
\ No newline at end of file
diff --git a/app/views/layouts/member.html.erb b/app/views/layouts/member.html.erb
new file mode 100644
index 0000000..bddf396
--- /dev/null
+++ b/app/views/layouts/member.html.erb
@@ -0,0 +1,45 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+	<title><%= current_site.title %> | <%= t('dashboard_') %></title>
+	<%= render 'shared/meta' %>
+	<%= render 'shared/google_font' %>
+	<%= stylesheet_link_tag "member" %>
+	<%= stylesheet_link_tag params[:controller] %>
+  <%= yield :page_specific_css %>
+	<%= render 'shared/ie_html5_fix' %>
+	<%= javascript_include_tag "member" %>
+	<%= javascript_include_tag params[:controller] %>
+	<%= yield :page_specific_javascript %>
+	<%= csrf_meta_tag %>
+</head>
+<body id="users">
+	<%= render 'layouts/orbit_bar_backend' unless @no_orbit_bar %>
+  <% if !(yield :side_bar).blank? %>
+    <%= yield :side_bar %>
+  <% else %>
+    <%= render 'layouts/side_bar' %>
+  <% end unless @no_side_bar %>
+	<section id="main-wrap">
+    <div class="wrap-inner">
+      <div id="filter" class="topnav clearfix">
+        <ul class="breadcrumb text-info pull-left">
+        <% if !@role.blank? %>
+          <li><%= link_to( t("role"), admin_roles_path ) %> <span class="divider">/</span></li>
+          <li class="active">( <%= @role.title %> ) <%= t(@app_type_name) %></a></li>
+        <% elsif !@attribute.blank? %>
+          <li><%= link_to( t("#{@attribute_type}"), admin_roles_path ) %>/</span></li>
+          <li class="active"><%= @attribute.title %></a></li>
+        <% else %>
+          <li><a href="<%= admin_members_path %>">Member</a> <span class="divider">/</span></li>
+          <li class="active">All</li>
+        <% end %>
+        </ul>
+        <%= yield :right_nav %>
+      </div>
+    	<%= yield %>
+			<%= javascript_include_tag "lib/pageslide.js" %>
+    </div>
+  </section>
+</body>
+</html>
diff --git a/built_in_extensions.rb b/built_in_extensions.rb
index 196c4af..8224157 100644
--- a/built_in_extensions.rb
+++ b/built_in_extensions.rb
@@ -1,2 +1,3 @@
-gem 'announcement', git: 'git@gitlab.tp.rulingcom.com:saurabh/announcement-test.git'
-gem 'ad_banner', git: 'git@gitlab.tp.rulingcom.com:saurabh/adbanner-test.git' 
+gem 'announcement', path: '/Users/saurabhbhatia/announcement-test'
+gem 'ad_banner', path: '/Users/saurabhbhatia/ad_banner'
+gem 'gallery', path: '/Users/saurabhbhatia/gallery'
\ No newline at end of file
diff --git a/config/initializers/authorization.rb b/config/initializers/authorization.rb
new file mode 100644
index 0000000..c51ed2a
--- /dev/null
+++ b/config/initializers/authorization.rb
@@ -0,0 +1,19 @@
+  OrbitApp.registration "Authorization", type: 'ModuleApp' do
+    module_label 'authorization.authorization'
+    base_url File.expand_path File.dirname(__FILE__) 
+
+    
+    side_bar do
+      head_label_i18n 'authorization', icon_class: "icons-lock-open"
+      available_for [:admin, :manager]
+      active_for_controllers ({public: ['admin/authorizations']})
+
+      head_link_path "admin_authorizations_path"
+      
+      context_link 'all',
+        link_path: "admin_authorizations_path",
+        priority: 1,
+        active_for_action: {authorizations: :index},
+        available_for: [:admin, :manager]
+    end
+  end
diff --git a/config/initializers/orbit_tag.rb b/config/initializers/orbit_tag.rb
index ff13b84..13475b5 100644
--- a/config/initializers/orbit_tag.rb
+++ b/config/initializers/orbit_tag.rb
@@ -1,6 +1,8 @@
   OrbitApp.registration "Tag", type: 'ModuleApp' do
     module_label 'module_name.tag'
-    base_url File.expand_path File.dirname(__FILE__)    
+    base_url File.expand_path File.dirname(__FILE__) 
+
+    authorizable   
     
