From 49900e951382965c30ecc0d62b4c6fda2a700cb8 Mon Sep 17 00:00:00 2001
From: Harry Bomrah <harry@rulingcom.com>
Date: Thu, 31 Jul 2014 20:42:53 +0800
Subject: [PATCH] member authorizations done... plus layout thing fixed

---
 app/controllers/admin/members_controller.rb   | 42 ++++++++++++-------
 app/controllers/orbit_member_controller.rb    | 21 ++++++++--
 app/helpers/orbit_backend_helper.rb           |  3 ++
 app/views/admin/member_infos/edit.html.erb    |  4 --
 app/views/admin/member_infos/index.html.erb   |  4 --
 app/views/admin/members/_side_bar.html.erb    | 20 +++++----
 app/views/admin/members/edit.html.erb         |  4 --
 app/views/admin/members/edit_order.html.erb   |  3 --
 app/views/admin/members/edit_passwd.html.erb  |  4 --
 .../admin/members/edit_privilege.html.erb     |  4 --
 app/views/admin/members/index.html.erb        |  4 --
 .../admin/members/index_summary.html.erb      |  4 --
 .../admin/members/index_thumbnail.html.erb    |  6 ---
 app/views/admin/members/new.html.erb          |  4 --
 .../admin/members/setting_account.html.erb    |  4 --
 app/views/admin/members/show.html.erb         | 10 ++---
 .../admin/members/unapproved_members.html.erb |  3 --
 .../admin/personal_plugins/index.html.erb     |  4 --
 app/views/admin/role_statuses/index.html.erb  |  4 --
 app/views/admin/roles/index.html.erb          |  4 --
 app/views/admin/roles/role_field.html.erb     |  4 --
 app/views/layouts/member.html.erb             |  8 +---
 config/initializers/authorization.rb          |  4 +-
 lib/orbit_core_lib.rb                         |  8 +++-
 public/401.html                               | 12 +-----
 25 files changed, 72 insertions(+), 120 deletions(-)

diff --git a/app/controllers/admin/members_controller.rb b/app/controllers/admin/members_controller.rb
index 11fdc2a..13eac42 100644
--- a/app/controllers/admin/members_controller.rb
+++ b/app/controllers/admin/members_controller.rb
@@ -92,19 +92,27 @@ class Admin::MembersController < OrbitMemberController
   end
 
   def new
-    @member = MemberProfile.new
-    get_info_and_roles
-    @user = User.new
-    @form_index = 0
+    if has_access?
+      @member = MemberProfile.new
+      get_info_and_roles
+      @user = User.new
+      @form_index = 0
+    else
+      render_401
+    end
   end
 
   def edit
-    @form_index = 0
-    get_info_and_roles
-    if @member.user.present?
-      @user = @member.user
+    if has_access?
+      @form_index = 0
+      get_info_and_roles
+      if @member.user.present?
+        @user = @member.user
+      else
+        @user = User.new(member_profile_id: @member.id)
+      end
     else
-      @user = User.new(member_profile_id: @member.id)
+      render_401
     end
   end
 
@@ -218,17 +226,19 @@ class Admin::MembersController < OrbitMemberController
   end
 
   def edit_passwd
-    @user = @member.user
-    unless current_user.id == @user.id or current_user.is_admin?
-      redirect_to :action => :index
+    if has_access?
+      @user = @member.user
+    else
+      render_401
     end
   end
 
   def edit_privilege
-    @user = @member.user
-    @workgroup = Workgroup.find_by(key: 'admin')
-    if current_user.id == @user.id
-      redirect_to :action => :index
+    if has_access?
+      @user = @member.user
+      @workgroup = Workgroup.find_by(key: 'admin')
+    else
+      render_401
     end
   end
 
diff --git a/app/controllers/orbit_member_controller.rb b/app/controllers/orbit_member_controller.rb
index a536d3b..986e7a4 100644
--- a/app/controllers/orbit_member_controller.rb
+++ b/app/controllers/orbit_member_controller.rb
@@ -1,13 +1,26 @@
 class OrbitMemberController < ApplicationController
   include OrbitBackendHelper
 
-  before_action :authenticate_user, :check_admin
+  before_action :authenticate_user, :check_aceess_rights, :set_module_app
   layout "member"
 
