alex
/
orbit4-5
forked from saurabh/orbit4-5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new authorization.. yet to complete in alpha..

This commit is contained in:
Harry Bomrah 2014-07-30 21:40:02 +08:00
parent 69db2e2926
commit 33edfd779c
15 changed files with 242 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/basic/orbit_js_1.0.1.js
View File

@ -291,7 +291,7 @@ if($.support.touch) {
$el.find('a').removeAttr('href'); $el.find('a').removeAttr('href');
}; };
$el.on(mouseenterEvent, function(e) { $el.on(mouseenterEvent, function(e) {
$block.siblings().removeClass('show').eq($(this).index()).addClass('show'); $block.siblings().removeClass('show').end().eq($(this).index()).addClass('show');
$arrow.stop(true, false).animate({ $arrow.stop(true, false).animate({
top: ($(this).position().top+$(this).height()/2)-$arrowHeightFormat+$('.scroller').position().top, top: ($(this).position().top+$(this).height()/2)-$arrowHeightFormat+$('.scroller').position().top,
},{ },{

25
app/controllers/admin/authorizations_controller.rb
View File

@ -35,7 +35,7 @@ class Admin::AuthorizationsController < OrbitAdminController
def add_users def add_users
users = User.find(params[:user_ids]) rescue nil users = User.find(params[:user_ids]) rescue nil
unless users.nil? unless users.nil?
authorization = users.map {|u| get_or_create_authorization(u.id)}.first authorization = users.map {|u| get_or_create_authorization(u)}.first
end end
@users = @module_app.module_managers @users = @module_app.module_managers
render 'admin/authorizations/reload_users' render 'admin/authorizations/reload_users'
@ -92,16 +92,22 @@ class Admin::AuthorizationsController < OrbitAdminController
protected protected
def get_or_create_authorization(user_id) def get_or_create_authorization(user)
case @type case @type
when 'category_authorization' when 'category_authorization'
if @object if @object
Authorization.create_category_authorization(@module_app.id, @object.id, user_id) if user.is_manager?(@module_app)
remove_from_manager(user)
end
Authorization.create_category_authorization(@module_app.id, @object.id, user.id)
else else
@error = t(:no_data) @error = t(:no_data)
end end
when nil when nil
Authorization.create_module_authorization(@module_app.id, user_id) if user.is_sub_manager?(@module_app)
remove_from_sub_manager(user)
end
Authorization.create_module_authorization(@module_app.id, user.id)
else else
auth = @object.get_authorization_by_title("#{@type}_#{@module_app.key}") auth = @object.get_authorization_by_title("#{@type}_#{@module_app.key}")
unless auth unless auth
@ -111,6 +117,17 @@ class Admin::AuthorizationsController < OrbitAdminController
end end
end end
def remove_from_sub_manager(user)
categories = @module_app.categories.authorized(user)
categories.each do |c|
Authorization.remove_category_authorization(c.id, user.id)
end
end
def remove_from_manager(user)
Authorization.remove_module_authorization(@module_app.id, user.id)
end
def get_or_create_authorization_with_role(role_id) def get_or_create_authorization_with_role(role_id)
case @type case @type
when 'category_authorization' when 'category_authorization'

7
app/controllers/orbit_admin_controller.rb
View File

@ -1,10 +1,9 @@
class OrbitAdminController < ApplicationController class OrbitAdminController < ApplicationController
include OrbitCoreLib::Authorize include OrbitCoreLib::Authorize
include OrbitCoreLib::PermissionUtility
include Authorize include Authorize
include OrbitBackendHelper include OrbitBackendHelper
before_action :authenticate_user, :log_user_action before_action :authenticate_user, :log_user_action, :load_authenticated_categories
layout "back_end" layout "back_end"
def sort def sort
@ -65,4 +64,8 @@ class OrbitAdminController < ApplicationController
end end
end end
def load_authenticated_categories
@user_authenticated_categories = current_user.is_admin? ? ["all"] : current_user.approved_categories.collect{|c| c.id}
end
end end

