authorization completed .. select all button for member select is left

2014-08-05 21:51:05 +08:00 · 2014-08-05 21:51:05 +08:00 · e320fa848d
parent 14bfbe2d8a
commit e320fa848d
23 changed files with 452 additions and 229 deletions
--- a/app/assets/javascripts/member-selection.js
+++ b/app/assets/javascripts/member-selection.js
@ -1,21 +1,70 @@
 $(document).ready(function() {  
+  var authorization_type = "managers";
+  $("ul#authorization-types a").on("click",function(){
+    authorization_type = $(this).data("for");
+    switch(authorization_type){
+      case "managers":
+        $("ul#card-list-submanagers li.check-item").removeClass("active");
+        $("ul#card-list-submanagers li.check-item input[type=checkbox]").removeAttr("checked")
+      break;
+      case "sub_managers":
+        $("ul#card-list-managers li.check-item").removeClass("active");
+        $("ul#card-list-managers li.check-item input[type=checkbox]").removeAttr("checked")
+      break;
+    }
+    hide_or_show_button();
+  })
+
+  $('.selected_user input[type="checkbox"], .selected_role input[type="checkbox"]').on("change",function(){
+    hide_or_show_button();
+  })
+
+  var hide_or_show_button = function(){
+    if($('.selected_role input[type="checkbox"]:checked').length == 0 && $('.selected_user input[type="checkbox"]:checked').length == 0){
+       $("#remove_users").addClass("hide");
+    }else{
+       $("#remove_users").removeClass("hide");
+    }
+  }
+
+  $("select[name=anything]").on("change",function(){
+    var value_to_filter = $(this).val();
+    if(value_to_filter != ""){
+      lis.each(function(){
+        var categories = $(this).data("categories");
+        if(categories.indexOf(value_to_filter) == -1){
+          $(this).hide();
+        }else{
+          $(this).show();
+        }
+      })
+    }else{
+      lis.show();
+    }
+  })
+
  $(".select_user_modal").on('click', function(){
-    var ids = [];
-    var users = $(this).siblings('.selected_users').children('span.selected_user');
-    users.each(function(i) {
-      ids.push(users.eq(i).attr('id'));
-    });
-    $("#main-wrap").after("<span id='select_user'></span>");
+    var data_to_send = {"authorization_type" : authorization_type};
+    if (authorization_type == "sub_managers"){
+      var category_id = $("select[name=anything]").val();
+      if(category_id == ""){
+        alert("Please select a category.");
+        return false;
+      }
+      data_to_send.category_id = category_id;
+    }
    $.ajax({
      type: 'GET',
      url: $(this).attr("rel"),
-      dataType: 'script',
-      data: {field: $(this).attr("field"), ids: ids},
-      success: function (msg) {
-        $("#member-filter").modal('show'); },
-      error: function(){
-        alert("ERROR");
-      }
+      dataType: 'html',
+      data : data_to_send,
+      success: function (html) {
+        $("#select_user_modal").html(html);
+        $("#member-filter").modal('show'); 
+        $(".modal").on("hidden", function () {
+          $("#select_user_modal").empty();
+        });
+      },
    });  
    return false;
  });
@ -25,21 +74,32 @@ $(document).ready(function() {
  });

