alex
/
orbit4-5
forked from saurabh/orbit4-5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

member authorizations done... plus layout thing fixed

This commit is contained in:
Harry Bomrah 2014-07-31 20:42:53 +08:00
parent 879c84fd16
commit 49900e9513
25 changed files with 72 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
app/controllers/admin/members_controller.rb
View File

@ -92,19 +92,27 @@ class Admin::MembersController < OrbitMemberController
end
def new
@member = MemberProfile.new
get_info_and_roles
@user = User.new
@form_index = 0
if has_access?
@member = MemberProfile.new
get_info_and_roles
@user = User.new
@form_index = 0
else
render_401
end
end
def edit
@form_index = 0
get_info_and_roles
if @member.user.present?
@user = @member.user
if has_access?
@form_index = 0
get_info_and_roles
if @member.user.present?
@user = @member.user
else
@user = User.new(member_profile_id: @member.id)
end
else
@user = User.new(member_profile_id: @member.id)
render_401
end
end
@ -218,17 +226,19 @@ class Admin::MembersController < OrbitMemberController
end
def edit_passwd
@user = @member.user
unless current_user.id == @user.id or current_user.is_admin?
redirect_to :action => :index
if has_access?
@user = @member.user
else
render_401
end
end
def edit_privilege
@user = @member.user
@workgroup = Workgroup.find_by(key: 'admin')
if current_user.id == @user.id
redirect_to :action => :index
if has_access?
@user = @member.user
@workgroup = Workgroup.find_by(key: 'admin')
else
render_401
end
end

21
app/controllers/orbit_member_controller.rb
View File

@ -1,13 +1,26 @@
class OrbitMemberController < ApplicationController
include OrbitBackendHelper
before_action :authenticate_user, :check_admin
before_action :authenticate_user, :check_aceess_rights, :set_module_app
layout "member"
def check_admin
def check_aceess_rights
@user_has_privileges = false
if current_user.is_admin?
@user_has_privileges = true
else
render "public/404"
end
visited_user = MemberProfile.find_by(:uid => params[:id].split("-").last).user.id rescue nil
visited_user = MemberProfile.find_by(:uid => params[:uid]).user.id if visited_user.nil? rescue nil
visited_user = MemberProfile.find(params[:member_profile_id]).user.id if visited_user.nil? rescue nil
if current_user.id == visited_user
@user_has_privileges = true
else
@user_has_privileges = false
end
end
end
def set_module_app
@module_app = ModuleApp.find_by_key("member")
end
end

3
app/helpers/orbit_backend_helper.rb
View File

@ -137,6 +137,9 @@ module OrbitBackendHelper
end
end
def has_access? #@user_has_privileges comes from orbit_member_controller.. used just in members
@user_has_privileges
end
def render_401
render "public/401"

4
app/views/admin/member_infos/edit.html.erb
View File

@ -1,7 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<% content_for :page_specific_css do -%>
<%= stylesheet_link_tag "lib/wrap-nav.css" %>
<%= stylesheet_link_tag "lib/pageslide.css" %>

4
app/views/admin/member_infos/index.html.erb
View File

@ -1,7 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<div class="bottomnav clearfix">
<div class="action pull-right">
<%= link_to content_tag(:i,t("new.attribute"),:class=>"icon-plus"),eval("new_admin_member_info_path"),:class=>"btn btn-primary open-slide"%>

