diff --git a/app/controllers/admin/module_apps_controller.rb b/app/controllers/admin/module_apps_controller.rb index 440f81004..13075a422 100644 --- a/app/controllers/admin/module_apps_controller.rb +++ b/app/controllers/admin/module_apps_controller.rb @@ -101,7 +101,7 @@ class Admin::ModuleAppsController < ApplicationController end #user is not permited to do that flash[:notice] = t('admin.app_auth.operation_not_permitted') - redirect_to :action => "edit" # [TODO] maybe need to redirect to some other page + render :nothing => true, :status => 403 end @@ -113,7 +113,7 @@ class Admin::ModuleAppsController < ApplicationController end #user is not permited to do that flash[:notice] = t('admin.app_auth.operation_not_permitted') - redirect_to :action => "edit" # [TODO] maybe need to redirect to some other page + render :nothing => true, :status => 403 end end \ No newline at end of file diff --git a/app/controllers/admin/object_auths_controller.rb b/app/controllers/admin/object_auths_controller.rb index a7a8dc419..58219acf2 100644 --- a/app/controllers/admin/object_auths_controller.rb +++ b/app/controllers/admin/object_auths_controller.rb @@ -27,8 +27,13 @@ class Admin::ObjectAuthsController < ApplicationController def create obj = eval(params[:object_auth][:type]).find params[:object_auth][:obj_id] - @object_auth=obj.object_auths.create :title=> params[:object_auth][:title] - redirect_to edit_admin_object_auth_path(@object_auth) + @object_auth=obj.object_auths.build :title=> params[:object_auth][:title] + if @object_auth.save + redirect_to edit_admin_object_auth_path(@object_auth) + else + flash[:error] = t('admin.object.a_object_must_have_only_one_object_auth_profile_for_each_action') + redirect_to (:back) + end end def create_role diff --git a/app/models/object_auth.rb b/app/models/object_auth.rb index f67f99843..8932bb762 100644 --- a/app/models/object_auth.rb +++ b/app/models/object_auth.rb @@ -1,5 +1,6 @@ class ObjectAuth < PrototypeAuth include OrbitCoreLib::ObjectTokenUnility + validates_uniqueness_of :obj_authable_type,:scope => :title #{ |c| } belongs_to :obj_authable, polymorphic: true # > - Something.find_with_auth(query) # > - or Something.find(query).auth diff --git a/app/views/admin/components/_user_role_management.html.erb b/app/views/admin/components/_user_role_management.html.erb index 99cd72d71..cd9ca8ae7 100644 --- a/app/views/admin/components/_user_role_management.html.erb +++ b/app/views/admin/components/_user_role_management.html.erb @@ -1,7 +1,7 @@