  $("#remove_users").on('click', function(){
-    var ids = [];
-    var users = $('.selected_user input[type="checkbox"]:checked');
-    users.each(function(i) {
-      ids.push(users.eq(i).parent().attr('id'));
+    var user_ids = [],
+        role_ids =[],
+        users = $('.selected_user input[type="checkbox"]:checked'),
+        roles = $('.selected_role input[type="checkbox"]:checked')
+
+    users.each(function() {
+      user_ids.push($(this).parent().attr('id'));
    });
-    if (users.size() > 0) {
-      // TODO: i18n in javascript
-      if (confirm('Are you sure you want to delete this?')) {      
+
+     roles.each(function() {
+      role_ids.push($(this).parent().attr('id'));
+    });
+
+    var data_to_send = {"authorization_type" : authorization_type, "user_ids" : user_ids, "role_ids" : role_ids};
+    if (authorization_type == "sub_managers"){
+      var category_id = $("select[name=anything]").val();
+      data_to_send.category_id = (category_id == "" ? "all" : category_id);
+    }
+    if (user_ids.length > 0 || role_ids.length > 0) {
+      if (confirm('Are you sure you want revoke persmission from these users?')) {     // TODO: i18n in javascript 
        $.ajax({
          type: 'DELETE',
          url: $(this).attr("rel"),
          dataType: 'script',
-          data: {ids: ids},
+          data: data_to_send,
          error: function(){
-            // TODO: i18n in javascript
            alert("ERROR");
          }
        }); 
--- a/app/assets/stylesheets/basic/global.css
+++ b/app/assets/stylesheets/basic/global.css
@ -327,7 +327,7 @@ legend {
  top: 50px;
 }
 #member-filter .modal-body {
-  max-height: 425px;
+  max-height: 500px;
 }
 #member-filter .modal-body form {
  margin-bottom: 0px;
@ -397,6 +397,10 @@ legend {
  border-color: #ddd transparent #ddd #ddd;
  *border-right-color: #ffffff;
 }
+#member-filter .tab-content-1 {
+  padding-left: 15px;
+  border-left: 1px solid #ddd;
+}
 #member-filter .member-filter-options {
  float: left;
  display: inline-block;
--- a/app/assets/stylesheets/lib/checkbox-card.css
+++ b/app/assets/stylesheets/lib/checkbox-card.css
@ -21,6 +21,7 @@
 	margin-bottom: 0;
 }
 .mini-layout .tab-pane {
+	min-height: 600px;
 	padding: 20px 10px;
 	background-color: #fff;
 	border: 1px solid #ddd;
@ -64,6 +65,19 @@
 	opacity: 0;
 	visibility: hidden;
 }
+.checkbox-card li.role {
+   background-color: #696969;
+ }
+ .checkbox-card li.role label {
+   padding: 10px;
+   line-height: 26px;
+ }
+ .checkbox-card li.role span {
+   display: inline-block;
+   width: auto;
+   color: #FFF;
+ }
+
 .checkbox-card li:hover {
 	background-color: #0088cc;
 }
@ -122,6 +136,14 @@
 	color: #666666;
 	margin-top: -3px;
 }
+.checkbox-card li label span.badge {
+	float: right;
+	margin-top: 1px;
+	color: #fff;
+}
+.checkbox-card li span.role-name {
+	width: 80%;
+}
 .checkbox-card li:hover label span,
 .checkbox-card li:hover label span.user-name {
 	color: #FFFFFF;
--- a/app/controllers/admin/authorizations_controller.rb
+++ b/app/controllers/admin/authorizations_controller.rb
@ -5,28 +5,12 @@ class Admin::AuthorizationsController < OrbitAdminController
  def index
  	@module_apps ||= ModuleApp.any_of({authorizable: true}).order_by([:title, :asc])
    if @module_apps && @module_apps.include?(@module_app)
-      if @type
-        case @type
-        when 'category_authorization'
+      reload_users
      if (@module_app.categorizable || @module_app.categories.present?)
        @objects = @module_app.categories rescue nil
-          else
-            @error = t(:no_category)
      end
-        else
-          @objects = @klass.all
-        end
-        unless @objects.blank?
-          @object ||= @objects.first
-          @authorizations = Authorization.category_sub_managers(@object) rescue nil
-        else
-          @error = t(:no_data)
-        end
-      else
-        @authorizations = @module_app.module_managers rescue []
-      end
-    elsif @module_apps
-      @module_app = @module_apps.first
+    elsif @module_apps && @module_app.key == "authorization"
+        redirect_to "/admin/authorizations/#{@module_apps.first.key}"
    else
        redirect_to  :root
    end
@ -37,24 +21,24 @@ class Admin::AuthorizationsController < OrbitAdminController
    unless users.nil?
      authorization = users.map {|u| get_or_create_authorization(u)}.first
    end
-    @users = @module_app.module_managers
+   reload_users
    render 'admin/authorizations/reload_users'
  end

  def add_roles
    roles = Role.find(params[:role_ids]) rescue nil
    unless roles.nil?
-      authorization = roles.map { |r| get_or_create_authorization_with_role(r.id)}.first
+      authorization = roles.map { |r| get_or_create_authorization_with_role(r)}.first
    end
-    @users = @module_app.module_managers
+   reload_users
    render 'admin/authorizations/reload_users'
  end

  def modal_select
-    existing_users = User.find(params[:ids]) rescue []
    roles = Role.all
-    if @type
-      @object_id = @object.id if @object
+    @authorization_type = params[:authorization_type]
+    if @authorization_type == "sub_managers"
+      @object = Category.find(params[:category_id])
      @sub_mangers = Authorization.category_sub_managers(@object)
      @sorted_users = roles.inject({}) do |users, role|
        users_for_role = role.member_profiles.select {|m| !m.user.is_admin? if m.user}.map {|u| u.user}
@ -68,24 +52,19 @@ class Admin::AuthorizationsController < OrbitAdminController
        users
      end
    end
-  end
-
-  def remove_roles
-    roles = Role.find(params[:role_ids]) rescue []
-    unless roles.blank?
-      authorization = get_or_create_authorization
-      remove_roles_form_auth(authorization, roles)
-    end
-    @users = authorization.authorized_users
-    render 'admin/authorizations/reload_users'
+    render :layout => false
  end

  def remove_users
    @users = User.find(params[:ids]) rescue []
    unless @users.blank?
-      authorization = @users.map {|u| remove_authorizations(u.id)}.first
+      authorization = @users.map {|u| remove_authorizations(u)}.first
    end
-    @users = @module_app.module_managers
+    roles = Role.find(params[:role_ids]) rescue []
+    unless roles.blank?
+      roles.each{|r| remove_authorizations_with_role(r)}
+    end
+    reload_users
    render 'admin/authorizations/reload_users'
  end
  