10
app/helpers/orbit_backend_helper.rb
View File

@ -85,7 +85,7 @@ module OrbitBackendHelper
def select_category(f, module_app) def select_category(f, module_app)
render :partial => '/admin/categories/select_form', :locals => {:f=> f, :module_app=>module_app, :categories=>module_app.categories.enabled } render :partial => '/admin/categories/select_form', :locals => {:f=> f, :module_app=>module_app, :categories=>module_app.categories.enabled.authorized(current_user) }
end end
def select_tags(f, module_app) def select_tags(f, module_app)
@ -128,6 +128,14 @@ module OrbitBackendHelper
[:name=> t(:visitors_count),:data=>result] [:name=> t(:visitors_count),:data=>result]
end end
def can_edit_or_delete?(obj)
if @user_authenticated_categories.first == "all"
return true
else
@user_authenticated_categories.include?obj.category_id
end
end
end end

14
app/models/authorization.rb
View File

@ -32,7 +32,7 @@ class Authorization
user = User.find(user_id) user = User.find(user_id)
workgroup = Workgroup.find_by(key: "managers") workgroup = Workgroup.find_by(key: "managers")
module_app = ModuleApp.find(module_app_id) module_app = ModuleApp.find(module_app_id)
if (user.is_admin? || user.is_manager?(module_app) || user.is_sub_manager?(module_app)|| user.is_manager_with_role?(module_app)) if (user.is_admin? || user.is_manager?(module_app) || user.is_manager_with_role?(module_app))
puts "User Already Authorized" puts "User Already Authorized"
else else
a = self.create(module_app_id: module_app_id, user_id: user_id, workgroup_id: workgroup.id) a = self.create(module_app_id: module_app_id, user_id: user_id, workgroup_id: workgroup.id)
@ -44,12 +44,8 @@ class Authorization
user = User.find(user_id) user = User.find(user_id)
workgroup = Workgroup.find_by(key: "sub_managers") workgroup = Workgroup.find_by(key: "sub_managers")
module_app = ModuleApp.find(module_app_id) module_app = ModuleApp.find(module_app_id)
if (user.is_admin? || user.is_manager?(module_app) || user.is_sub_manager?(module_app) || user.is_manager_with_role?(module_app)) a = self.create(category_id: category_id, user_id: user_id, workgroup_id: workgroup.id)
puts "User Already Authorized" a.save
else
a = self.create(category_id: category_id, user_id: user_id, workgroup_id: workgroup.id)
a.save
end
end end
def self.create_module_authorization_with_role(module_app_id,role_id) def self.create_module_authorization_with_role(module_app_id,role_id)
@ -78,11 +74,11 @@ class Authorization
def self.remove_module_authorization(module_app_id,user_id) def self.remove_module_authorization(module_app_id,user_id)
auth = self.find_by(module_app_id: module_app_id, user_id: user_id) auth = self.find_by(module_app_id: module_app_id, user_id: user_id)
auth.delete auth.destroy
end end
def self.remove_category_authorization(category_id,user_id) def self.remove_category_authorization(category_id,user_id)
auth = self.find_by(category_id: category_id, user_id: user_id) auth = self.find_by(category_id: category_id, user_id: user_id)
auth auth.destroy
end end
end end

4
app/models/category.rb
View File

@ -15,4 +15,8 @@ class Category
def category_sub_managers def category_sub_managers
Authorization.category_authorized_users(self).pluck(:user_id) Authorization.category_authorized_users(self).pluck(:user_id)
end end
def self.authorized(user)
user.approved_categories
end
end end

