alex
/
orbit4-5
forked from saurabh/orbit4-5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new authorization.. yet to complete in alpha..

This commit is contained in:
Harry Bomrah 2014-07-30 21:40:02 +08:00
parent 69db2e2926
commit 33edfd779c
15 changed files with 242 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/basic/orbit_js_1.0.1.js
View File

@ -291,7 +291,7 @@ if($.support.touch) {
$el.find('a').removeAttr('href');
};
$el.on(mouseenterEvent, function(e) {
$block.siblings().removeClass('show').eq($(this).index()).addClass('show');
$block.siblings().removeClass('show').end().eq($(this).index()).addClass('show');
$arrow.stop(true, false).animate({
top: ($(this).position().top+$(this).height()/2)-$arrowHeightFormat+$('.scroller').position().top,
},{

25
app/controllers/admin/authorizations_controller.rb
View File

@ -35,7 +35,7 @@ class Admin::AuthorizationsController < OrbitAdminController
def add_users
users = User.find(params[:user_ids]) rescue nil
unless users.nil?
authorization = users.map {|u| get_or_create_authorization(u.id)}.first
authorization = users.map {|u| get_or_create_authorization(u)}.first
end
@users = @module_app.module_managers
render 'admin/authorizations/reload_users'
@ -92,16 +92,22 @@ class Admin::AuthorizationsController < OrbitAdminController
protected
def get_or_create_authorization(user_id)
def get_or_create_authorization(user)
case @type
when 'category_authorization'
if @object
Authorization.create_category_authorization(@module_app.id, @object.id, user_id)
if user.is_manager?(@module_app)
remove_from_manager(user)
end
Authorization.create_category_authorization(@module_app.id, @object.id, user.id)
else
@error = t(:no_data)
end
when nil
Authorization.create_module_authorization(@module_app.id, user_id)
if user.is_sub_manager?(@module_app)
remove_from_sub_manager(user)
end
Authorization.create_module_authorization(@module_app.id, user.id)
else
auth = @object.get_authorization_by_title("#{@type}_#{@module_app.key}")
unless auth
@ -111,6 +117,17 @@ class Admin::AuthorizationsController < OrbitAdminController
end
end
def remove_from_sub_manager(user)
categories = @module_app.categories.authorized(user)
categories.each do |c|
Authorization.remove_category_authorization(c.id, user.id)
end
end
def remove_from_manager(user)
Authorization.remove_module_authorization(@module_app.id, user.id)
end
def get_or_create_authorization_with_role(role_id)
case @type
when 'category_authorization'

7
app/controllers/orbit_admin_controller.rb
View File

@ -1,10 +1,9 @@
class OrbitAdminController < ApplicationController
include OrbitCoreLib::Authorize
include OrbitCoreLib::PermissionUtility
include Authorize
include OrbitBackendHelper
before_action :authenticate_user, :log_user_action
before_action :authenticate_user, :log_user_action, :load_authenticated_categories
layout "back_end"
def sort
@ -65,4 +64,8 @@ class OrbitAdminController < ApplicationController
end
end
def load_authenticated_categories
@user_authenticated_categories = current_user.is_admin? ? ["all"] : current_user.approved_categories.collect{|c| c.id}
end
end

10
app/helpers/orbit_backend_helper.rb
View File

@ -85,7 +85,7 @@ module OrbitBackendHelper
def select_category(f, module_app)
render :partial => '/admin/categories/select_form', :locals => {:f=> f, :module_app=>module_app, :categories=>module_app.categories.enabled }
render :partial => '/admin/categories/select_form', :locals => {:f=> f, :module_app=>module_app, :categories=>module_app.categories.enabled.authorized(current_user) }
end
def select_tags(f, module_app)
@ -129,6 +129,14 @@ module OrbitBackendHelper
[:name=> t(:visitors_count),:data=>result]
end
def can_edit_or_delete?(obj)
if @user_authenticated_categories.first == "all"
return true
else
@user_authenticated_categories.include?obj.category_id
end
end
end
module Orbit::FormBuilder

