member authorizations done... plus layout thing fixed

2014-07-31 20:42:53 +08:00 · 2014-07-31 20:42:53 +08:00 · 49900e9513
parent 879c84fd16
commit 49900e9513
25 changed files with 72 additions and 120 deletions
--- a/app/controllers/admin/members_controller.rb
+++ b/app/controllers/admin/members_controller.rb
@ -92,19 +92,27 @@ class Admin::MembersController < OrbitMemberController
  end
  def new
-    @member = MemberProfile.new
+    if has_access?
-    get_info_and_roles
+      @member = MemberProfile.new
-    @user = User.new
+      get_info_and_roles
-    @form_index = 0
+      @user = User.new
      @form_index = 0
    else
      render_401
    end
  end
  def edit
-    @form_index = 0
+    if has_access?
-    get_info_and_roles
+      @form_index = 0
-    if @member.user.present?
+      get_info_and_roles
-      @user = @member.user
+      if @member.user.present?
        @user = @member.user
      else
        @user = User.new(member_profile_id: @member.id)
      end
    else
-      @user = User.new(member_profile_id: @member.id)
+      render_401
    end
  end
@ -218,17 +226,19 @@ class Admin::MembersController < OrbitMemberController
  end
  def edit_passwd
-    @user = @member.user
+    if has_access?
-    unless current_user.id == @user.id or current_user.is_admin?
+      @user = @member.user
-      redirect_to :action => :index
+    else
      render_401
    end
  end
  def edit_privilege
-    @user = @member.user
+    if has_access?
-    @workgroup = Workgroup.find_by(key: 'admin')
+      @user = @member.user
-    if current_user.id == @user.id
+      @workgroup = Workgroup.find_by(key: 'admin')
-      redirect_to :action => :index
+    else
      render_401
    end
  end
--- a/app/controllers/orbit_member_controller.rb
+++ b/app/controllers/orbit_member_controller.rb
@ -1,13 +1,26 @@
 class OrbitMemberController < ApplicationController
  include OrbitBackendHelper
-  before_action :authenticate_user, :check_admin
+  before_action :authenticate_user, :check_aceess_rights, :set_module_app
  layout "member"
-  def check_admin
+  def check_aceess_rights
  	@user_has_privileges = false
  	if current_user.is_admin?
  		@user_has_privileges = true
  	else
-  		render "public/404"
+  		visited_user = MemberProfile.find_by(:uid => params[:id].split("-").last).user.id rescue nil
-  	end
+  		visited_user = MemberProfile.find_by(:uid => params[:uid]).user.id if visited_user.nil? rescue nil
  		visited_user = MemberProfile.find(params[:member_profile_id]).user.id if visited_user.nil? rescue nil
 	  	if current_user.id == visited_user
 	  		@user_has_privileges = true
 	  	else
 	  		@user_has_privileges = false
 	  	end
 	 end
  end
  def set_module_app
  	@module_app = ModuleApp.find_by_key("member")
  end
 end
--- a/app/helpers/orbit_backend_helper.rb
+++ b/app/helpers/orbit_backend_helper.rb
@ -137,6 +137,9 @@ module OrbitBackendHelper
    end
  end
  def has_access? #@user_has_privileges comes from orbit_member_controller.. used just in members
    @user_has_privileges
  end
  def render_401
    render "public/401"
--- a/app/views/admin/member_infos/edit.html.erb
+++ b/app/views/admin/member_infos/edit.html.erb
@ -1,7 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <% content_for :page_specific_css do -%>
    <%= stylesheet_link_tag "lib/wrap-nav.css" %>
    <%= stylesheet_link_tag "lib/pageslide.css" %>
--- a/app/views/admin/member_infos/index.html.erb
+++ b/app/views/admin/member_infos/index.html.erb
@ -1,7 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <div class="bottomnav clearfix">
  <div class="action pull-right">
    <%= link_to content_tag(:i,t("new.attribute"),:class=>"icon-plus"),eval("new_admin_member_info_path"),:class=>"btn btn-primary open-slide"%>
--- a/app/views/admin/members/_side_bar.html.erb
+++ b/app/views/admin/members/_side_bar.html.erb
@ -9,15 +9,17 @@
        <%= content_tag :li, :class => active_for_controllers('members','roles','member_infos') do -%>
          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-user'))), admin_members_path) %>
        <% end -%>
-        <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
+        <% if (current_user.is_admin? rescue false) %>
-          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-graduation'))),admin_personal_plugins_path) %>