35
app/models/user.rb
View File

@ -108,7 +108,6 @@ class User
module_app_categories = module_app.categories.map {|c| c.id} rescue nil module_app_categories = module_app.categories.map {|c| c.id} rescue nil
authorized_categories = self.authorizations.map {|a| a.category.id if (a.category.present? && a.workgroup.key.eql?("sub_managers"))} authorized_categories = self.authorizations.map {|a| a.category.id if (a.category.present? && a.workgroup.key.eql?("sub_managers"))}
intersection = (module_app_categories & authorized_categories) intersection = (module_app_categories & authorized_categories)
if ((intersection.count > 0 if intersection.present?) && !self.is_admin? && !self.is_manager?(module_app)) if ((intersection.count > 0 if intersection.present?) && !self.is_admin? && !self.is_manager?(module_app))
true true
else else
@ -128,6 +127,40 @@ class User
end end
end end
def is_normal_user?
if self.is_admin?
return false
elsif self.authorizations.empty?
return true
else
return false
end
end
def approved_categories
categories = []
if self.is_admin?
Category.all.each do |c|
categories << c
end
else
self.authorizations.each do |auth|
case auth.workgroup.key
when "managers"
if !auth.module_app.categories.blank?
auth.module_app.categories.each do|c|
categories << c
end
end
when "sub_managers"
c = Category.find(auth.category_id) rescue nil
categories << c if !c.nil?
end
end
end
categories
end
def user_workgroup(module_app) def user_workgroup(module_app)
if self.is_admin? if self.is_admin?
"Admin" "Admin"

8
app/views/admin/categories/_select_form.html.erb
View File

@ -1,9 +1,11 @@
<span id="select_categories"> <span id="select_categories">
<%= f.select :category_id, categories.collect{|t| [ t.title, t.id ]} %> <%= f.select :category_id, categories.collect{|t| [ t.title, t.id ]} %>
</span> </span>
<button class="btn" data-toggle="modal" data-target="#categoryModal"> <% if current_user.is_admin? || current_user.is_manager?(module_app) %>
<i class='icon-plus'></i> <%= t(:new_category) %> <button class="btn" data-toggle="modal" data-target="#categoryModal">
</button> <i class='icon-plus'></i> <%= t(:new_category) %>
</button>
<% end %>
<div class="modal fade" id="categoryModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <div class="modal fade" id="categoryModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog"> <div class="modal-dialog">

4
app/views/layouts/_side_bar_content.html.erb
View File

@ -2,7 +2,7 @@
<div class="scroller"> <div class="scroller">
<ul class="sidebar-nav"> <ul class="sidebar-nav">
<% OrbitApp::Module::SideBarRegistration.all.sort{|x,y| x.get_module_app_key <=> y.get_module_app_key}.each do |t| %> <% OrbitApp::Module::SideBarRegistration.all.sort{|x,y| x.get_module_app_key <=> y.get_module_app_key}.each do |t| %>
<%= t.render_head(request, params, current_user, @module_app) %> <%= t.render_head(request, params, current_user, @module_app, t.get_availability) %>
<% end %> <% end %>
</ul> </ul>
</div> </div>
@ -11,6 +11,6 @@
<div class="sub-nav-block-list"> <div class="sub-nav-block-list">
<% OrbitApp::Module::SideBarRegistration.all.sort{|x,y| x.get_module_app_key <=> y.get_module_app_key}.each do |t| %> <% OrbitApp::Module::SideBarRegistration.all.sort{|x,y| x.get_module_app_key <=> y.get_module_app_key}.each do |t| %>
<%= t.render(request, params, current_user, @module_app) %> <%= t.render(request, params, current_user, @module_app, t.get_availability) %>
<% end %> <% end %>
</div> </div>

6
config/initializers/authorization.rb
View File

@ -5,8 +5,8 @@
side_bar do side_bar do
head_label_i18n 'authorization', icon_class: "icons-lock-open" head_label_i18n 'authorization', icon_class: "icons-lock-open"
available_for [:admin, :manager] available_for "managers"
active_for_controllers ({public: ['admin/authorizations']}) active_for_controllers (['admin/authorizations'])
head_link_path "admin_authorizations_path" head_link_path "admin_authorizations_path"
@ -14,6 +14,6 @@
link_path: "admin_authorizations_path", link_path: "admin_authorizations_path",
priority: 1, priority: 1,
active_for_action: {authorizations: :index}, active_for_action: {authorizations: :index},
available_for: [:admin, :manager] available_for: "managers"
end end
end end

