module OrbitCoreLib module Preview def self.included(base) # base.instance_eval("field :is_preview,type: Boolean,:default => false") # base.instance_eval("scope :not_preview,where(:is_preview=>false)") base.class_eval (" def to_preview raise 'Developer,please override to_preview method' end ") end end module ObjectDisable def self.included(base) base.instance_eval("field :disable,type: Boolean,:default => false") base.instance_eval("scope :all, ->{ where(:disable.in => [false, nil, '']) }") base.instance_eval("scope :admin_manager_all, ->{ find(:all) }") base.define_singleton_method :find do |*args| if args ==[:all] unscoped else res = unscoped.find(args) res.count == 1 ? res[0] : res end end base.define_singleton_method :first do |*args| all.first end base.define_singleton_method :last do |*args| all.last end end end # module ObjectAuthable # def self.included(base) # base.instance_eval("has_many :object_auths,as: :obj_authable,dependent: :delete") # base.define_singleton_method :authed_for_user do |user,title = nil| # sub_role_ids_ary=user.sub_roles.collect{|t| t.id} # if title.nil? # auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s) # else # auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s,title: title) # end # query1 = auth_object_space.any_in({sub_role_ids: sub_role_ids_ary}).excludes(blocked_user_ids: user.id) # query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id}).excludes(blocked_user_ids: user.id) # # query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id},{role_ids: user.role_ids}).excludes(blocked_user_ids: user.id) #save for backup if something went wrong (0626 Matt) # result = (query1 + query2).uniq # result.collect{|t| t.obj_authable}.delete_if{|val| val==nil} # end # end # def cur_user_is_sub_manager_of(title) # authed_users(title).include?(User.current) # end # def module_app # ModuleApp.first(conditions: {:title => self.class::APP_NAME} ) # end # def pp_object # "Object Auth method 'pp_object' need to be defined for class #{self.class}" # end # def get_object_auth_by_title(title) # oa = self.object_auths.where({title: title }).first # if oa.nil? #&& (self.class::ObjectAuthTitlesOptions.include? title) # oa = self.object_auths.create title: title # end # oa # end # def authed_users(title=nil) # users = [] # users = case title # when :all # ary = self.object_auths.collect{|t| t.auth_users} # ary.flatten! # when nil # if self.object_auths.count ==1 # self.object_auths.first.auth_users_after_block_list rescue [] # else # logger.info "Warning calling a auth commend without specificed value( has multi-auths ), return empty" # [] # end # else # get_object_auth_by_title(title).auth_users rescue [] # end # users # end # end module ObjectTokenUtility def self.included(base) base.instance_eval("field :s_token") base.instance_eval("after_create :generate_token") end def token return self.s_token end protected def generate_token self.s_token = SecureRandom.hex(16) self.save! end end module PermissionUtility private def check_permission(type = :use) permission_grant = current_user.is_admin?? true : false module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app unless permission_grant permission_grant = case type when :use users_ary = @module_authorized_users rescue nil users_ary = [] if users_ary.nil? (users_ary.include?(current_user) || current_user.is_manager?(@module_app) || current_user.is_sub_manager?(@module_app)) when :manager current_user.is_manager?(@module_app) when :sub_manager current_user.is_manager?(@module_app) || current_user.is_sub_manager?(@module_app) end end permission_grant end def find_module_app_by_token(token) ModuleApp.first(conditions: {s_token: token}) end end module Authorize def self.included(base) base.class_eval do before_filter :can_use send :include, InstanceMethods end end module InstanceMethods protected def can_use setup_vars unless @no_authorization if @workgroup @open = false @visitor = false @workgroup.each do |workgroup| case workgroup when :admin @open ||= check_admin when :manager @open ||= check_manager when :sub_manager @open ||= check_sub_manager when :user @open ||= true end end authenticate_user if current_user.nil redirect_to root_url unless @open else authenticate_user check_user_can_use end end end def check_admin current_user.is_admin? end def check_manager check_admin || current_user.is_manager?(@module_app) end def check_sub_manager check_admin || check_manager || current_user.is_sub_manager?(@module_app) end def open_for(var) @user_type ||= [] @user_type << var end def no_authorization @no_authorization = true end def check_user_can_use condition_check = ((current_user.is_admin? if current_user.present?) || (current_user.is_manager?(@module_app) if current_user.present?) || (current_user.is_sub_manager?(@module_app) if current_user.present?) || (current_user.is_manager_with_role?(@module_app) if current_user.present?)) if condition_check.eql?(true) # redirect_to admin_dashboards_url elsif condition_check.eql?(false) render "public/404" , layout: "back_end" end end def setup_vars @app_title ||= controller_path.split('/')[1].singularize rescue nil @module_app ||= ModuleApp.find_by(key: @app_title) rescue nil @module_authorized_users ||= Authorization.module_authorized_users(@module_app.id).pluck(:user_id) rescue nil end end end end