     side_bar do
       head_label_i18n 'module_name.tag', icon_class: "icons-tag"
diff --git a/config/locales/en.yml b/config/locales/en.yml
index f2169be..bcb50e0 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -578,6 +578,7 @@ en:
   update_: Update
   update_at: Update at
   update_manager: Update Manager
+<<<<<<< Updated upstream
   update_manager_:
     available_updates: Available Updates 
     check_update: Check Update
@@ -598,6 +599,31 @@ en:
     time: Time
     name: Account
     page: Access Page and Action
+=======
+  locale: Locale
+  login: Login
+  logout: Logout
+  language: Language
+  dashboard_: Dashboard
+  desktop: Desktop
+  homepage: Homepage
+  password: Password
+  all: All
+  add: Add
+  new:
+    tag: New tag
+  editing:
+    tag: Editing tag
+
+  site:
+    system_preference: System Preference
+    settings: Site Settings
+
+  category_auth: Category Authorization
+  authorization: Authorization
+  module_authorization: Module Authorization
+  
+>>>>>>> Stashed changes
   users:
     admin_change_password: You cannot change your own password here!
     avatar: Profile Picture
diff --git a/config/routes.rb b/config/routes.rb
index 1c377c7..6de494a 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -32,6 +32,15 @@ Orbit::Application.routes.draw do
 
     namespace :admin do
       resources :dashboards
+      resources :members
+      resources :module_apps
+
+      get 'authorizations(/:module(/:type(/:id)))' => 'authorizations#index', :as => :authorizations
+      get 'authorizations/add_users/:module(/:type(/:id))' => 'authorizations#add_users', :as => :add_users_authorizations
+      get 'authorizations/modal_select/:module(/:type(/:id))' => 'authorizations#modal_select', :as => :modal_select_authorizations
+
+      
+      resources :authorizations
       resources :items
       resources :tags do
         collection do
diff --git a/lib/orbit_app/helper/context_link_renderer.rb b/lib/orbit_app/helper/context_link_renderer.rb
index ea57efb..ad533ec 100644
--- a/lib/orbit_app/helper/context_link_renderer.rb
+++ b/lib/orbit_app/helper/context_link_renderer.rb
@@ -1,11 +1,13 @@
 module ContextLinkRenderer
   include Renderer
 
-  def render(request,params,current_module_app,belong_module_app)
+  def render(request,params,current_module_app,current_user,belong_module_app)
     @current_module_app = current_module_app
     @belong_module_app = belong_module_app
     @request = request
     @params = params
+    @current_user = current_user
     content_tag :li, link_to(content_tag(:span, I18n.t(@label_i18n)), Rails.application.routes.url_helpers.send(@path)), :class => (active?  ? 'active' : nil) 
   end
+
 end
\ No newline at end of file
diff --git a/lib/orbit_app/helper/renderer.rb b/lib/orbit_app/helper/renderer.rb
index 62419b9..dd1ad01 100644
--- a/lib/orbit_app/helper/renderer.rb
+++ b/lib/orbit_app/helper/renderer.rb
@@ -8,6 +8,18 @@ module Renderer
   include OrbitBasis::RenderAnywhere
 
 protected
+  def active_for_app_auth?
+    module_app = get_module_app
+    if controller.eql?('admin/module_apps')
+      if module_app.nil?
+        false
+      else
+        module_app.id.to_s == @params[:module_app_id] ? true : false  
+      end
+    else
+      false
+    end
+  end
   
   def request
     @request
diff --git a/lib/orbit_app/helper/side_bar_renderer.rb b/lib/orbit_app/helper/side_bar_renderer.rb
index 609c7cd..7f201e1 100644
--- a/lib/orbit_app/helper/side_bar_renderer.rb
+++ b/lib/orbit_app/helper/side_bar_renderer.rb
@@ -1,40 +1,59 @@
 module SideBarRenderer
   include Renderer
+  include AdminHelper
   include ActionView::Helpers::TextHelper
 
-  def render(request,params,current_module_app)
+  def render(request,params,user,current_module_app)
     @belong_module_app = get_module_app
     @current_module_app = current_module_app
     @request = request
     @params = params
+    @current_user = user
+    if display?
       content_tag :div, class: "sub-nav-block #{@icon_class}" do
         concat content_tag :h4, I18n.t(@head_label)
         concat (content_tag :ul, class: "nav nav-list" do
           @context_links.sort_by {| obj | obj.priority}.map{ |link|
-            link.render(request, params, @current_module_app, @belong_module_app)
+            link.render(request, params, @current_module_app, @current_user, @belong_module_app)
           }.join.html_safe
         end)
       end
+    end
   end
 
