From 8421368e7770d1b3fee83cc8de6af7dd6a7578ee Mon Sep 17 00:00:00 2001 From: manson Date: Thu, 31 Jul 2014 20:43:16 +0800 Subject: [PATCH] Add authorization --- app/controllers/admin/web_resources_controller.rb | 10 +++++++--- app/views/admin/web_resources/_index.html.erb | 6 ++++-- lib/links/engine.rb | 10 +++++----- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/app/controllers/admin/web_resources_controller.rb b/app/controllers/admin/web_resources_controller.rb index 4ce80a6..d3af595 100644 --- a/app/controllers/admin/web_resources_controller.rb +++ b/app/controllers/admin/web_resources_controller.rb @@ -31,9 +31,13 @@ class Admin::WebResourcesController < OrbitAdminController end def edit - @tags =@module_app.tags - @categories = @module_app.categories.enabled - @statuses = [] + if can_edit_or_delete?(@link) + @tags =@module_app.tags + @categories = @module_app.categories.enabled + @statuses = [] + else + render_401 + end end def update diff --git a/app/views/admin/web_resources/_index.html.erb b/app/views/admin/web_resources/_index.html.erb index 27a35d9..3c57f0e 100644 --- a/app/views/admin/web_resources/_index.html.erb +++ b/app/views/admin/web_resources/_index.html.erb @@ -15,8 +15,10 @@ <%= link.title %>
diff --git a/lib/links/engine.rb b/lib/links/engine.rb index dc51ade..3d6e6e0 100644 --- a/lib/links/engine.rb +++ b/lib/links/engine.rb @@ -13,7 +13,7 @@ module WebResource data_count 1..10 side_bar do head_label_i18n 'web_resource',:icon_class=>"icons-link" - available_for [:admin,:manager,:sub_manager] + available_for "users" active_for_controllers (['admin/web_resources']) head_link_path "admin_web_resources_path" @@ -21,13 +21,13 @@ module WebResource :link_path=>"admin_web_resources_path" , :priority=>1, :active_for_action=>{'admin/web_resources'=>'index'}, - :available_for => [:all] + :available_for => 'users' context_link 'new_', :link_path=>"new_admin_web_resource_path" , :priority=>2, :active_for_action=>{'admin/web_resources'=>'new'}, - :available_for => [:sub_manager] + :available_for => 'sub_managers' context_link 'categories', :link_path=>"admin_module_app_categories_path" , @@ -35,14 +35,14 @@ module WebResource :priority=>3, :active_for_action=>{'admin/web_resources.'=>'categories'}, :active_for_category => 'WebResource', - :available_for => [:manager] + :available_for => 'managers' context_link 'tags', :link_path=>"admin_module_app_tags_path" , :link_arg=>"{:module_app_id=>ModuleApp.find_by(:key=>'web_resource').id}", :priority=>4, :active_for_action=>{'admin/web_resources'=>'tags'}, :active_for_tag => 'WebResource', - :available_for => [:manager] + :available_for => 'managers' end end end