All User

<%= form_tag(submit_url) do %> - <%= check_box_tag 'auth_all',true,auth.all %><%= submit_tag 'Add Role' %>
+ <%= check_box_tag 'auth_all',true,(auth.all rescue true) %><%= submit_tag 'Add Role' %>
<% end %>
diff --git a/lib/tasks/user.rake b/lib/tasks/user.rake index 31ed7c246..5189ee14f 100644 --- a/lib/tasks/user.rake +++ b/lib/tasks/user.rake @@ -5,7 +5,7 @@ namespace :user do User.all(conditions: {email: /nor/}).destroy_all username_list = %w{nor1 nor2 nor3 nor4 nor5 nor6 nor7} - userfirstname_list_en = %w{ One Two Thre For Fiv Six Sen } + userfirstname_list_en = %w{ UserOne UserTwo Thre For Fiv Six Sen } userlastname_list_en = %w{ Aa Bb Cc Dd Ee Ff Gg } userfirstname_list_ct = %w{ 一一 二二 三三 四四 五五 六六 七七 } diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb index 6f4c1b7b1..53cc5f3d1 100644 --- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb +++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb @@ -145,7 +145,12 @@ class Panel::Announcement::BackEnd::BulletinsController < ApplicationController protected def get_categorys(id = nil) - @bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.excludes('disabled' => true)) + @bulletin_categorys = [] + if(is_manager? || is_admin?) + @bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.excludes('disabled' => true)) + elsif is_sub_manager? + @bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit_new') + end end def get_sorted_bulletins diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb index 1ef3b3007..dd4719589 100644 --- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb +++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/fact_checks_controller.rb @@ -1,10 +1,18 @@ class Panel::Announcement::BackEnd::FactChecksController < OrbitBackendController before_filter :authenticate_user! + include AdminHelper layout 'admin' def index - @bulletin_categorys_preview = BulletinCategory.authed_for_user(current_user,'preview') - @bulletin_categorys_check = BulletinCategory.authed_for_user(current_user,'fact_check') + @bulletin_categorys_submit_new = [] + @bulletin_categorys_check =[] + if is_admin? || is_manager? + #@bulletin_categorys_submit_new = BulletinCategory.all + @bulletin_categorys_check = BulletinCategory.all + # elsif is_sub_manager? + # @bulletin_categorys_submit_new = BulletinCategory.authed_for_user(current_user,'submit_new') + # @bulletin_categorys_check = BulletinCategory.authed_for_user(current_user,'fact_check') + end end def new diff --git a/vendor/built_in_modules/announcement/app/models/bulletin_category.rb b/vendor/built_in_modules/announcement/app/models/bulletin_category.rb index d86b17add..7daaf6db0 100644 --- a/vendor/built_in_modules/announcement/app/models/bulletin_category.rb +++ b/vendor/built_in_modules/announcement/app/models/bulletin_category.rb @@ -5,7 +5,7 @@ class BulletinCategory include Mongoid::Timestamps include OrbitCoreLib::ObjectAuthable - ObjectAuthTitlesOptions = %W{preview fact_check} + ObjectAuthTitlesOptions = %W{submit_new fact_check} AfterObjectAuthUrl = '/panel/announcement/back_end/bulletin_categorys' # include Mongoid::MultiParameterAttributes diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb index 87a2993c9..87b30a049 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/index.html.erb @@ -1,22 +1,17 @@ <% content_for :secondary do %> -
-
-
-
-
- +<%= render :partial => '/panel/announcement/back_end/announcement_secondary' %> <% end -%> <%= flash_messages %> +
+
+
+
+
+

<%= t('bulletin_category.list_announcement_class') %>

-
-
-
-
-
+ diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/new.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/new.html.erb index 5f8d064bc..296afb092 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/new.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletin_categorys/new.html.erb @@ -1,15 +1,15 @@ -
-
-
-
- <% content_for :secondary do %> - +<%= render :partial => '/panel/announcement/back_end/announcement_secondary' %> <% end -%> <%= flash_messages %> + +
+
+
+
+
+

<%= t('bulletin_category.new_announcement_class') %>

<%= form_for @bulletin_category, :url => panel_announcement_back_end_bulletin_categorys_path do |f| %> <%= render :partial => 'form', :locals => {:f => f} %> diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/edit.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/edit.html.erb index 345a60a93..56cfd258a 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/edit.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/edit.html.erb @@ -4,4 +4,4 @@ <%= render :partial => 'form', :locals => {:f => f} %> <% end %> -<%= link_back %> \ No newline at end of file +<%= link_back %> diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb index 26e8926c1..fd2b29b5b 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/index.html.erb @@ -1,4 +1,4 @@ -]<%= render 'filter' %> +<%= render 'filter' %>
<%= t('bulletin_category.key') %>
<%= render 'bulletins' %>
diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/new.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/new.html.erb index ab0191ab7..74e1291ab 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/new.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/new.html.erb @@ -1,6 +1,5 @@ - <%= form_for @bulletin, :url => panel_announcement_back_end_bulletins_path do |f| %> <%= render :partial => 'form', :locals => {:f => f} %> <% end %> -<%= link_back %> \ No newline at end of file +<%= link_back %> diff --git a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/show.html.erb b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/show.html.erb index f02d91569..7b886e77f 100644 --- a/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/show.html.erb +++ b/vendor/built_in_modules/announcement/app/views/panel/announcement/back_end/bulletins/show.html.erb @@ -1,10 +1,14 @@ -<% # encoding: utf-8 %> +<% content_for :secondary do %> +<%= render :partial => '/panel/announcement/back_end/announcement_secondary' %> +<% end -%> + +<%= flash_messages %>


- -

<%= flash_messages %>

+
+