10
app/models/authorization.rb
View File

@ -32,7 +32,7 @@ class Authorization
user = User.find(user_id)
workgroup = Workgroup.find_by(key: "managers")
module_app = ModuleApp.find(module_app_id)
if (user.is_admin? || user.is_manager?(module_app) || user.is_sub_manager?(module_app)|| user.is_manager_with_role?(module_app))
if (user.is_admin? || user.is_manager?(module_app) || user.is_manager_with_role?(module_app))
puts "User Already Authorized"
else
a = self.create(module_app_id: module_app_id, user_id: user_id, workgroup_id: workgroup.id)
@ -44,13 +44,9 @@ class Authorization
user = User.find(user_id)
workgroup = Workgroup.find_by(key: "sub_managers")
module_app = ModuleApp.find(module_app_id)
if (user.is_admin? || user.is_manager?(module_app) || user.is_sub_manager?(module_app) || user.is_manager_with_role?(module_app))
puts "User Already Authorized"
else
a = self.create(category_id: category_id, user_id: user_id, workgroup_id: workgroup.id)
a.save
end
end
def self.create_module_authorization_with_role(module_app_id,role_id)
current_auth = self.where(role_id: role_id, module_app_id: module_app_id)
@ -78,11 +74,11 @@ class Authorization
def self.remove_module_authorization(module_app_id,user_id)
auth = self.find_by(module_app_id: module_app_id, user_id: user_id)
auth.delete
auth.destroy
end
def self.remove_category_authorization(category_id,user_id)
auth = self.find_by(category_id: category_id, user_id: user_id)
auth
auth.destroy
end
end

4
app/models/category.rb
View File

@ -15,4 +15,8 @@ class Category
def category_sub_managers
Authorization.category_authorized_users(self).pluck(:user_id)
end
def self.authorized(user)
user.approved_categories
end
end

35
app/models/user.rb
View File

@ -108,7 +108,6 @@ class User
module_app_categories = module_app.categories.map {|c| c.id} rescue nil
authorized_categories = self.authorizations.map {|a| a.category.id if (a.category.present? && a.workgroup.key.eql?("sub_managers"))}
intersection = (module_app_categories & authorized_categories)
if ((intersection.count > 0 if intersection.present?) && !self.is_admin? && !self.is_manager?(module_app))
true
else
@ -128,6 +127,40 @@ class User
end
end
def is_normal_user?
if self.is_admin?
return false
elsif self.authorizations.empty?
return true
else
return false
end
end
def approved_categories
categories = []
if self.is_admin?
Category.all.each do |c|
categories << c
end
else
self.authorizations.each do |auth|
case auth.workgroup.key
when "managers"
if !auth.module_app.categories.blank?
auth.module_app.categories.each do|c|
categories << c
end
end
when "sub_managers"
c = Category.find(auth.category_id) rescue nil
categories << c if !c.nil?
end
end
end
categories
end
def user_workgroup(module_app)
if self.is_admin?
"Admin"

2
app/views/admin/categories/_select_form.html.erb
View File

@ -1,9 +1,11 @@
<span id="select_categories">
<%= f.select :category_id, categories.collect{|t| [ t.title, t.id ]} %>
</span>
<% if current_user.is_admin? || current_user.is_manager?(module_app) %>
<button class="btn" data-toggle="modal" data-target="#categoryModal">
<i class='icon-plus'></i> <%= t(:new_category) %>
</button>
<% end %>
<div class="modal fade" id="categoryModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog">

4
app/views/layouts/_side_bar_content.html.erb
View File

@ -2,7 +2,7 @@
<div class="scroller">
<ul class="sidebar-nav">
<% OrbitApp::Module::SideBarRegistration.all.sort{|x,y| x.get_module_app_key <=> y.get_module_app_key}.each do |t| %>
<%= t.render_head(request, params, current_user, @module_app) %>
<%= t.render_head(request, params, current_user, @module_app, t.get_availability) %>
<% end %>
</ul>
</div>
@ -11,6 +11,6 @@
<div class="sub-nav-block-list">
<% OrbitApp::Module::SideBarRegistration.all.sort{|x,y| x.get_module_app_key <=> y.get_module_app_key}.each do |t| %>
<%= t.render(request, params, current_user, @module_app) %>
<%= t.render(request, params, current_user, @module_app, t.get_availability) %>
<% end %>
</div>

6
config/initializers/authorization.rb
View File

@ -5,8 +5,8 @@
side_bar do
head_label_i18n 'authorization', icon_class: "icons-lock-open"
available_for [:admin, :manager]
active_for_controllers ({public: ['admin/authorizations']})
available_for "managers"
active_for_controllers (['admin/authorizations'])
head_link_path "admin_authorizations_path"
@ -14,6 +14,6 @@
link_path: "admin_authorizations_path",
priority: 1,
active_for_action: {authorizations: :index},
available_for: [:admin, :manager]
available_for: "managers"
end
end

19
lib/orbit_app/helper/context_link_renderer.rb
View File

@ -1,13 +1,30 @@
module ContextLinkRenderer
include Renderer
def render(request,params,current_module_app,current_user,belong_module_app,active_actions)
def render(request,params,current_module_app,current_user,belong_module_app,active_actions,available_for)
@current_module_app = current_module_app
@belong_module_app = belong_module_app
@request = request
@params = params
@current_user = current_user
@available_for = available_for
if can_display?
content_tag :li, link_to(content_tag(:span, I18n.t(@label_i18n)), Rails.application.routes.url_helpers.send(@path, eval(@arg))), :class => ( active_actions[controller] == action ? 'active' : nil)
end
end
def can_display?
status = "users"
if @current_user.is_admin?
status = "admin"
elsif @current_user.is_manager?(@belong_module_app)
status = "managers"
elsif @current_user.is_sub_manager?(@belong_module_app)
status = "sub_managers"
elsif @current_user.is_normal_user?
status = "users"
end
return @available_for.include?status
end
end