+          <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
-        <% end -%>
+            <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-graduation'))),admin_personal_plugins_path) %>
-        <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
+          <% end -%>
-          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-pie'))), '#') %>
+          <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
-        <% end -%>
+            <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-pie'))), '#') %>
-        <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
+          <% end -%>
-          <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-layout'))), '#') %>
+          <%= content_tag :li, :class => active_for_controllers('plugins') do -%>
-        <% end -%>
+            <%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-layout'))), '#') %>
          <% end -%>
          <% end -%>
      <% end -%>
    </div>
    <div class="sub-nav-arrow"></div>
--- a/app/views/admin/members/edit.html.erb
+++ b/app/views/admin/members/edit.html.erb
@ -1,7 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <% content_for :page_specific_css do -%>
    <%= stylesheet_link_tag "lib/wrap-nav.css" %>
    <%= stylesheet_link_tag "lib/pageslide.css" %>
--- a/app/views/admin/members/edit_order.html.erb
+++ b/app/views/admin/members/edit_order.html.erb
@ -1,6 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <% content_for :page_specific_css do %>
  <%= stylesheet_link_tag "lib/member" %>
  <%= stylesheet_link_tag "lib/checkbox-card" %>
--- a/app/views/admin/members/edit_passwd.html.erb
+++ b/app/views/admin/members/edit_passwd.html.erb
@ -1,7 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <% content_for :page_specific_css do -%>
    <%= stylesheet_link_tag "lib/wrap-nav.css" %>
    <%= stylesheet_link_tag "lib/pageslide.css" %>
--- a/app/views/admin/members/edit_privilege.html.erb
+++ b/app/views/admin/members/edit_privilege.html.erb
@ -1,7 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <% content_for :page_specific_css do -%>
    <%= stylesheet_link_tag "lib/wrap-nav.css" %>
    <%= stylesheet_link_tag "lib/pageslide.css" %>
--- a/app/views/admin/members/index.html.erb
+++ b/app/views/admin/members/index.html.erb
@ -1,7 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <% content_for :right_nav do %>
  <div class="searchClear pull-left" style="clear: left;">
    <form action="" method="get">
--- a/app/views/admin/members/index_summary.html.erb
+++ b/app/views/admin/members/index_summary.html.erb
@ -1,7 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <%= render :partial => "js_and_css"%>
--- a/app/views/admin/members/index_thumbnail.html.erb
+++ b/app/views/admin/members/index_thumbnail.html.erb
@ -1,10 +1,4 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <%= render :partial => "js_and_css"%>
 <% content_for :right_nav do %>
  <div class="searchClear pull-left" style="clear: left;">
--- a/app/views/admin/members/new.html.erb
+++ b/app/views/admin/members/new.html.erb
@ -1,7 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <% content_for :page_specific_css do -%>
    <%= stylesheet_link_tag "lib/wrap-nav.css" %>
    <%= stylesheet_link_tag "lib/pageslide.css" %>
--- a/app/views/admin/members/setting_account.html.erb
+++ b/app/views/admin/members/setting_account.html.erb
@ -1,7 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <% content_for :page_specific_css do -%>
    <%= stylesheet_link_tag "lib/wrap-nav.css" %>
    <%= stylesheet_link_tag "lib/pageslide.css" %>
--- a/app/views/admin/members/show.html.erb
+++ b/app/views/admin/members/show.html.erb
@ -1,7 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <%= render :partial => "js_and_css"%>
 <% content_for :page_specific_javascript do -%>
@ -19,9 +15,9 @@
              <h4><%= @member.name%></h4>
              <small class="muted"><%= @member.email %></small>
              <div class="btn-group">
-                  <%= link_to("<i class='icon-edit'></i> #{t(:edit)}".html_safe,edit_admin_member_path(@member),:class=>"btn btn-mini" ) if current_user.is_admin?%>
+                  <%= link_to("<i class='icon-edit'></i> #{t(:edit)}".html_safe,edit_admin_member_path(@member),:class=>"btn btn-mini" ) if has_access? %>