21
lib/orbit_app/helper/context_link_renderer.rb
View File

@ -1,13 +1,30 @@
module ContextLinkRenderer module ContextLinkRenderer
include Renderer include Renderer
def render(request,params,current_module_app,current_user,belong_module_app,active_actions) def render(request,params,current_module_app,current_user,belong_module_app,active_actions,available_for)
@current_module_app = current_module_app @current_module_app = current_module_app
@belong_module_app = belong_module_app @belong_module_app = belong_module_app
@request = request @request = request
@params = params @params = params
@current_user = current_user @current_user = current_user
content_tag :li, link_to(content_tag(:span, I18n.t(@label_i18n)), Rails.application.routes.url_helpers.send(@path, eval(@arg))), :class => ( active_actions[controller] == action ? 'active' : nil) @available_for = available_for
if can_display?
content_tag :li, link_to(content_tag(:span, I18n.t(@label_i18n)), Rails.application.routes.url_helpers.send(@path, eval(@arg))), :class => ( active_actions[controller] == action ? 'active' : nil)
end
end
def can_display?
status = "users"
if @current_user.is_admin?
status = "admin"
elsif @current_user.is_manager?(@belong_module_app)
status = "managers"
elsif @current_user.is_sub_manager?(@belong_module_app)
status = "sub_managers"
elsif @current_user.is_normal_user?
status = "users"
end
return @available_for.include?status
end end
end end

27
lib/orbit_app/helper/side_bar_renderer.rb
View File

@ -3,30 +3,32 @@ module SideBarRenderer
include AdminHelper include AdminHelper
include ActionView::Helpers::TextHelper include ActionView::Helpers::TextHelper
def render(request,params,user,current_module_app) def render(request,params,user,current_module_app, af)
@belong_module_app = get_module_app @belong_module_app = get_module_app
@current_module_app = current_module_app @current_module_app = current_module_app
@request = request @request = request
@params = params @params = params
@current_user = user @current_user = user
@app_available_for = af
if display? if display?
content_tag :div, class: "sub-nav-block #{@icon_class}" do content_tag :div, class: "sub-nav-block #{@icon_class}" do
concat content_tag :h4, I18n.t(@head_label) concat content_tag :h4, I18n.t(@head_label)
concat (content_tag :ul, class: "nav nav-list" do concat (content_tag :ul, class: "nav nav-list" do
@context_links.sort_by {| obj | obj.priority}.map{ |link| @context_links.sort_by {| obj | obj.priority}.map{ |link|
link.render(request, params, @current_module_app, @current_user, @belong_module_app, link.get_active_action) link.render(request, params, @current_module_app, @current_user, @belong_module_app, link.get_active_action, link.available_for)
}.join.html_safe }.join.html_safe
end) end)
end end
end end
end end
def render_head(request, params, user,current_module_app) def render_head(request, params, user,current_module_app, available_for)
@belong_module_app = get_module_app @belong_module_app = get_module_app
@current_module_app = current_module_app @current_module_app = current_module_app
@request = request @request = request
@params = params @params = params
@current_user = user @current_user = user
@app_available_for = available_for
if display? if display?
content_tag :li, class: (module_sidebar_active? ? 'active' : nil) do content_tag :li, class: (module_sidebar_active? ? 'active' : nil) do
link_to Rails.application.routes.url_helpers.send(@head_link) do link_to Rails.application.routes.url_helpers.send(@head_link) do
@ -41,15 +43,17 @@ module SideBarRenderer
protected protected
def display? #控制sidebar 要不要算圖 def display? #控制sidebar 要不要算圖
if is_manager? || is_admin? #如果是系統管理員 或 是模組管理員 status = "users"
true if @current_user.is_admin?
elsif (@current_module_app.open rescue true) # 如果app 被設定成 開放 status = "admin"
true elsif @current_user.is_manager?(@belong_module_app)
elsif is_member? #如果app 是封閉 那至少需要是 member status = "managers"
true elsif @current_user.is_sub_manager?(@belong_module_app)
else status = "sub_managers"
false elsif @current_user.is_normal_user?
status = "users"
end end
return @app_available_for.include?status
end end
def module_sidebar_active? def module_sidebar_active?
@ -59,5 +63,4 @@ module SideBarRenderer
def active_for_controller? def active_for_controller?
@active_for_controllers.include? controller @active_for_controllers.include? controller
end end
end end