@ -93,27 +72,42 @@ class Admin::AuthorizationsController < OrbitAdminController
  protected

  def get_or_create_authorization(user)
-    case @type
-    when 'category_authorization'
-      if @object
-        if user.is_manager?(@module_app)
-          remove_from_manager(user)
-        end
+    case params[:authorization_type]
+    when "sub_managers"
+        remove_from_manager(user) if user.is_manager?(@module_app)
+        @object = Category.find(params[:category_id])
       Authorization.create_category_authorization(@module_app.id, @object.id, user.id)
-      else
-        @error = t(:no_data)
-      end
-    when nil
-      if user.is_sub_manager?(@module_app)
-          remove_from_sub_manager(user)
-      end
+    when "managers"
+      remove_from_sub_manager(user) if user.is_sub_manager?(@module_app)
      Authorization.create_module_authorization(@module_app.id, user.id)
-    else
-      auth = @object.get_authorization_by_title("#{@type}_#{@module_app.key}")
-      unless auth
-        auth = Authorization.create_category_authorization(@module_app.id, @object.id, user_id) if @type.include?('authorization')
    end
-      auth
+  end
+
+  def remove_authorizations(user)
+    case params[:authorization_type]
+    when "sub_managers"
+      if params[:category_id] == "all"
+        remove_from_sub_manager(user)
+      else
+        @object = Category.find(params[:category_id])
+        Authorization.remove_category_authorization(@object.id, user.id)
+      end
+    when "managers"
+      Authorization.remove_module_authorization(@module_app.id, user.id)
+    end
+  end
+
+  def remove_authorizations_with_role(role)
+    case params[:authorization_type]
+    when "sub_managers"
+      if params[:category_id] == "all"
+        remove_from_sub_manager_with_role(role)
+      else
+        @object = Category.find(params[:category_id])
+        Authorization.remove_category_authorization_with_role(@object.id, role.id)
+      end
+    when "managers"
+      Authorization.remove_module_authorization_with_role(@module_app.id, role.id)
    end
  end

@ -124,47 +118,44 @@ class Admin::AuthorizationsController < OrbitAdminController
    end
  end

+   def remove_from_sub_manager_with_role(role)
+    categories = role.approved_categories_for_module(@module_app)
+    categories.each do |c|
+       Authorization.remove_category_authorization_with_role(c.id, role.id)
+    end
+  end
+
  def remove_from_manager(user)
     Authorization.remove_module_authorization(@module_app.id, user.id)
  end

-  def get_or_create_authorization_with_role(role_id)
-    case @type
-    when 'category_authorization'
-      if @object
-        Authorization.create_category_authorization_with_role(@module_app.id, @object.id, role_id)
-      else
-        @error = t(:no_data)
+   def remove_from_manager_with_role(role)
+     Authorization.remove_module_authorization_with_role(@module_app.id, role.id)
  end
-    when nil
-        Authorization.create_module_authorization_with_role(@module_app.id,role_id)
-    else
-      auth = @object.get_authorization_by_title("#{@type}_#{@module_app.key}")
-      unless auth
-        auth = Authorization.create_category_authorization_with_role(@module_app.id, @object.id, role_id)
-      end
-      auth
+
+  def get_or_create_authorization_with_role(role)
+    case params[:authorization_type]
+    when "sub_managers"
+        remove_from_manager_with_role(role) if role.is_manager_for?(@module_app)
+        @object = Category.find(params[:category_id])
+        Authorization.create_category_authorization_with_role(@module_app.id, @object.id, role.id)
+    when "managers"
+        remove_from_sub_manager_with_role(role) if role.is_sub_manager_for?(@module_app)
+        Authorization.create_module_authorization_with_role(@module_app.id,role.id)
    end
  end

-  def remove_authorizations(user_id)
-    case @type
-    when 'category_authorization'
-      if @object
-        Authorization.remove_category_authorization(@object.id, user_id)
-        @error = t(:no_data)
-      end
-    when nil
-      Authorization.remove_module_authorization(@module_app.id, user_id)
-    else
-      auth = @object.get_authorization_by_title("#{@type}_#{@module_app.key}")
-      unless auth
-        auth = Authorization.remove_category_authorization(@object.id, user_id)
-      end
-      auth    
-    end
+
+  def reload_users
+    @managers = @module_app.module_managers rescue []
+    @sub_managers = @module_app.sub_managers rescue []
+    manager_roles = @module_app.role_managers.collect{|r| Role.find(r)} rescue []
+    sub_manager_roles = @module_app.role_sub_managers rescue []
+    @managers = @managers.concat(manager_roles)
+    @sub_managers  = @sub_managers.concat(sub_manager_roles)
  end
  
+
  private

  def admin_or_manager
@ -176,10 +167,5 @@ class Admin::AuthorizationsController < OrbitAdminController

  def setup_vars
    @module_app = ModuleApp.find_by(key: params[:module]) if params[:module]
-    @type = params[:type].underscore if params[:type]
-    if @type
-      @klass = @type.gsub('_authorization', '').gsub('_approval', '').classify.constantize rescue nil
-      @object = @klass.find(params[:id]) rescue nil
-    end
  end
 end
--- a/app/controllers/orbit_admin_controller.rb
+++ b/app/controllers/orbit_admin_controller.rb
@ -3,7 +3,7 @@ class OrbitAdminController < ApplicationController
  include Authorize
  include OrbitBackendHelper
  
-  before_action :authenticate_user, :log_user_action, :load_authenticated_categories
+  before_action :authenticate_user, :log_user_action, :load_authorized_categories
  layout "back_end"

  def sort
@ -64,7 +64,7 @@ class OrbitAdminController < ApplicationController
    end
  end