-  def check_admin
+  def check_aceess_rights
+  	@user_has_privileges = false
   	if current_user.is_admin?
+  		@user_has_privileges = true
   	else
-  		render "public/404"
-  	end
+  		visited_user = MemberProfile.find_by(:uid => params[:id].split("-").last).user.id rescue nil
+  		visited_user = MemberProfile.find_by(:uid => params[:uid]).user.id if visited_user.nil? rescue nil
+  		visited_user = MemberProfile.find(params[:member_profile_id]).user.id if visited_user.nil? rescue nil
+	  	if current_user.id == visited_user
+	  		@user_has_privileges = true
+	  	else
+	  		@user_has_privileges = false
+	  	end
+	 end
+  end
+
+  def set_module_app
+  	@module_app = ModuleApp.find_by_key("member")
   end
 end
diff --git a/app/helpers/orbit_backend_helper.rb b/app/helpers/orbit_backend_helper.rb
index 4768501..2cd225d 100644
--- a/app/helpers/orbit_backend_helper.rb
+++ b/app/helpers/orbit_backend_helper.rb
@@ -137,6 +137,9 @@ module OrbitBackendHelper
     end
   end
 
+  def has_access? #@user_has_privileges comes from orbit_member_controller.. used just in members
+    @user_has_privileges
+  end
 
   def render_401
     render "public/401"
diff --git a/app/views/admin/member_infos/edit.html.erb b/app/views/admin/member_infos/edit.html.erb
index 0ea5976..a7112b7 100644
--- a/app/views/admin/member_infos/edit.html.erb
+++ b/app/views/admin/member_infos/edit.html.erb
@@ -1,7 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <% content_for :page_specific_css do -%>
     <%= stylesheet_link_tag "lib/wrap-nav.css" %>
     <%= stylesheet_link_tag "lib/pageslide.css" %>
diff --git a/app/views/admin/member_infos/index.html.erb b/app/views/admin/member_infos/index.html.erb
index f12d476..b08bf2c 100644
--- a/app/views/admin/member_infos/index.html.erb
+++ b/app/views/admin/member_infos/index.html.erb
@@ -1,7 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <div class="bottomnav clearfix">
   <div class="action pull-right">
     <%= link_to content_tag(:i,t("new.attribute"),:class=>"icon-plus"),eval("new_admin_member_info_path"),:class=>"btn btn-primary open-slide"%>
diff --git a/app/views/admin/members/_side_bar.html.erb b/app/views/admin/members/_side_bar.html.erb
index c166443..e03ed7f 100644
--- a/app/views/admin/members/_side_bar.html.erb
+++ b/app/views/admin/members/_side_bar.html.erb
@@ -9,15 +9,17 @@
         <%= content_tag :li, :class => active_for_controllers('members','roles','member_infos') do -%>
           <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-user'))), admin_members_path) %>
         <% end -%>
-        <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
-          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-graduation'))),admin_personal_plugins_path) %>
-        <% end -%>
-        <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
-          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-pie'))), '#') %>
-        <% end -%>
-        <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
-          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-layout'))), '#') %>
-        <% end -%>
+        <% if (current_user.is_admin? rescue false) %>
+          <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
+            <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-graduation'))),admin_personal_plugins_path) %>
+          <% end -%>
+          <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
+            <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-pie'))), '#') %>
+          <% end -%>
+          <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
+            <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-layout'))), '#') %>
+          <% end -%>
+          <% end -%>
       <% end -%>
     </div>
     <div class="sub-nav-arrow"></div>
diff --git a/app/views/admin/members/edit.html.erb b/app/views/admin/members/edit.html.erb
index e89a371..5dc3ec9 100644
--- a/app/views/admin/members/edit.html.erb
+++ b/app/views/admin/members/edit.html.erb
@@ -1,7 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <% content_for :page_specific_css do -%>
     <%= stylesheet_link_tag "lib/wrap-nav.css" %>
     <%= stylesheet_link_tag "lib/pageslide.css" %>
diff --git a/app/views/admin/members/edit_order.html.erb b/app/views/admin/members/edit_order.html.erb
index beb595f..bb83d14 100644
--- a/app/views/admin/members/edit_order.html.erb
+++ b/app/views/admin/members/edit_order.html.erb
@@ -1,6 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
 <% content_for :page_specific_css do %>
   <%= stylesheet_link_tag "lib/member" %>
   <%= stylesheet_link_tag "lib/checkbox-card" %>
diff --git a/app/views/admin/members/edit_passwd.html.erb b/app/views/admin/members/edit_passwd.html.erb
index 5fcdadd..d5631ec 100644
--- a/app/views/admin/members/edit_passwd.html.erb
+++ b/app/views/admin/members/edit_passwd.html.erb
@@ -1,7 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <% content_for :page_specific_css do -%>
     <%= stylesheet_link_tag "lib/wrap-nav.css" %>
     <%= stylesheet_link_tag "lib/pageslide.css" %>
diff --git a/app/views/admin/members/edit_privilege.html.erb b/app/views/admin/members/edit_privilege.html.erb
index 4177e29..cd5a102 100644
--- a/app/views/admin/members/edit_privilege.html.erb
+++ b/app/views/admin/members/edit_privilege.html.erb
@@ -1,7 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <% content_for :page_specific_css do -%>
     <%= stylesheet_link_tag "lib/wrap-nav.css" %>
     <%= stylesheet_link_tag "lib/pageslide.css" %>
diff --git a/app/views/admin/members/index.html.erb b/app/views/admin/members/index.html.erb
index 5f95bee..3d0a574 100644
--- a/app/views/admin/members/index.html.erb
+++ b/app/views/admin/members/index.html.erb
@@ -1,7 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <% content_for :right_nav do %>
   <div class="searchClear pull-left" style="clear: left;">
     <form action="" method="get">
diff --git a/app/views/admin/members/index_summary.html.erb b/app/views/admin/members/index_summary.html.erb
index 36d3092..b9337e4 100644
--- a/app/views/admin/members/index_summary.html.erb
+++ b/app/views/admin/members/index_summary.html.erb
@@ -1,7 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <%= render :partial => "js_and_css"%>
 