74
lib/orbit_app/module/side_bar.rb
View File

@ -87,7 +87,32 @@ module OrbitApp
end end
def available_for(var) def available_for(var)
@available_for = var @available_for = set_avaibility(var || "admin")
end
def get_availability
@available_for
end
def set_avaibility(af)
temp = []
case af
when 'users'
temp << 'users'
temp << 'sub_managers'
temp << 'managers'
temp << 'admin'
when 'sub_managers'
temp << 'sub_managers'
temp << 'managers'
temp << 'admin'
when 'managers'
temp << 'managers'
temp << 'admin'
when 'admin'
temp << 'admin'
end
temp
end end
def active_for_controllers(var) def active_for_controllers(var)
@ -112,7 +137,7 @@ module OrbitApp
context_link 'module_authorization', context_link 'module_authorization',
:link_path => "admin_authorizations_path(get_module_app.key)", :link_path => "admin_authorizations_path(get_module_app.key)",
:priority => current_priority + 2, :priority => current_priority + 2,
:available_for => [:manager] :available_for => "managers"
end end
@context_links.each do |t| @context_links.each do |t|
# t.set_module_app = @module_app # t.set_module_app = @module_app
@ -143,35 +168,42 @@ module OrbitApp
@priority = options[:priority] || 0 @priority = options[:priority] || 0
@path = options[:link_path] || "" @path = options[:link_path] || ""
@arg = options[:link_arg] || "" @arg = options[:link_arg] || ""
set_available_for_avoiding_sensitive_links(options[:available_for] ) @available_for = set_avaibility(options[:available_for] || "admin")
@active_for_action = options[:active_for_action] || [] @active_for_action = options[:active_for_action] || []
@active_for_app_auth = options[:active_for_app_auth] || [] @active_for_app_auth = options[:active_for_app_auth] || []
@module_app_key = options[:module_app_key] @module_app_key = options[:module_app_key]
@get_module_app = options[:get_module_app] @get_module_app = options[:get_module_app]
end end
def set_available_for_avoiding_sensitive_links(available_for)
sensitive_list = {}
sensitive_list[:module_app] =/.*manager_auth_proc.*/
sensitive_list[:object_auth] = /.*object_auth.*/
sensitive_list.each do |index,regx|
if @path.match(regx)
@available_for = case index
when :module_app
[:admin]
when :object_auth
[:manager,:admin]
end #of case
end #of if
end #of each
@available_for = available_for if @available_for.nil?
end #of def
def get_module_app def get_module_app
@get_module_app.call @get_module_app.call
end end
def available_for
@available_for
end
def set_avaibility(af)
temp = []
case af
when 'users'
temp << 'users'
temp << 'sub_managers'
temp << 'managers'
temp << 'admin'
when 'sub_managers'
temp << 'sub_managers'
temp << 'managers'
temp << 'admin'
when 'managers'
temp << 'managers'
temp << 'admin'
when 'admin'
temp << 'admin'
end
temp
end
def active? def active?
for_action = @active_for_action.blank? ? false : active_for_action? for_action = @active_for_action.blank? ? false : active_for_action?
for_app_auth = @active_for_app_auth.blank? ? false : active_for_app_auth? for_app_auth = @active_for_app_auth.blank? ? false : active_for_app_auth?