27
lib/orbit_app/helper/side_bar_renderer.rb
View File

@ -3,30 +3,32 @@ module SideBarRenderer
include AdminHelper
include ActionView::Helpers::TextHelper
def render(request,params,user,current_module_app)
def render(request,params,user,current_module_app, af)
@belong_module_app = get_module_app
@current_module_app = current_module_app
@request = request
@params = params
@current_user = user
@app_available_for = af
if display?
content_tag :div, class: "sub-nav-block #{@icon_class}" do
concat content_tag :h4, I18n.t(@head_label)
concat (content_tag :ul, class: "nav nav-list" do
@context_links.sort_by {| obj | obj.priority}.map{ |link|
link.render(request, params, @current_module_app, @current_user, @belong_module_app, link.get_active_action)
link.render(request, params, @current_module_app, @current_user, @belong_module_app, link.get_active_action, link.available_for)
}.join.html_safe
end)
end
end
end
def render_head(request, params, user,current_module_app)
def render_head(request, params, user,current_module_app, available_for)
@belong_module_app = get_module_app
@current_module_app = current_module_app
@request = request
@params = params
@current_user = user
@app_available_for = available_for
if display?
content_tag :li, class: (module_sidebar_active? ? 'active' : nil) do
link_to Rails.application.routes.url_helpers.send(@head_link) do
@ -41,15 +43,17 @@ module SideBarRenderer
protected
def display? #控制sidebar 要不要算圖
if is_manager? || is_admin? #如果是系統管理員 或 是模組管理員
true
elsif (@current_module_app.open rescue true) # 如果app 被設定成 開放
true
elsif is_member? #如果app 是封閉 那至少需要是 member
true
else
false
status = "users"
if @current_user.is_admin?
status = "admin"
elsif @current_user.is_manager?(@belong_module_app)
status = "managers"
elsif @current_user.is_sub_manager?(@belong_module_app)
status = "sub_managers"
elsif @current_user.is_normal_user?
status = "users"
end
return @app_available_for.include?status
end
def module_sidebar_active?
@ -59,5 +63,4 @@ module SideBarRenderer
def active_for_controller?
@active_for_controllers.include? controller
end
end

74
lib/orbit_app/module/side_bar.rb
View File

@ -87,7 +87,32 @@ module OrbitApp
end
def available_for(var)
@available_for = var
@available_for = set_avaibility(var || "admin")
end
def get_availability
@available_for
end
def set_avaibility(af)
temp = []
case af
when 'users'
temp << 'users'
temp << 'sub_managers'
temp << 'managers'
temp << 'admin'
when 'sub_managers'
temp << 'sub_managers'
temp << 'managers'
temp << 'admin'
when 'managers'
temp << 'managers'
temp << 'admin'
when 'admin'
temp << 'admin'
end
temp
end
def active_for_controllers(var)
@ -112,7 +137,7 @@ module OrbitApp
context_link 'module_authorization',
:link_path => "admin_authorizations_path(get_module_app.key)",
:priority => current_priority + 2,
:available_for => [:manager]
:available_for => "managers"
end
@context_links.each do |t|
# t.set_module_app = @module_app
@ -143,35 +168,42 @@ module OrbitApp
@priority = options[:priority] || 0
@path = options[:link_path] || ""
@arg = options[:link_arg] || ""
set_available_for_avoiding_sensitive_links(options[:available_for] )
@available_for = set_avaibility(options[:available_for] || "admin")
@active_for_action = options[:active_for_action] || []
@active_for_app_auth = options[:active_for_app_auth] || []
@module_app_key = options[:module_app_key]
@get_module_app = options[:get_module_app]
end
def set_available_for_avoiding_sensitive_links(available_for)
sensitive_list = {}
sensitive_list[:module_app] =/.*manager_auth_proc.*/
sensitive_list[:object_auth] = /.*object_auth.*/
sensitive_list.each do |index,regx|
if @path.match(regx)
@available_for = case index
when :module_app
[:admin]
when :object_auth
[:manager,:admin]
end #of case
end #of if
end #of each
@available_for = available_for if @available_for.nil?
end #of def
def get_module_app
@get_module_app.call
end
def available_for
@available_for
end
def set_avaibility(af)
temp = []
case af
when 'users'
temp << 'users'
temp << 'sub_managers'
temp << 'managers'
temp << 'admin'
when 'sub_managers'
temp << 'sub_managers'
temp << 'managers'
temp << 'admin'
when 'managers'
temp << 'managers'
temp << 'admin'
when 'admin'
temp << 'admin'
end
temp
end
def active?
for_action = @active_for_action.blank? ? false : active_for_action?
for_app_auth = @active_for_app_auth.blank? ? false : active_for_app_auth?