-  def render_head(request, params, current_module_app)
+  def render_head(request, params, user,current_module_app)
     @belong_module_app = get_module_app
     @current_module_app = current_module_app
     @request = request
     @params = params
+    @current_user = user
+    if display?
       content_tag :li, class: (module_sidebar_active? ? 'active' : nil) do
         link_to Rails.application.routes.url_helpers.send(@head_link) do
           content_tag :span do
             content_tag(:i, nil, class: @icon_class)
           end
         end
+      end
     end
   end
 
   protected
 
+   def display? #控制sidebar 要不要算圖
+    if is_manager? || is_admin?  #如果是系統管理員 或 是模組管理員
+      true
+    elsif (@current_module_app.open rescue true) # 如果app 被設定成 開放
+      true
+     elsif is_member? #如果app 是封閉  那至少需要是 member
+      true
+    else 
+      false
+    end
+  end
+
   def module_sidebar_active?
-    active_for_controller?
+    active_for_controller? || active_for_app_auth?
   end
 
   def active_for_controller?
diff --git a/lib/orbit_app/module/registration.rb b/lib/orbit_app/module/registration.rb
index 893f4d4..2cd5030 100644
--- a/lib/orbit_app/module/registration.rb
+++ b/lib/orbit_app/module/registration.rb
@@ -5,21 +5,23 @@ module OrbitApp
     module Registration
       module ClassMethods
         
-        @@registrations = []
+      #initiate a blank array for registration
+      cattr_accessor :registrations
+      self.registrations = []        
 
         def new(name,&block)
-          @@registrations << RegisteredModule.new(name,&block)
+          self.registrations << RegisteredModule.new(name,&block)
         end
 
         def find_by_key(key)
-          @@registrations.each{|t|
+          self.registrations.each{|t|
             return t if t.key.eql?(key)
           }
           return nil
         end
 
         def all
-          return @@registrations
+          return self.registrations
         end
       end
 
@@ -29,7 +31,7 @@ module OrbitApp
       end
 
       class RegisteredModule
-        attr_reader :name,:key,:module_label,:widget_methods
+        attr_reader :name,:key,:module_label,:widget_methods,:authorizable_models,:is_authorizable
 
         def initialize(name,&block)
           @name = name
@@ -38,6 +40,8 @@ module OrbitApp
           @module_label = @name
           @widget_methods = [] 
           @is_taggable = false
+          @authorizable_models = []
+          @is_authorizable = false
           @taggable_model = nil
           @is_categorizable = false
           block.arity < 1 ? instance_eval(&block) : block.call(self) if block_given?
@@ -99,6 +103,15 @@ module OrbitApp
           @taggable_model
         end
 
+        def authorizable
+          @is_authorizable = true
+          authorizable_on
+        end
+
+        def is_authorizable
+          @is_authorizable
+        end
+
         def categorizable
           @is_categorizable = true
         end
@@ -107,6 +120,13 @@ module OrbitApp
           @is_categorizable
         end
 
+        def authorizable_on(klass = 'Category')
+          @authorizable_models << klass
+        end
+
+        def get_authorizable_models
+          @authorizable_models
+        end
       end
     end
   end
diff --git a/lib/orbit_app/module/side_bar.rb b/lib/orbit_app/module/side_bar.rb
index 275744e..35786cd 100644
--- a/lib/orbit_app/module/side_bar.rb
+++ b/lib/orbit_app/module/side_bar.rb
@@ -41,12 +41,14 @@ module OrbitApp
 			class SideBar
         include SideBarRenderer
 
-				def initialize(name = '',key,get_module_app,&block)
+				def initialize(name = '', key, get_module_app, &block)
 				  @head_label = name
           @context_links = []
           @head_link = ""
           @app_base_path = ''
           @active_for_controllers = []
+          @available_for = []
+          @active_for_app_auth = []
           @module_app_key = key
           @get_module_app = get_module_app
           @sidebar_order = 0 
@@ -80,6 +82,10 @@ module OrbitApp
           @head_link = var
         end
 