118
lib/orbit_core_lib.rb
View File

@ -115,30 +115,6 @@ module OrbitCoreLib
self.save! self.save!
end end
end end
module PermissionUtility
private
def check_permission(type = :use)
permission_grant = current_user.is_admin?? true : false
module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app
unless permission_grant
permission_grant = case type
when :use
users_ary = @module_authorized_users rescue nil
users_ary = [] if users_ary.nil?
(users_ary.include?(current_user) || current_user.is_manager?(@module_app) || current_user.is_sub_manager?(@module_app))
when :manager
current_user.is_manager?(@module_app)
when :sub_manager
current_user.is_manager?(@module_app) || current_user.is_sub_manager?(@module_app)
end
end
permission_grant
end
def find_module_app_by_token(token)
ModuleApp.first(conditions: {s_token: token})
end
end
module Authorize module Authorize
def self.included(base) def self.included(base)
@ -151,66 +127,48 @@ module OrbitCoreLib
module InstanceMethods module InstanceMethods
protected protected
def can_use def can_use
setup_vars @app_title ||= controller_path.split('/')[1].singularize rescue nil
unless @no_authorization @module_app ||= ModuleApp.find_by(key: @app_title) rescue nil
if @workgroup @module_authorized_users ||= Authorization.module_authorized_users(@module_app.id).pluck(:user_id) rescue nil
@open = false authenticate_user
@visitor = false check_user_can_use
@workgroup.each do |workgroup| end
case workgroup
when :admin def check_user_can_use
@open ||= check_admin # condition_check = ((current_user.is_admin? if current_user.present?) || (current_user.is_manager?(@module_app) if current_user.present?) || (current_user.is_sub_manager?(@module_app) if current_user.present?) || (current_user.is_manager_with_role?(@module_app) if current_user.present?))
when :manager # if condition_check.eql?(true)
@open ||= check_manager # # redirect_to admin_dashboards_url
when :sub_manager # elsif condition_check.eql?(false)
@open ||= check_sub_manager # render "public/401" , layout: "back_end"
when :user # end
@open ||= true permissions = {}
end @module_app.get_registration.get_side_bar.get_context_links.each do |link|
end l = (Rails.application.routes.url_helpers.send(link.path) rescue Rails.application.routes.url_helpers.send(link.path, {:module_app_id => @module_app.id}))
authenticate_user if current_user.nil if l == request.path
redirect_to root_url unless @open permissions["link"] = l
else permissions["available_for"] = link.available_for
authenticate_user break
check_user_can_use end
end
if !permissions.empty?
if !allow?(permissions["available_for"] || ["admin"])
render "public/401" , layout: "back_end"
end end
end end
end end
def check_admin def allow?(af)
current_user.is_admin? status = "users"
end if current_user.is_admin?
status = "admin"
def check_manager elsif current_user.is_manager?(@module_app)
check_admin || current_user.is_manager?(@module_app) status = "managers"
end elsif current_user.is_sub_manager?(@module_app)
status = "sub_managers"
def check_sub_manager elsif current_user.is_normal_user?
check_admin || check_manager || current_user.is_sub_manager?(@module_app) status = "users"
end end
return af.include?status
def open_for(var)
@user_type ||= []
@user_type << var
end
def no_authorization
@no_authorization = true
end
def check_user_can_use
condition_check = ((current_user.is_admin? if current_user.present?) || (current_user.is_manager?(@module_app) if current_user.present?) || (current_user.is_sub_manager?(@module_app) if current_user.present?) || (current_user.is_manager_with_role?(@module_app) if current_user.present?))
if condition_check.eql?(true)
# redirect_to admin_dashboards_url
elsif condition_check.eql?(false)
render "public/404" , layout: "back_end"
end
end
def setup_vars
@app_title ||= controller_path.split('/')[1].singularize rescue nil
@module_app ||= ModuleApp.find_by(key: @app_title) rescue nil
@module_authorized_users ||= Authorization.module_authorized_users(@module_app.id).pluck(:user_id) rescue nil
end end
end end
end end

28
public/401.html Normal file
View File

@ -0,0 +1,28 @@
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<title></title>
<link rel="stylesheet" type="text/css" href="stylesheets/error-pages.css" media="all"/>
</head>
<body>
<style type="text/css">
body {
margin: 0;
padding: 40px 0 0 0;
background-color: #F3F3F3;
}
</style>
<!-- Error Pages Start Here -->
<div id="error-page">
<div class="card">
<div class="figure code-401"></div>
<div class="message">
<h1>Unauthorized</h1>
<p>You dont have privileges to access this page.</p>
</div>
</div>
</div>
<!-- Error Pages End Here -->
</body>
</html>