120
lib/orbit_core_lib.rb
View File

@ -116,30 +116,6 @@ module OrbitCoreLib
end
end
module PermissionUtility
private
def check_permission(type = :use)
permission_grant = current_user.is_admin?? true : false
module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app
unless permission_grant
permission_grant = case type
when :use
users_ary = @module_authorized_users rescue nil
users_ary = [] if users_ary.nil?
(users_ary.include?(current_user) || current_user.is_manager?(@module_app) || current_user.is_sub_manager?(@module_app))
when :manager
current_user.is_manager?(@module_app)
when :sub_manager
current_user.is_manager?(@module_app) || current_user.is_sub_manager?(@module_app)
end
end
permission_grant
end
def find_module_app_by_token(token)
ModuleApp.first(conditions: {s_token: token})
end
end
module Authorize
def self.included(base)
base.class_eval do
@ -151,66 +127,48 @@ module OrbitCoreLib
module InstanceMethods
protected
def can_use
setup_vars
unless @no_authorization
if @workgroup
@open = false
@visitor = false
@workgroup.each do |workgroup|
case workgroup
when :admin
@open ||= check_admin
when :manager
@open ||= check_manager
when :sub_manager
@open ||= check_sub_manager
when :user
@open ||= true
end
end
authenticate_user if current_user.nil
redirect_to root_url unless @open
else
authenticate_user
check_user_can_use
end
end
end
def check_admin
current_user.is_admin?
end
def check_manager
check_admin || current_user.is_manager?(@module_app)
end
def check_sub_manager
check_admin || check_manager || current_user.is_sub_manager?(@module_app)
end
def open_for(var)
@user_type ||= []
@user_type << var
end
def no_authorization
@no_authorization = true
end
def check_user_can_use
condition_check = ((current_user.is_admin? if current_user.present?) || (current_user.is_manager?(@module_app) if current_user.present?) || (current_user.is_sub_manager?(@module_app) if current_user.present?) || (current_user.is_manager_with_role?(@module_app) if current_user.present?))
if condition_check.eql?(true)
# redirect_to admin_dashboards_url
elsif condition_check.eql?(false)
render "public/404" , layout: "back_end"
end
end
def setup_vars
@app_title ||= controller_path.split('/')[1].singularize rescue nil
@module_app ||= ModuleApp.find_by(key: @app_title) rescue nil
@module_authorized_users ||= Authorization.module_authorized_users(@module_app.id).pluck(:user_id) rescue nil
authenticate_user
check_user_can_use
end
def check_user_can_use
# condition_check = ((current_user.is_admin? if current_user.present?) || (current_user.is_manager?(@module_app) if current_user.present?) || (current_user.is_sub_manager?(@module_app) if current_user.present?) || (current_user.is_manager_with_role?(@module_app) if current_user.present?))
# if condition_check.eql?(true)
# # redirect_to admin_dashboards_url
# elsif condition_check.eql?(false)
# render "public/401" , layout: "back_end"
# end
permissions = {}
@module_app.get_registration.get_side_bar.get_context_links.each do |link|
l = (Rails.application.routes.url_helpers.send(link.path) rescue Rails.application.routes.url_helpers.send(link.path, {:module_app_id => @module_app.id}))
if l == request.path
permissions["link"] = l
permissions["available_for"] = link.available_for
break
end
end
if !permissions.empty?
if !allow?(permissions["available_for"] || ["admin"])
render "public/401" , layout: "back_end"
end
end
end
def allow?(af)
status = "users"
if current_user.is_admin?
status = "admin"
elsif current_user.is_manager?(@module_app)
status = "managers"
elsif current_user.is_sub_manager?(@module_app)
status = "sub_managers"
elsif current_user.is_normal_user?
status = "users"
end
return af.include?status
end
end
end

28
public/401.html Normal file
View File

@ -0,0 +1,28 @@
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<title></title>
<link rel="stylesheet" type="text/css" href="stylesheets/error-pages.css" media="all"/>
</head>
<body>
<style type="text/css">
body {
margin: 0;
padding: 40px 0 0 0;
background-color: #F3F3F3;
}
</style>
<!-- Error Pages Start Here -->
<div id="error-page">
<div class="card">
<div class="figure code-401"></div>
<div class="message">
<h1>Unauthorized</h1>
<p>You dont have privileges to access this page.</p>
</div>
</div>
</div>
<!-- Error Pages End Here -->
</body>
</html>