+        def available_for(var)
+          @available_for = var
+        end
+
         def active_for_controllers(var)
           @active_for_controllers = var
         end
@@ -94,6 +100,12 @@ module OrbitApp
           set_controllers_scope
           # set_default_active_app_auth
           current_priority = @context_links.count
+          if @authorizable_with_link
+            context_link 'module_authorization',
+                          :link_path => "admin_authorizations_path(get_module_app.key)",
+                          :priority => current_priority + 2,
+                          :available_for => [:manager]
+          end
           @context_links.each do |t| 
             # t.set_module_app = @module_app
             t.finalize!
@@ -124,6 +136,7 @@ module OrbitApp
           @path = options[:link_path] || ""
           set_available_for_avoiding_sensitive_links(options[:available_for] )
           @active_for_action = options[:active_for_action] || []
+          @active_for_app_auth = options[:active_for_app_auth] || []
           @module_app_key = options[:module_app_key]
           @get_module_app = options[:get_module_app]
         end
@@ -152,7 +165,8 @@ module OrbitApp
 
         def active?
           for_action = @active_for_action.blank? ? false : active_for_action?
-          for_action
+          for_app_auth = @active_for_app_auth.blank? ? false : active_for_app_auth?
+          for_action || for_app_auth
         end
 
         def active_for_action?
diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb
new file mode 100644
index 0000000..28baf12
--- /dev/null
+++ b/lib/orbit_core_lib.rb
@@ -0,0 +1,191 @@
+module  OrbitCoreLib
+  module Preview
+    def self.included(base)
+
+      # base.instance_eval("field :is_preview,type: Boolean,:default => false")
+      # base.instance_eval("scope :not_preview,where(:is_preview=>false)")
+      base.class_eval ("
+        def to_preview
+          raise 'Developer,please override to_preview method'  
+        end
+      ")
+    end
+  end
+
+  # module  ObjectAuthable
+  #   def self.included(base)
+  #     base.instance_eval("has_many :object_auths,as: :obj_authable,dependent: :delete")
+      
+  #     base.define_singleton_method :authed_for_user do |user,title = nil|
+  #       sub_role_ids_ary=user.sub_roles.collect{|t| t.id}
+  #       if title.nil?
+  #         auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s)
+  #       else
+  #         auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s,title: title)
+  #       end
+  #       query1 = auth_object_space.any_in({sub_role_ids: sub_role_ids_ary}).excludes(blocked_user_ids: user.id)
+  #       query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id}).excludes(blocked_user_ids: user.id)
+  #       # query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id},{role_ids: user.role_ids}).excludes(blocked_user_ids: user.id) #save for backup if something went wrong (0626 Matt)
+
+  #       result = (query1 + query2).uniq
+  #       result.collect{|t| t.obj_authable}.delete_if{|val| val==nil}
+  #     end
+        
+  #   end
+    
+  #   def cur_user_is_sub_manager_of(title)
+  #      authed_users(title).include?(User.current)
+  #   end 
+
+  #   def module_app
+  #      ModuleApp.first(conditions: {:title => self.class::APP_NAME} )
+  #   end
+
+  #   def pp_object
+  #     "Object Auth method 'pp_object' need to be defined for class #{self.class}"
+  #   end
+    
+  #   def get_object_auth_by_title(title)
+  #     oa = self.object_auths.where({title: title }).first
+  #     if oa.nil? #&& (self.class::ObjectAuthTitlesOptions.include? title)
+  #       oa =  self.object_auths.create title: title
+  #     end
+  #     oa
+  #   end
+    
+  #   def authed_users(title=nil)
+  #     users = []
+  #     users = case title
+  #     when :all
+  #        ary = self.object_auths.collect{|t| t.auth_users}
+  #        ary.flatten!
+  #     when nil
+  #       if self.object_auths.count ==1 
+  #         self.object_auths.first.auth_users_after_block_list rescue []
+  #         else
+  #           logger.info "Warning calling a auth commend without specificed value( has multi-auths ), return empty"
+  #           []
+  #         end
+  #     else
+  #       get_object_auth_by_title(title).auth_users rescue []
+  #     end
+  #     users
+  #   end
+    
+  # end
+  module  ObjectTokenUtility
+    def self.included(base)
