From 29c61c86e4aac994521892d99a5e64697425408c Mon Sep 17 00:00:00 2001 From: Harry Bomrah Date: Thu, 31 Jul 2014 21:51:25 +0800 Subject: [PATCH] added authorization to plugin --- .../admin/book_author_types_controller.rb | 2 +- app/controllers/admin/books_controller.rb | 34 +++++++++++++------ app/views/admin/books/_writing_book.html.erb | 4 +-- app/views/admin/books/index.html.erb | 5 +-- app/views/plugin/book/_profile.html.erb | 22 ++++++------ 5 files changed, 41 insertions(+), 26 deletions(-) diff --git a/app/controllers/admin/book_author_types_controller.rb b/app/controllers/admin/book_author_types_controller.rb index 1135803..4ef0ec4 100644 --- a/app/controllers/admin/book_author_types_controller.rb +++ b/app/controllers/admin/book_author_types_controller.rb @@ -1,4 +1,4 @@ -class Admin::BookAuthorTypesController < ApplicationController +class Admin::BookAuthorTypesController < OrbitMemberController before_action :set_book_author_type, only: [:edit, :update, :destroy] def initialize diff --git a/app/controllers/admin/books_controller.rb b/app/controllers/admin/books_controller.rb index 9845722..132a618 100644 --- a/app/controllers/admin/books_controller.rb +++ b/app/controllers/admin/books_controller.rb @@ -24,7 +24,11 @@ class Admin::BooksController < OrbitMemberController end def edit - @members_data = Book.member_data rescue nil + if has_access? + @members_data = Book.member_data rescue nil + else + render_401 + end end def update @@ -42,12 +46,16 @@ class Admin::BooksController < OrbitMemberController end def new - @book = Book.new - @members_data = Book.member_data rescue nil + if has_access? + @book = Book.new + @members_data = Book.member_data rescue nil - respond_to do |format| - format.html # new.html.erb - format.xml { render :xml => @book } + respond_to do |format| + format.html # new.html.erb + format.xml { render :xml => @book } + end + else + render_401 end end @@ -65,11 +73,15 @@ class Admin::BooksController < OrbitMemberController end def book_setting - @set_author_type = BookAuthorType.new(display: 'List') - @author_type_url = admin_books_path - - @set_book_type = BookType.new(display: 'List') - @book_type_url = admin_books_path + if current_user.is_admin? + @set_author_type = BookAuthorType.new(display: 'List') + @author_type_url = admin_books_path + + @set_book_type = BookType.new(display: 'List') + @book_type_url = admin_books_path + else + render_401 + end end def destroy diff --git a/app/views/admin/books/_writing_book.html.erb b/app/views/admin/books/_writing_book.html.erb index 4cde60e..cb08834 100644 --- a/app/views/admin/books/_writing_book.html.erb +++ b/app/views/admin/books/_writing_book.html.erb @@ -5,10 +5,10 @@ <%= link_to writing_book.create_link, page_for_book(writing_book), target: "blank" %>
diff --git a/app/views/admin/books/index.html.erb b/app/views/admin/books/index.html.erb index 3ef33ce..b40bf49 100644 --- a/app/views/admin/books/index.html.erb +++ b/app/views/admin/books/index.html.erb @@ -13,8 +13,9 @@
- <%= link_to content_tag(:i, nil, :class => 'icon-cog icon-white') + t('setting'), admin_book_setting_path, :class => 'btn btn-primary pull-right' %> - <%= link_to content_tag(:i, nil, :class => 'icon-plus icon-white') + t('announcement.add_new'), new_admin_book_path, :class => 'btn btn-primary pull-right' %> + <% if current_user.is_admin? %> + <%= link_to content_tag(:i, nil, :class => 'icon-cog icon-white') + t('setting'), admin_book_setting_path, :class => 'btn btn-primary pull-right' %> + <% end %>