-  def load_authenticated_categories
+  def load_authorized_categories
    @user_authenticated_categories = current_user.is_admin? ? ["all"] : current_user.approved_categories.collect{|c| c.id}
  end

--- a/app/models/authorization.rb
+++ b/app/models/authorization.rb
@ -23,6 +23,7 @@ class Authorization
    end
  end

+
  def self.category_role_sub_managers(category)
    authorizations = self.category_authorized_users(category)
    users = authorizations.map { |a| a.role if role.present? }
@ -73,12 +74,22 @@ class Authorization
  end

  def self.remove_module_authorization(module_app_id,user_id)
-    auth = self.find_by(module_app_id: module_app_id, user_id: user_id)
-    auth.destroy
+    auth = self.find_by(module_app_id: module_app_id, user_id: user_id) rescue nil
+    auth.destroy if !auth.nil?
  end

  def self.remove_category_authorization(category_id,user_id)
-    auth = self.find_by(category_id: category_id, user_id: user_id)
-    auth.destroy
+    auth = self.find_by(category_id: category_id, user_id: user_id) rescue nil
+    auth.destroy if !auth.nil?
+  end
+
+  def self.remove_module_authorization_with_role(module_app_id,role_id)
+    auth = self.find_by(module_app_id: module_app_id, role_id: role_id) rescue nil
+    auth.destroy if !auth.nil?
+  end
+
+  def self.remove_category_authorization_with_role(category_id,role_id)
+    auth = self.find_by(category_id: category_id, role_id: role_id) rescue nil
+    auth.destroy if !auth.nil?
  end
 end
--- a/app/models/category.rb
+++ b/app/models/category.rb
@ -17,6 +17,9 @@ class Category
  end

  def self.authorized(user)
-    user.approved_categories
+    module_app_categories = self.each{|c| c}.to_a rescue []
+    authorized_categories = user.approved_categories
+    intersection = (module_app_categories & authorized_categories)
+    intersection
  end
 end
--- a/app/models/module_app.rb
+++ b/app/models/module_app.rb
@ -32,6 +32,19 @@ class ModuleApp
    self[:widget_settings] = reg.get_widget_settings
  end

+  def sub_managers
+    categories = self.categories
+    sub_managers = []
+    categories.each do |c|
+      c.authorizations.each do |a|
+        if !sub_managers.include?a.user
+          sub_managers << a.user
+        end
+      end
+    end
+    sub_managers
+  end
+
  def get_registration
    OrbitApp::Module::Registration.find_by_key(key)
  end
@ -81,6 +94,17 @@ class ModuleApp
    Authorization.module_authorized_users(self).pluck(:role_id)
  end

+  def role_sub_managers
+    roles = []
+    self.categories.each do |c|
+      auth = Authorization.find_by(:category_id => c.id) rescue nil
+      if !auth.nil?
+        roles << auth.role
+      end
+    end
+    roles
+  end
+
  def role_status
    RoleStatus.all
  end
@ -88,8 +112,6 @@ class ModuleApp
  def module_managers
    workgroup = Workgroup.find_by(key: 'sub_managers')
    authorized_users = Authorization.module_authorized_users(self).where(:user_id.ne => nil, :workgroup_id.ne => workgroup.id).map {|u| u.user} rescue nil
-    authorized_members = Authorization.module_authorized_users(self).where(:role_id.ne => nil).map {|m| m.role.member_profiles}.first rescue nil
-    users_authorized_by_role = authorized_members.map {|u| u.user} rescue []
    authorized_users.inject(users_authorized_by_role, :<<) rescue []
  end

--- a/app/models/role.rb
+++ b/app/models/role.rb
@ -22,4 +22,37 @@ class Role
  def is_disabled?
    self.disabled
  end
+
+  def approved_categories_for_module(module_app)
+    module_app_categories = module_app.categories
+    authorizations = Authorization.where(:role_id => self.id)
+    authorized_categories = []
+    authorizations.each do |auth|
+      cat = auth.category
+      authorized_categories << auth.category if !cat.nil?
+    end
+    (module_app_categories & authorized_categories)
+  end
+
+  def is_manager_for?(module_app)
+    a = self.authorizations.find_by(:module_app_id => module_app.id) rescue nil
+    if a.nil?
+      false
+    else
+      true
+    end
+  end
+
+  def is_sub_manager_for?(module_app)
+    if !self.is_manager_for?(module_app)
+      categories = self.approved_categories_for_module(module_app)
+      if categories.count > 0
+        true
+      else
+        false
+      end
+    else
+      false
+    end
+  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -120,7 +120,27 @@ class User
    authorized_roles = module_app.role_managers rescue []
    intersection = (user_roles & authorized_roles)

-    if ((intersection.count > 0 if intersection.present?) && !self.is_admin? && !self.is_manager?(module_app) && !self.is_sub_manager?(module_app))
+    if (intersection.count > 0 if intersection.present?)
+      true
+    else
+      false
+    end
+  end
+
+  def is_sub_manager_with_role?(module_app)
+     user_roles = self.member_profile.role_ids.map {|r| r}
+     authorized_categories = []
+     wg = Workgroup.find_by(:key => "sub_managers")
+     user_roles.each do |r|
+        auths =  Authorization.find_by(:rold_id  => r, :workgroup_id => wg.id) rescue []
+        auths = auths.to_a if !auths.kind_of?(Array)
+        auths.each do |a|
+          authorized_categories << a.category
+        end
+     end
+    module_app_categories = module_app.categories.map {|c| c.id} rescue nil
+    intersection = (module_app_categories & authorized_categories)
+     if (intersection.count > 0 if intersection.present?)
      true
    else
      false
@ -137,6 +157,13 @@ class User
    end
  end