+      base.instance_eval("field :s_token")
+      base.instance_eval("after_create :generate_token")
+    end
+    
+    def token
+      return self.s_token
+    end
+    
+    protected
+     def generate_token
+       self.s_token = SecureRandom.hex(16)
+       self.save!
+     end
+  end
+  
+  module PermissionUtility
+  private
+    def check_permission(type = :use)
+    permission_grant =  current_user.is_admin?? true : false
+      module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app
+      unless permission_grant
+        permission_grant = case type
+        when :use
+          users_ary = @module_authorized_users rescue nil
+          users_ary = [] if users_ary.nil?
+          (users_ary.include?(current_user) || current_user.is_manager?(@module_app) || current_user.is_sub_manager?(@module_app))
+        when :manager
+          current_user.is_manager?(@module_app)
+        when :sub_manager  
+          current_user.is_manager?(@module_app) || current_user.is_sub_manager?(@module_app)
+        end  
+      end
+      permission_grant
+    end
+    def find_module_app_by_token(token)
+      ModuleApp.first(conditions: {s_token: token})
+    end
+  end
+
+  module Authorize
+    def self.included(base)
+      base.class_eval do
+        before_filter :can_use
+        send :include, InstanceMethods
+      end
+    end
+
+    module InstanceMethods
+      protected
+      def can_use
+        setup_vars
+        unless @no_authorization
+          if @workgroup
+            @open = false
+            @visitor = false
+            @workgroup.each do |workgroup|
+              case workgroup
+              when :admin
+                @open ||= check_admin
+              when :manager
+                @open ||= check_manager
+              when :sub_manager
+                @open ||= check_sub_manager
+              when :user
+                @open ||= true
+              end
+            end
+            authenticate_user if current_user.nil
+            redirect_to root_url unless @open
+          else
+            authenticate_user
+            check_user_can_use
+          end
+        end
+      end
+
+      def check_admin
+        current_user.is_admin?
+      end
+
+      def check_manager
+        check_admin || current_user.is_manager?(@module_app)
+      end
+
+      def check_sub_manager
+        check_admin || check_manager || current_user.is_sub_manager?(@module_app)
+      end
+
+      def open_for(var)
+        @user_type ||= []
+        @user_type << var
+      end
+
+      def no_authorization
+        @no_authorization = true
+      end
+
+      def check_user_can_use
+        if ((current_user.is_admin? if current_user.present?) || (current_user.is_manager?(@module_app) if current_user.present?) || (current_user.is_sub_manager?(@module_app) if current_user.present?))
+          # redirect_to admin_dashboards_url
+        elsif ((current_user.is_admin? if current_user.present?) || (current_user.is_manager?(@module_app) if current_user.present?) || (current_user.is_sub_manager?(@module_app) if current_user.present?)).eql?(false)
+          render "public/404" , layout: "back_end"
+        end
+      end
+
+      def setup_vars
+        @app_title ||= controller_path.split('/')[1].singularize rescue nil
+        @module_app ||= ModuleApp.find_by(key: @app_title) rescue nil
+        @module_authorized_users ||= Authorization.module_authorized_users(@module_app.id).pluck(:user_id) rescue nil
+      end
+    end
+  end
+
+end
diff --git a/public/404.html b/public/404.html
index 70bddd0..ba2028c 100644
--- a/public/404.html
+++ b/public/404.html
@@ -18,7 +18,7 @@
     <div class="card">
       <div class="figure code-404"></div>
       <div class="message">
-        <h1>Page not found!!!</h1>
+        <h1>Page not found!</h1>
         <p>The page you were looking for doesn’t exist.</p>
       </div>
     </div>
diff --git a/test/controllers/admin/authorizations_controller_test.rb b/test/controllers/admin/authorizations_controller_test.rb
new file mode 100644
index 0000000..d2b1f56
--- /dev/null
+++ b/test/controllers/admin/authorizations_controller_test.rb
@@ -0,0 +1,9 @@
+require 'test_helper'
+
+class Admin::AuthorizationsControllerTest < ActionController::TestCase
+  test "should get index" do
+    get :index
+    assert_response :success
+  end
+
+end
diff --git a/test/controllers/admin/members_controller_test.rb b/test/controllers/admin/members_controller_test.rb