20
app/views/admin/members/_side_bar.html.erb
View File

@ -9,15 +9,17 @@
<%= content_tag :li, :class => active_for_controllers('members','roles','member_infos') do -%>
<%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-user'))), admin_members_path) %>
<% end -%>
<%= content_tag :li, :class => active_for_controllers('plugins') do -%>
<%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-graduation'))),admin_personal_plugins_path) %>
<% end -%>
<%= content_tag :li, :class => active_for_controllers('plugins') do -%>
<%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-pie'))), '#') %>
<% end -%>
<%= content_tag :li, :class => active_for_controllers('plugins') do -%>
<%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-layout'))), '#') %>
<% end -%>
<% if (current_user.is_admin? rescue false) %>
<%= content_tag :li, :class => active_for_controllers('plugins') do -%>
<%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-graduation'))),admin_personal_plugins_path) %>
<% end -%>
<%= content_tag :li, :class => active_for_controllers('plugins') do -%>
<%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-pie'))), '#') %>
<% end -%>
<%= content_tag :li, :class => active_for_controllers('plugins') do -%>
<%= link_to( ( content_tag(:span, content_tag(:i, nil, :class => 'icons-layout'))), '#') %>
<% end -%>
<% end -%>
<% end -%>
</div>
<div class="sub-nav-arrow"></div>

4
app/views/admin/members/edit.html.erb
View File

@ -1,7 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<% content_for :page_specific_css do -%>
<%= stylesheet_link_tag "lib/wrap-nav.css" %>
<%= stylesheet_link_tag "lib/pageslide.css" %>

3
app/views/admin/members/edit_order.html.erb
View File

@ -1,6 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<% content_for :page_specific_css do %>
<%= stylesheet_link_tag "lib/member" %>
<%= stylesheet_link_tag "lib/checkbox-card" %>

4
app/views/admin/members/edit_passwd.html.erb
View File

@ -1,7 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<% content_for :page_specific_css do -%>
<%= stylesheet_link_tag "lib/wrap-nav.css" %>
<%= stylesheet_link_tag "lib/pageslide.css" %>

4
app/views/admin/members/edit_privilege.html.erb
View File

@ -1,7 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<% content_for :page_specific_css do -%>
<%= stylesheet_link_tag "lib/wrap-nav.css" %>
<%= stylesheet_link_tag "lib/pageslide.css" %>

4
app/views/admin/members/index.html.erb
View File

@ -1,7 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<% content_for :right_nav do %>
<div class="searchClear pull-left" style="clear: left;">
<form action="" method="get">

4
app/views/admin/members/index_summary.html.erb
View File

@ -1,7 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<%= render :partial => "js_and_css"%>

6
app/views/admin/members/index_thumbnail.html.erb
View File

@ -1,10 +1,4 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<%= render :partial => "js_and_css"%>
<% content_for :right_nav do %>
<div class="searchClear pull-left" style="clear: left;">

4
app/views/admin/members/new.html.erb
View File

@ -1,7 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<% content_for :page_specific_css do -%>
<%= stylesheet_link_tag "lib/wrap-nav.css" %>
<%= stylesheet_link_tag "lib/pageslide.css" %>

4
app/views/admin/members/setting_account.html.erb
View File

@ -1,7 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<% content_for :page_specific_css do -%>
<%= stylesheet_link_tag "lib/wrap-nav.css" %>
<%= stylesheet_link_tag "lib/pageslide.css" %>

10
app/views/admin/members/show.html.erb
View File

@ -1,7 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<%= render :partial => "js_and_css"%>
<% content_for :page_specific_javascript do -%>
@ -19,9 +15,9 @@
<h4><%= @member.name%></h4>
<small class="muted"><%= @member.email %></small>
<div class="btn-group">
<%= link_to("<i class='icon-edit'></i> #{t(:edit)}".html_safe,edit_admin_member_path(@member),:class=>"btn btn-mini" ) if current_user.is_admin?%>
<%= link_to("<i class='icons-cycle'></i> #{t("users.change_passwd")}".html_safe,admin_member_edit_passwd_path(@member),:class=>"btn btn-mini" ) if current_user.is_admin? and current_user.id != @member.user.id rescue nil %>
<%= link_to("<i class='icons-lock-open'></i> #{t("users.setting_privilege")}".html_safe,admin_member_edit_privilege_path(@member),:class=>"btn btn-mini" ) if current_user.is_admin? and current_user.id != @member.user.id rescue nil%>
<%= link_to("<i class='icon-edit'></i> #{t(:edit)}".html_safe,edit_admin_member_path(@member),:class=>"btn btn-mini" ) if has_access? %>
<%= link_to("<i class='icons-cycle'></i> #{t("users.change_passwd")}".html_safe,admin_member_edit_passwd_path(@member),:class=>"btn btn-mini" ) if has_access? %>
<%= link_to("<i class='icons-lock-open'></i> #{t("users.setting_privilege")}".html_safe,admin_member_edit_privilege_path(@member),:class=>"btn btn-mini" ) if has_access? %>
</div>
</div>