-                  <%= link_to("<i class='icons-cycle'></i> #{t("users.change_passwd")}".html_safe,admin_member_edit_passwd_path(@member),:class=>"btn btn-mini" ) if current_user.is_admin? and current_user.id != @member.user.id rescue nil %>
+                  <%= link_to("<i class='icons-cycle'></i> #{t("users.change_passwd")}".html_safe,admin_member_edit_passwd_path(@member),:class=>"btn btn-mini" ) if has_access?  %>
-                  <%= link_to("<i class='icons-lock-open'></i> #{t("users.setting_privilege")}".html_safe,admin_member_edit_privilege_path(@member),:class=>"btn btn-mini" ) if current_user.is_admin? and current_user.id != @member.user.id rescue nil%>
+                  <%= link_to("<i class='icons-lock-open'></i> #{t("users.setting_privilege")}".html_safe,admin_member_edit_privilege_path(@member),:class=>"btn btn-mini" ) if has_access? %>
              </div>
            </div>
--- a/app/views/admin/members/unapproved_members.html.erb
+++ b/app/views/admin/members/unapproved_members.html.erb
@ -1,6 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <% content_for :right_nav do %>
  <div class="searchClear pull-left" style="clear: left;">
--- a/app/views/admin/personal_plugins/index.html.erb
+++ b/app/views/admin/personal_plugins/index.html.erb
@ -1,7 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <div id="isotope" class="user-data">
 	<%= render :partial => 'plugin_list' %>
 </div>
--- a/app/views/admin/role_statuses/index.html.erb
+++ b/app/views/admin/role_statuses/index.html.erb
@ -1,7 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <% content_for :page_specific_css do -%>
    <%= stylesheet_link_tag "lib/wrap-nav.css" %>
    <%= stylesheet_link_tag "lib/pageslide.css" %>
--- a/app/views/admin/roles/index.html.erb
+++ b/app/views/admin/roles/index.html.erb
@ -1,7 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <% content_for :page_specific_css do -%>
    <%= stylesheet_link_tag "lib/wrap-nav.css" %>
    <%= stylesheet_link_tag "lib/pageslide.css" %>
--- a/app/views/admin/roles/role_field.html.erb
+++ b/app/views/admin/roles/role_field.html.erb
@ -1,7 +1,3 @@
 <% content_for :side_bar do %>
  <%= render :partial => 'admin/members/side_bar' %>
 <% end %>
 <% content_for :page_specific_css do -%>
    <%= stylesheet_link_tag "lib/wrap-nav.css" %>
    <%= stylesheet_link_tag "lib/pageslide.css" %>
--- a/app/views/layouts/member.html.erb
+++ b/app/views/layouts/member.html.erb
@ -12,12 +12,8 @@
 	<%= csrf_meta_tag %>
 </head>
 <body id="users">
-   <%= render_orbit_bar  unless @no_orbit_bar %>
+  <%= render_orbit_bar  unless @no_orbit_bar %>
-  <% if !(yield :side_bar).blank? %>
+  <%= render :partial => 'admin/members/side_bar' unless @no_side_bar %>
    <%= yield :side_bar %>
  <% else %>
    <%= render 'layouts/side_bar' %>
  <% end unless @no_side_bar %>
 	<section id="main-wrap">
    <div class="wrap-inner">
      <div id="filter" class="topnav clearfix">
--- a/config/initializers/authorization.rb
+++ b/config/initializers/authorization.rb
@ -5,7 +5,7 @@
    side_bar do
      head_label_i18n 'authorization', icon_class: "icons-lock-open"
-      available_for "managers"
+      available_for "admin"
      active_for_controllers (['admin/authorizations'])
      head_link_path "admin_authorizations_path"
@ -14,6 +14,6 @@
        link_path: "admin_authorizations_path",
        priority: 1,
        active_for_action: {authorizations: :index},
-        available_for: "managers"
+        available_for: "admin"
    end
  end
--- a/lib/orbit_core_lib.rb
+++ b/lib/orbit_core_lib.rb
@ -73,7 +73,13 @@ module  OrbitCoreLib
        end
        @module_authorized_users ||= Authorization.module_authorized_users(@module_app.id).pluck(:user_id) rescue nil
        authenticate_user
-        check_user_can_use
+        if !@module_app.nil?
          check_user_can_use
        else
          if !current_user.is_admin?
            render "public/401"
          end
        end
      end
      def check_user_can_use
--- a/public/401.html
+++ b/public/401.html
@ -1,11 +1,3 @@
 <!DOCTYPE HTML>
 <html lang="en-US">
 <head>
  <meta charset="UTF-8">
  <title></title>
  <link rel="stylesheet" type="text/css" href="stylesheets/error-pages.css" media="all"/>
 </head>
 <body>
  <style type="text/css">
  body {
    margin: 0;
@ -24,5 +16,3 @@
    </div>
  </div>
  <!-- Error Pages End Here -->
 </body>
 </html>