+  def approved_categories_for_module(module_app)
+    module_app_categories = module_app.categories rescue []
+    authorized_categories = self.authorizations.map {|a| a.category if (a.category.present? && a.workgroup.key.eql?("sub_managers"))}
+    intersection = (module_app_categories & authorized_categories)
+    intersection
+  end
+
  def approved_categories
    categories = []
    if self.is_admin?
@ -144,11 +171,18 @@ class User
        categories << c
      end
    else
-      self.authorizations.each do |auth|
+      authorizations = self.authorizations.collect{|a| a} 
+      user_roles = self.member_profile.roles rescue []
+      user_roles.each do |r|
+        authorizations.concat((r.authorizations rescue []))
+      end
+
+      authorizations.each do |auth|
        case auth.workgroup.key
        when "managers"
-          if !auth.module_app.categories.blank?
-            auth.module_app.categories.each do|c|
+          cats = auth.module_app.categories rescue []
+          if !cats.blank?
+            cats.each do|c|
              categories << c
            end
          end
--- a/app/views/admin/authorizations/_user.html.erb
+++ b/app/views/admin/authorizations/_user.html.erb
@ -1,6 +1,7 @@
-<li class="filter-item selected_user <%= 'check-item' unless user == current_user || user.is_admin? %>" id="<%= user.id %>">
+<% if user.instance_of?User %>
+	<li class="filter-item selected_user <%= 'check-item' unless user == current_user || user.is_admin? %>" id="<%= user.id %>" <%= "data-categories=#{user.approved_categories_for_module(@module_app).collect{|c| c.id.to_s}.to_json.html_safe}" if @partial == "sub_managers" %>>
 	  <label>
-    <%= image_tag (user.member_profile.avatar? ? user.member_profile.avatar.thumb : 'menber-pic.png'), :class => "user-pic" %>
+	    <%= image_tag (user.member_profile.avatar? ? user.member_profile.avatar.thumb : 'member-pic.png'), :class => "user-pic" %>
 	    <span class="user-name"><%= user.member_profile.name %></span>
 	    <span><%= user.user_workgroup(@module_app) %></span>
 	  </label>
@ -8,3 +9,12 @@
 	  	<input type="checkbox">
 	  <% end %>
 	</li>
+<% elsif user.instance_of?Role %>
+	<li class="filter-item selected_role check-item role"  id="<%= user.id %>" <%= "data-categories=#{user.approved_categories_for_module(@module_app).collect{|c| c.id.to_s}.to_json.html_safe}" if @partial == "sub_managers" %>>
+       <label>
+         <span class="role-name"><%= user.title %></span>
+         <span class="badge badge-info"><%= user.member_profiles.count %></span>
+       </label>
+       <input type="checkbox">
+     </li> 
+<% end %>
--- a/app/views/admin/authorizations/index.html.erb
+++ b/app/views/admin/authorizations/index.html.erb
@ -7,7 +7,7 @@
        <ul class="nav nav-pills nav-stacked">
          <% @module_apps.each do |module_app| %>
            <li class="<%= @module_app == module_app ? 'active' : '' %>">
-              <%= link_to content_tag(:i, nil, class: (module_app.get_registration.get_icon_class rescue nil)) + ' ' + module_app.title, admin_authorizations_path(module_app.key, (@type if (@type && module_app.authorizable_models.include?(@type.camelize)))) %>
+              <%= link_to content_tag(:i, nil, class: (module_app.get_registration.get_icon_class rescue nil)) + ' ' + module_app.title, "/admin/authorizations/#{module_app.key}" %>
            </li>
          <% end %>
        </ul>
@ -16,27 +16,51 @@
  </div>