 
diff --git a/app/views/admin/members/index_thumbnail.html.erb b/app/views/admin/members/index_thumbnail.html.erb
index dd33ccb..6574336 100644
--- a/app/views/admin/members/index_thumbnail.html.erb
+++ b/app/views/admin/members/index_thumbnail.html.erb
@@ -1,10 +1,4 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <%= render :partial => "js_and_css"%>
-
-
 <% content_for :right_nav do %>
 
   <div class="searchClear pull-left" style="clear: left;">
diff --git a/app/views/admin/members/new.html.erb b/app/views/admin/members/new.html.erb
index c4394e5..bf99c8b 100644
--- a/app/views/admin/members/new.html.erb
+++ b/app/views/admin/members/new.html.erb
@@ -1,7 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <% content_for :page_specific_css do -%>
     <%= stylesheet_link_tag "lib/wrap-nav.css" %>
     <%= stylesheet_link_tag "lib/pageslide.css" %>
diff --git a/app/views/admin/members/setting_account.html.erb b/app/views/admin/members/setting_account.html.erb
index d985690..54ed1ec 100644
--- a/app/views/admin/members/setting_account.html.erb
+++ b/app/views/admin/members/setting_account.html.erb
@@ -1,7 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <% content_for :page_specific_css do -%>
     <%= stylesheet_link_tag "lib/wrap-nav.css" %>
     <%= stylesheet_link_tag "lib/pageslide.css" %>
diff --git a/app/views/admin/members/show.html.erb b/app/views/admin/members/show.html.erb
index 13a7e67..4b27e3b 100644
--- a/app/views/admin/members/show.html.erb
+++ b/app/views/admin/members/show.html.erb
@@ -1,7 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <%= render :partial => "js_and_css"%>
 
 <% content_for :page_specific_javascript do -%>
@@ -19,9 +15,9 @@
               <h4><%= @member.name%></h4>
               <small class="muted"><%= @member.email %></small>
               <div class="btn-group">
-                  <%= link_to("<i class='icon-edit'></i> #{t(:edit)}".html_safe,edit_admin_member_path(@member),:class=>"btn btn-mini" ) if current_user.is_admin?%>
-                  <%= link_to("<i class='icons-cycle'></i> #{t("users.change_passwd")}".html_safe,admin_member_edit_passwd_path(@member),:class=>"btn btn-mini" ) if current_user.is_admin? and current_user.id != @member.user.id rescue nil %>
-                  <%= link_to("<i class='icons-lock-open'></i> #{t("users.setting_privilege")}".html_safe,admin_member_edit_privilege_path(@member),:class=>"btn btn-mini" ) if current_user.is_admin? and current_user.id != @member.user.id rescue nil%>
+                  <%= link_to("<i class='icon-edit'></i> #{t(:edit)}".html_safe,edit_admin_member_path(@member),:class=>"btn btn-mini" ) if has_access? %>
+                  <%= link_to("<i class='icons-cycle'></i> #{t("users.change_passwd")}".html_safe,admin_member_edit_passwd_path(@member),:class=>"btn btn-mini" ) if has_access?  %>
+                  <%= link_to("<i class='icons-lock-open'></i> #{t("users.setting_privilege")}".html_safe,admin_member_edit_privilege_path(@member),:class=>"btn btn-mini" ) if has_access? %>
               </div>
             </div>
 
diff --git a/app/views/admin/members/unapproved_members.html.erb b/app/views/admin/members/unapproved_members.html.erb
index 273de6c..9d47b24 100644
--- a/app/views/admin/members/unapproved_members.html.erb
+++ b/app/views/admin/members/unapproved_members.html.erb
@@ -1,6 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
 <% content_for :right_nav do %>
 