new file mode 100644
index 0000000..1fdd3f4
--- /dev/null
+++ b/test/controllers/admin/members_controller_test.rb
@@ -0,0 +1,9 @@
+require 'test_helper'
+
+class Admin::MembersControllerTest < ActionController::TestCase
+  test "should get index" do
+    get :index
+    assert_response :success
+  end
+
+end
diff --git a/test/controllers/admin/module_apps_controller_test.rb b/test/controllers/admin/module_apps_controller_test.rb
new file mode 100644
index 0000000..f20c453
--- /dev/null
+++ b/test/controllers/admin/module_apps_controller_test.rb
@@ -0,0 +1,9 @@
+require 'test_helper'
+
+class Admin::ModuleAppsControllerTest < ActionController::TestCase
+  test "should get index" do
+    get :index
+    assert_response :success
+  end
+
+end
diff --git a/test/fixtures/authorizations.yml b/test/fixtures/authorizations.yml
new file mode 100644
index 0000000..937a0c0
--- /dev/null
+++ b/test/fixtures/authorizations.yml
@@ -0,0 +1,11 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+# This model initially had no columns defined.  If you add columns to the
+# model remove the '{}' from the fixture names and add the columns immediately
+# below each fixture, per the syntax in the comments below
+#
+one: {}
+# column: value
+#
+two: {}
+#  column: value
diff --git a/test/fixtures/member_profiles.yml b/test/fixtures/member_profiles.yml
new file mode 100644
index 0000000..afdaa6a
--- /dev/null
+++ b/test/fixtures/member_profiles.yml
@@ -0,0 +1,9 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+one:
+  first_name: MyString
+  last_name: MyString
+
+two:
+  first_name: MyString
+  last_name: MyString
diff --git a/test/fixtures/roles.yml b/test/fixtures/roles.yml
new file mode 100644
index 0000000..ddd653b
--- /dev/null
+++ b/test/fixtures/roles.yml
@@ -0,0 +1,9 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+one:
+  key: MyString
+  title: MyString
+
+two:
+  key: MyString
+  title: MyString
diff --git a/test/fixtures/workgroups.yml b/test/fixtures/workgroups.yml
new file mode 100644
index 0000000..ddd653b
--- /dev/null
+++ b/test/fixtures/workgroups.yml
@@ -0,0 +1,9 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+one:
+  key: MyString
+  title: MyString
+
+two:
+  key: MyString
+  title: MyString
diff --git a/test/helpers/admin/authorizations_helper_test.rb b/test/helpers/admin/authorizations_helper_test.rb
new file mode 100644
index 0000000..7161dd5
--- /dev/null
+++ b/test/helpers/admin/authorizations_helper_test.rb
@@ -0,0 +1,4 @@
+require 'test_helper'
+
+class Admin::AuthorizationsHelperTest < ActionView::TestCase
+end
diff --git a/test/helpers/admin/members_helper_test.rb b/test/helpers/admin/members_helper_test.rb
new file mode 100644
index 0000000..bf9a965
--- /dev/null
+++ b/test/helpers/admin/members_helper_test.rb
@@ -0,0 +1,4 @@
+require 'test_helper'
+
+class Admin::MembersHelperTest < ActionView::TestCase
+end
diff --git a/test/helpers/admin/module_apps_helper_test.rb b/test/helpers/admin/module_apps_helper_test.rb
new file mode 100644
index 0000000..07274ec
--- /dev/null
+++ b/test/helpers/admin/module_apps_helper_test.rb
@@ -0,0 +1,4 @@
+require 'test_helper'
+
+class Admin::ModuleAppsHelperTest < ActionView::TestCase
+end
diff --git a/test/models/authorization_test.rb b/test/models/authorization_test.rb
new file mode 100644
index 0000000..d1c0739
--- /dev/null
+++ b/test/models/authorization_test.rb
@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class AuthorizationTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end
diff --git a/test/models/member_profile_test.rb b/test/models/member_profile_test.rb
new file mode 100644
index 0000000..6f38bed
--- /dev/null
+++ b/test/models/member_profile_test.rb
@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class MemberProfileTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end
diff --git a/test/models/role_test.rb b/test/models/role_test.rb
new file mode 100644
index 0000000..11c53a8
--- /dev/null
+++ b/test/models/role_test.rb
@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class RoleTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end
diff --git a/test/models/workgroup_test.rb b/test/models/workgroup_test.rb
new file mode 100644
index 0000000..c60b46f
--- /dev/null
+++ b/test/models/workgroup_test.rb
@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class WorkgroupTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end