  <div class="mini-layout-body span10">
-    <ul class="nav nav-tabs">
+    <ul class="nav nav-tabs" id="authorization-types">
      <li class="active">
-        <%= link_to t(:module_authorization), admin_authorizations_path(@module_app.key), :class => "active" if @module_app.authorizable %>
+        <%= link_to t(:module_authorization), "#module_auth", :class =>  "active", :data => {"toggle" => "tab", "for" => "managers"} if @module_app.authorizable %>
      </li>
+      <% if !@objects.nil? %>
        <li>
          <% @module_app.authorizable_models.each do |authorizable_model| %>
-          <%= link_to (authorizable_model.eql?('Category') ? t(:category_auth) : "#{authorizable_model.underscore.humanize.capitalize} #{t(:authorization_)}"), admin_authorizations_path(@module_app.key, type: "#{authorizable_model.underscore}_authorization") %>
+            <%= link_to (authorizable_model.eql?('Category') ? t(:category_auth) : "#{authorizable_model.underscore.humanize.capitalize} #{t(:authorization_)}"), "#category_auth" , :data => {"toggle" => "tab", "for" => "sub_managers"} %>
          <% end %>
        </li>
+      <% end %>
    </ul>
-    <div class="tab-pane">
-      <% if @error %>
-        <%= @error %>
-      <% else %>
-        <div class="tab-pane-head clearfix">
-          <h4 class="pull-left">Title</h4>
-          <%= select_tag @type.underscore.humanize, options_from_collection_for_select(@objects, "id", "title", @object.id), :class => "pull-right", :onchange => "window.location.href = '/admin/authorizations/'+'#{@module_app.key}/#{@type}/'+$(this).val();" if @objects %>
+    <% @partial = "managers" %>
+    <div class="tab-content">
+      <div class="tab-pane fade in active" id="module_auth">
+          <div class="tab-pane-head">
+            <h4>Managers</h4>
          </div>
-        <ul id="card-list" class="checkbox-card clearfix">
-          <%= render partial: 'user', collection: @authorizations %>
+          <ul id="card-list-managers" class="checkbox-card clearfix">
+          <% if @managers.empty? %>
+            <div> No managers for this module </div>
+          <% else %>
+            <%= render partial: 'user', collection: @managers %>
+          <% end %>
          </ul>
+      </div>
+       <% if !@objects.nil? %>
+        <% @partial = "sub_managers" %>
+       <div class="tab-pane fade" id="category_auth">
+          <div class="tab-pane-head clearfix">
+            <h4 class="pull-left">Sub Managers</h4>
+            <div class="pull-right">
+              <label>Categories : 
+                <%= select_tag "anything", options_from_collection_for_select(@objects, "id", "title"), :prompt => "Select Category" if !@objects.nil? %>
+              </label>
+            </div>
+          </div>
+          <ul id="card-list-submanagers" class="checkbox-card clearfix">
+            <% if @sub_managers.empty? %>
+              <div> No sub managers for this module </div>
+            <% else %>
+              <%= render partial: 'user', collection: @sub_managers %>
+            <% end %>
+          </ul>
+      </div>
      <% end %>
    </div>
  </div>
@ -46,6 +70,14 @@
 <div class="bottomnav clearfix">
  <div class="action pull-right">
    <%= link_to content_tag(:i, nil, class: "icons-plus") + ' ' + t(:add), '#', class: 'btn btn-primary select_user_modal', rel: modal_select_authorizations_path(@module_app.key, @type, @object) %>
-    <%= link_to content_tag(:i, nil, class: "icon-trash") + ' ' + t(:delete_), '#', id: 'remove_users', class: 'btn btn-danger', rel: remove_users_authorizations_path(@module_app.key, @type, @object) %>
+    <%= link_to content_tag(:i, nil, class: "icon-trash") + ' ' + t(:delete_), '#', id: 'remove_users', class: 'btn btn-danger hide', rel: remove_users_authorizations_path(@module_app.key, @type, @object) %>
  </div>
 </div>
+<div id='select_user_modal'></div>
+
+<script type="text/javascript">
+  var lis = $("ul#card-list-submanagers li");
+</script>
+
+
+
--- a/app/views/admin/authorizations/modal_select.html.erb
+++ b/app/views/admin/authorizations/modal_select.html.erb
@ -0,0 +1 @@
+<%= render partial: 'admin/member_selects/modal_select', locals: {role_form_url: add_roles_authorizations_path(@module_app.key, @type, @object_id), user_form_url: add_users_authorizations_path(@module_app.key, @type, @object_id)} %>
--- a/app/views/admin/authorizations/modal_select.js.erb
+++ b/app/views/admin/authorizations/modal_select.js.erb
@ -1,2 +0,0 @@
-$("#select_user").html("<%= j render partial: 'admin/member_selects/modal_select', locals: {role_form_url: add_roles_authorizations_path(@module_app.key, @type, @object_id), user_form_url: add_users_authorizations_path(@module_app.key, @type, @object_id)} %>");
-$("#member-filter").modal();
--- a/app/views/admin/authorizations/reload_users.js.erb
+++ b/app/views/admin/authorizations/reload_users.js.erb