   <div class="searchClear pull-left" style="clear: left;">
diff --git a/app/views/admin/personal_plugins/index.html.erb b/app/views/admin/personal_plugins/index.html.erb
index 4d64515..b0608f8 100644
--- a/app/views/admin/personal_plugins/index.html.erb
+++ b/app/views/admin/personal_plugins/index.html.erb
@@ -1,7 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <div id="isotope" class="user-data">
 	<%= render :partial => 'plugin_list' %>
 </div>
\ No newline at end of file
diff --git a/app/views/admin/role_statuses/index.html.erb b/app/views/admin/role_statuses/index.html.erb
index b7ed513..0367e71 100644
--- a/app/views/admin/role_statuses/index.html.erb
+++ b/app/views/admin/role_statuses/index.html.erb
@@ -1,7 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <% content_for :page_specific_css do -%>
     <%= stylesheet_link_tag "lib/wrap-nav.css" %>
     <%= stylesheet_link_tag "lib/pageslide.css" %>
diff --git a/app/views/admin/roles/index.html.erb b/app/views/admin/roles/index.html.erb
index ee2dbb7..18c16c5 100644
--- a/app/views/admin/roles/index.html.erb
+++ b/app/views/admin/roles/index.html.erb
@@ -1,7 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <% content_for :page_specific_css do -%>
     <%= stylesheet_link_tag "lib/wrap-nav.css" %>
     <%= stylesheet_link_tag "lib/pageslide.css" %>
diff --git a/app/views/admin/roles/role_field.html.erb b/app/views/admin/roles/role_field.html.erb
index d012ac6..0e82dc8 100644
--- a/app/views/admin/roles/role_field.html.erb
+++ b/app/views/admin/roles/role_field.html.erb
@@ -1,7 +1,3 @@
-<% content_for :side_bar do %>
-  <%= render :partial => 'admin/members/side_bar' %>
-<% end %>
-
 <% content_for :page_specific_css do -%>
     <%= stylesheet_link_tag "lib/wrap-nav.css" %>
     <%= stylesheet_link_tag "lib/pageslide.css" %>
diff --git a/app/views/layouts/member.html.erb b/app/views/layouts/member.html.erb
index 290cfa5..36097d4 100644
--- a/app/views/layouts/member.html.erb
+++ b/app/views/layouts/member.html.erb
@@ -12,12 +12,8 @@
 	<%= csrf_meta_tag %>
 </head>
 <body id="users">
-   <%= render_orbit_bar  unless @no_orbit_bar %>
-  <% if !(yield :side_bar).blank? %>
-    <%= yield :side_bar %>
-  <% else %>
-    <%= render 'layouts/side_bar' %>
-  <% end unless @no_side_bar %>
+  <%= render_orbit_bar  unless @no_orbit_bar %>
+  <%= render :partial => 'admin/members/side_bar' unless @no_side_bar %>
 	<section id="main-wrap">
     <div class="wrap-inner">
       <div id="filter" class="topnav clearfix">
diff --git a/config/initializers/authorization.rb b/config/initializers/authorization.rb
index bea5e80..4521d72 100644
--- a/config/initializers/authorization.rb
+++ b/config/initializers/authorization.rb
@@ -5,7 +5,7 @@
     
     side_bar do
       head_label_i18n 'authorization', icon_class: "icons-lock-open"
-      available_for "managers"
+      available_for "admin"
       active_for_controllers (['admin/authorizations'])
 
       head_link_path "admin_authorizations_path"
@@ -14,6 +14,6 @@
         link_path: "admin_authorizations_path",
         priority: 1,
         active_for_action: {authorizations: :index},
-        available_for: "managers"
+        available_for: "admin"
     end
   end
diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb
index f8b61f6..40237b7 100644
--- a/lib/orbit_core_lib.rb
+++ b/lib/orbit_core_lib.rb
@@ -73,7 +73,13 @@ module  OrbitCoreLib
         end
         @module_authorized_users ||= Authorization.module_authorized_users(@module_app.id).pluck(:user_id) rescue nil
         authenticate_user
-        check_user_can_use
+        if !@module_app.nil?
+          check_user_can_use
+        else
+          if !current_user.is_admin?
+            render "public/401"
+          end
+        end
       end
 
       def check_user_can_use
diff --git a/public/401.html b/public/401.html
index 39bd611..af61e0d 100644
--- a/public/401.html
+++ b/public/401.html
@@ -1,11 +1,3 @@
-<!DOCTYPE HTML>
-<html lang="en-US">
-<head>
-  <meta charset="UTF-8">
-  <title></title>
-  <link rel="stylesheet" type="text/css" href="stylesheets/error-pages.css" media="all"/>
-</head>
-<body>
   <style type="text/css">
   body {
     margin: 0;
@@ -23,6 +15,4 @@
       </div>
     </div>
   </div>
-  <!-- Error Pages End Here -->
-</body>
-</html>
\ No newline at end of file
+  <!-- Error Pages End Here -->
\ No newline at end of file