3
app/views/admin/members/unapproved_members.html.erb
View File

@ -1,6 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<% content_for :right_nav do %>
<div class="searchClear pull-left" style="clear: left;">

4
app/views/admin/personal_plugins/index.html.erb
View File

@ -1,7 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<div id="isotope" class="user-data">
<%= render :partial => 'plugin_list' %>
</div>

4
app/views/admin/role_statuses/index.html.erb
View File

@ -1,7 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<% content_for :page_specific_css do -%>
<%= stylesheet_link_tag "lib/wrap-nav.css" %>
<%= stylesheet_link_tag "lib/pageslide.css" %>

4
app/views/admin/roles/index.html.erb
View File

@ -1,7 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<% content_for :page_specific_css do -%>
<%= stylesheet_link_tag "lib/wrap-nav.css" %>
<%= stylesheet_link_tag "lib/pageslide.css" %>

4
app/views/admin/roles/role_field.html.erb
View File

@ -1,7 +1,3 @@
<% content_for :side_bar do %>
<%= render :partial => 'admin/members/side_bar' %>
<% end %>
<% content_for :page_specific_css do -%>
<%= stylesheet_link_tag "lib/wrap-nav.css" %>
<%= stylesheet_link_tag "lib/pageslide.css" %>

8
app/views/layouts/member.html.erb
View File

@ -12,12 +12,8 @@
<%= csrf_meta_tag %>
</head>
<body id="users">
<%= render_orbit_bar unless @no_orbit_bar %>
<% if !(yield :side_bar).blank? %>
<%= yield :side_bar %>
<% else %>
<%= render 'layouts/side_bar' %>
<% end unless @no_side_bar %>
<%= render_orbit_bar unless @no_orbit_bar %>
<%= render :partial => 'admin/members/side_bar' unless @no_side_bar %>
<section id="main-wrap">
<div class="wrap-inner">
<div id="filter" class="topnav clearfix">

4
config/initializers/authorization.rb
View File

@ -5,7 +5,7 @@
side_bar do
head_label_i18n 'authorization', icon_class: "icons-lock-open"
available_for "managers"
available_for "admin"
active_for_controllers (['admin/authorizations'])
head_link_path "admin_authorizations_path"
@ -14,6 +14,6 @@
link_path: "admin_authorizations_path",
priority: 1,
active_for_action: {authorizations: :index},
available_for: "managers"
available_for: "admin"
end
end

8
lib/orbit_core_lib.rb
View File

@ -73,7 +73,13 @@ module OrbitCoreLib
end
@module_authorized_users ||= Authorization.module_authorized_users(@module_app.id).pluck(:user_id) rescue nil
authenticate_user
check_user_can_use
if !@module_app.nil?
check_user_can_use
else
if !current_user.is_admin?
render "public/401"
end
end
end
def check_user_can_use

10
public/401.html
View File

@ -1,11 +1,3 @@
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<title></title>
<link rel="stylesheet" type="text/css" href="stylesheets/error-pages.css" media="all"/>
</head>
<body>
<style type="text/css">
body {
margin: 0;
@ -24,5 +16,3 @@
</div>
</div>
<!-- Error Pages End Here -->
</body>
</html>