@ -1,2 +1,7 @@
-$("#card-list").html("<%= j render partial: 'user', collection: @users %>");
+<% @partial = "managers" %>
+$("#card-list-managers").html("<%= j render partial: 'user', collection: @managers %>");
+<% @partial = "sub_managers" %>
+$("#card-list-submanagers").html("<%= j render partial: 'user', collection: @sub_managers %>");
 $("#member-filter").modal('hide');
+lis = $("ul#card-list-submanagers li");
+$("select[name=anything] option:eq(0)").prop("selected","selected")
--- a/app/views/admin/categories/_select_form.html.erb
+++ b/app/views/admin/categories/_select_form.html.erb
@ -20,7 +20,7 @@
            <label class="control-label"><%= "#{t(:name)} (#{t(locale)})" %></label>
            <div class="controls">
              <input class="input-large" id="<%=locale%>" name="category[title_translations][<%=locale%>]" placeholder="<%=t(:name)%>" type="text">
-              <span class="help-inline hide">Please enter category tite</span>
+              <span class="help-inline hide">Please enter category title</span>
            </div>
          </div>
        <% end %>
--- a/app/views/admin/member_selects/_modal_select.html.erb
+++ b/app/views/admin/member_selects/_modal_select.html.erb
@ -9,15 +9,17 @@
        <div class="content">
          <ul class="nav nav-pills nav-stacked">
            <li class="active"><a href="#all" data-toggle="tab"><%= t('list.role') %></a></li>
-            <% @sorted_users.each_key do |role| %>
-              <li class=""><a href="#r_<%= role.id %>" data-toggle="tab"><%= role.title %></a></li>
-            <% end %>
+            <li><a href="#member" data-toggle="tab">Member</a></li>
          </ul>
        </div>
      </div>
-      <div class="tab-content">
+      <div class="tab-content tab-content-1">
        <div class="tab-pane fade in active" id="all">
          <%= form_tag role_form_url, remote: true do %>
+          <input type="hidden" value="<%= @authorization_type %>" name="authorization_type" />
+          <% if @authorization_type == "sub_managers" %>
+            <input type="hidden" value="<%= @object.id.to_s %>" name="category_id" />
+            <% end %>
            <fieldset>
              <% @sorted_users.each_key do |role| %>
                <label class="checkbox inline">
@ -31,9 +33,24 @@
            </div>
          <% end %>
        </div>
-        <% @sorted_users.each do |role, users| %>
-          <div class="tab-pane fade" id="r_<%= role.id %>">
+        <div class="tab-pane fade" id="member">
+          <ul class="nav nav-tabs">
+           <% i = 0 %>
+            <% @sorted_users.each_key do |role| %>
+              <li class="<%= i == 0 ? 'active' : ''  %>"><a href="#r_<%= role.id %>" data-toggle="tab"><%= role.title %></a></li>
+              <% i = i + 1 %>
+            <% end %>
+          </ul>
          <%= form_tag user_form_url, remote: true do %>
+          <input type="hidden" value="<%= @authorization_type %>" name="authorization_type" />
+          <% if @authorization_type == "sub_managers" %>
+            <input type="hidden" value="<%= @object.id.to_s %>" name="category_id" />
+            <% end %>
+          <div class="tab-content">
+          <% i = 0 %>
+          <% @sorted_users.each do |role, users| %>
+                <div class="tab-pane fade <%= i == 0 ? 'in active' : ''  %>" id="r_<%= role.id %>">
+                <% i = i + 1 %>
                <fieldset class="clearfix">
                    <div class="member-filter-result nano">
                      <div class="content">
@ -41,7 +58,7 @@
                          <% users.each do |user| %>
                            <li class="check-item">
                              <label>
-                            <%= image_tag (user.member_profile.avatar.file ? user.member_profile.avatar : "menber-pic.png"), class: "user-pic" %>
+                                <%= image_tag (user.member_profile.avatar.file ? user.member_profile.avatar : "member-pic.png"), class: "user-pic" %>
                                <span class="user-name"><%= user.member_profile.name %></span>
                              </label>
                              <%= check_box_tag 'user_ids[]', user.id , false %>
@ -50,14 +67,16 @@
                        </ul>
                      </div>
                    </div>
-                <div class="form-actions condition">
+                  </fieldset>
+                </div>
+              <% end %>
+              </div>
+               <div class="form-actions">
                  <button type="button" class="btn" data-dismiss="modal"><%= t(:cancel) %></button>
                  <%= submit_tag t(:submit), class: "btn btn-primary" %>
                </div>
-              </fieldset>
          <% end %>
        </div>
-        <% end %>
      </div>
    </div>
  </div>
@ -66,9 +85,6 @@

 <script type="text/javascript">
  $(document).ready(function() {
-    $(".modal").on("hidden", function () {
-      $("#select_user").remove();
-    });
    $('#member-filter').on('shown', function() {
      $('#member-filter').off('shown')
      $(this).find('.nano').nanoScroller({ scrollTop: 0, iOSNativeScrolling: true });
--- a/config/initializers/orbit_category.rb
+++ b/config/initializers/orbit_category.rb
@ -2,8 +2,6 @@
    module_label 'module_name.category'
    base_url File.expand_path File.dirname(__FILE__) 
      
-    authorizable   
-    
    side_bar do
      head_label_i18n 'module_name.category', icon_class: "icons-flow-cascade"
      head_link_path "admin_categories_path"
--- a/config/initializers/orbit_tag.rb
+++ b/config/initializers/orbit_tag.rb
@ -2,8 +2,6 @@
    module_label 'tag'
    base_url File.expand_path File.dirname(__FILE__) 
    
-    authorizable   
-    
    side_bar do
      head_label_i18n 'tags', icon_class: "icons-tag"
      head_link_path "admin_tags_path"
--- a/config/routes.rb
+++ b/config/routes.rb
@ -30,10 +30,10 @@ Orbit::Application.routes.draw do

  # You can have the root of your site routed with "root"
  root 'pages#home'
-  get 'admin/authorizations/modal_select/:module(/:type(/:id))' => 'admin/authorizations#modal_select', :as => :modal_select_authorizations
-  match 'admin/authorizations/add_users/:module(/:type(/:id))' => 'admin/authorizations#add_users', :as => :add_users_authorizations, via: [:get, :post]
-  match 'admin/authorizations/add_roles/:module(/:type(/:id))' => 'admin/authorizations#add_roles', :as => :add_roles_authorizations, via: [:get, :post]
-  match 'admin/authorizations/remove_users/:module(/:type(/:id))' => 'admin/authorizations#remove_users', :as => :remove_users_authorizations, via: [:delete]
+  get 'admin/authorizations/modal_select/:module' => 'admin/authorizations#modal_select', :as => :modal_select_authorizations
+  match 'admin/authorizations/add_users/:module' => 'admin/authorizations#add_users', :as => :add_users_authorizations, via: [:get, :post]
+  match 'admin/authorizations/add_roles/:module' => 'admin/authorizations#add_roles', :as => :add_roles_authorizations, via: [:get, :post]
+  match 'admin/authorizations/remove_users/:module' => 'admin/authorizations#remove_users', :as => :remove_users_authorizations, via: [:delete]

  locales = Site.first.in_use_locales rescue I18n.available_locales

@ -149,7 +149,7 @@ Orbit::Application.routes.draw do
        end
      end

-      get 'authorizations(/:module(/:type(/:id)))' => 'authorizations#index', :as => :authorizations
+      get 'authorizations(/:module)' => 'authorizations#index', :as => :authorizations
      
      resources :authorizations
      resources :items
--- a/lib/orbit_app/helper/context_link_renderer.rb
+++ b/lib/orbit_app/helper/context_link_renderer.rb
@ -19,8 +19,12 @@ module ContextLinkRenderer
  		status = "admin"
  	elsif @current_user.is_manager?(@belong_module_app)
  		status = "managers"
+    elsif @current_user.is_manager_with_role?(@belong_module_app)
+      status = "managers"
  	elsif @current_user.is_sub_manager?(@belong_module_app)
  		status = "sub_managers"
+    elsif @current_user.is_sub_manager_with_role?(@belong_module_app)
+      status = "sub_managers"
  	elsif @current_user.is_normal_user?
  		status = "users"
  	end
--- a/lib/orbit_app/helper/side_bar_renderer.rb
+++ b/lib/orbit_app/helper/side_bar_renderer.rb
@ -48,8 +48,12 @@ module SideBarRenderer
      status = "admin"
    elsif @current_user.is_manager?(@belong_module_app)
      status = "managers"
+    elsif @current_user.is_manager_with_role?(@belong_module_app)
+      status = "managers"
    elsif @current_user.is_sub_manager?(@belong_module_app)
      status = "sub_managers"
+    elsif @current_user.is_sub_manager_with_role?(@belong_module_app)
+      status = "sub_managers"
    elsif @current_user.is_normal_user?
      status = "users"
    end
--- a/lib/orbit_core_lib.rb
+++ b/lib/orbit_core_lib.rb
@ -36,23 +36,6 @@ module  OrbitCoreLib
    end
  end

-  module  ObjectTokenUtility
-    def self.included(base)
-      base.instance_eval("field :s_token")
-      base.instance_eval("after_create :generate_token")
-    end
-    
-    def token
-      return self.s_token
-    end
-    
-    protected
-     def generate_token
-       self.s_token = SecureRandom.hex(16)
-       self.save!
-     end
-  end
-
  module Authorize
    def self.included(base)
      base.class_eval do
@ -66,6 +49,7 @@ module  OrbitCoreLib
      def can_use
        @app_title ||= controller_path.split('/')[1].singularize rescue nil
        @module_app ||= ModuleApp.find_by(key: @app_title) rescue nil
+        @module_app = ModuleApp.find(params[:module_app_id]) if @module_app.key == "category" || "tag" rescue nil
        if @module_app.nil?
          o = OrbitApp::Module::Registration.find_by_url(controller_path)
          @app_title = o.key rescue nil
@ -83,12 +67,6 @@ module  OrbitCoreLib
      end

      def check_user_can_use
-        # condition_check = ((current_user.is_admin? if current_user.present?) || (current_user.is_manager?(@module_app) if current_user.present?) || (current_user.is_sub_manager?(@module_app) if current_user.present?) || (current_user.is_manager_with_role?(@module_app) if current_user.present?))
-        # if condition_check.eql?(true)
-        #   # redirect_to admin_dashboards_url
-        # elsif condition_check.eql?(false)
-        #   render "public/401" , layout: "back_end"
-        # end
        permissions = {}
        @module_app.get_registration.get_side_bar.get_context_links.each do |link|
          l = (Rails.application.routes.url_helpers.send(link.path) rescue Rails.application.routes.url_helpers.send(link.path, {:module_app_id => @module_app.id}))
@ -111,8 +89,12 @@ module  OrbitCoreLib
            status = "admin"
          elsif current_user.is_manager?(@module_app)
            status = "managers"
+          elsif current_user.is_manager_with_role?(@module_app)
+            status = "managers"
          elsif current_user.is_sub_manager?(@module_app)
            status = "sub_managers"
+          elsif current_user.is_sub_manager_with_role?(@module_app)
+            status = "sub_managers"
          elsif current_user.is_normal_user?
            status = "users"
          end
				`@ -0,0 +1 @@`
				`<%= render partial: 'admin/member_selects/modal_select', locals: {role_form_url: add_roles_authorizations_path(@module_app.key, @type, @object_id), user_form_url: add_users_authorizations_path(@module_app.key, @type, @object_id)} %>`