Fix for NCCU 0430 all functions ok with two submanagers but different behavors
This commit is contained in:
parent
4a51355b1a
commit
4466e7ae1c
|
@ -2,7 +2,7 @@ class Admin::DashboardsController < ApplicationController
|
||||||
|
|
||||||
layout "new_admin"
|
layout "new_admin"
|
||||||
before_filter :authenticate_user!
|
before_filter :authenticate_user!
|
||||||
before_filter :is_admin?
|
# before_filter :is_admin?
|
||||||
|
|
||||||
def index
|
def index
|
||||||
end
|
end
|
||||||
|
|
|
@ -6,6 +6,7 @@ class Admin::DesignsController < ApplicationController
|
||||||
layout "new_admin"
|
layout "new_admin"
|
||||||
before_filter :authenticate_user!
|
before_filter :authenticate_user!
|
||||||
before_filter :is_admin?
|
before_filter :is_admin?
|
||||||
|
before_filter :for_admin_only
|
||||||
|
|
||||||
def upload_package
|
def upload_package
|
||||||
if !params[:design].nil?
|
if !params[:design].nil?
|
||||||
|
|
|
@ -39,9 +39,59 @@ class ApplicationController < ActionController::Base
|
||||||
@parent_item = Item.first(:conditions => { :id => BSON::ObjectId(params[:parent_id]) }) rescue nil
|
@parent_item = Item.first(:conditions => { :id => BSON::ObjectId(params[:parent_id]) }) rescue nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def auth_failed_in_backend
|
||||||
|
redirect_to admin_dashboards_url
|
||||||
|
end
|
||||||
|
|
||||||
# Check if the current_user is admin
|
# Check if the current_user is admin
|
||||||
def is_admin?
|
def is_admin?
|
||||||
redirect_to root_url unless current_user.admin?
|
|
||||||
|
auth_failed_in_backend unless current_user.admin?
|
||||||
|
end
|
||||||
|
|
||||||
|
def is_manager?
|
||||||
|
@module_app.managing_users.include?(current_user) || is_admin?
|
||||||
|
end
|
||||||
|
|
||||||
|
def for_admin_only
|
||||||
|
if is_admin?
|
||||||
|
true
|
||||||
|
else
|
||||||
|
flash[:notice] = "Access Denied for you are not Admin"
|
||||||
|
auth_failed_in_backend
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def for_app_manager
|
||||||
|
if is_manager?
|
||||||
|
true
|
||||||
|
else
|
||||||
|
flash[:notice] = "Access Denied for you are not Manager for this app"
|
||||||
|
auth_failed_in_backend
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def for_app_sub_manager
|
||||||
|
if (@module_app.sub_managing_users.include?(current_user) || is_manager?)
|
||||||
|
true
|
||||||
|
else
|
||||||
|
flash[:notice] = "Access Denied for you are not SubManager for this app"
|
||||||
|
auth_failed_in_backend
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def for_app_user
|
||||||
|
if (@module_app.app_auth.auth_users.include?(current_user) || for_app_sub_manager )
|
||||||
|
true
|
||||||
|
else
|
||||||
|
flash[:notice] = "Access Denied for you are not User for this app"
|
||||||
|
auth_failed_in_backend
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def check_object_premission(obj,title)
|
||||||
|
flash[:notice] = "Access Denied for you don't have permission for this object"
|
||||||
|
auth_failed_in_backend unless (obj.get_object_auth_by_title(title).auth_users.include?(current_user) || is_manager? || is_admin? )
|
||||||
end
|
end
|
||||||
|
|
||||||
# Render the page
|
# Render the page
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
<%= flash_messages %>
|
||||||
|
|
||||||
<div id="isotope">
|
<div id="isotope">
|
||||||
<div class="item element">
|
<div class="item element">
|
||||||
<h3><i class="icons-member"></i><a href="">Member</a></h3>
|
<h3><i class="icons-member"></i><a href="">Member</a></h3>
|
||||||
|
|
|
@ -1,6 +1,10 @@
|
||||||
<%#= content_tag :li, :class => active_for_controllers('purchases') do -%>
|
<%#= content_tag :li, :class => active_for_controllers('purchases') do -%>
|
||||||
<%#= link_to content_tag(:i, nil, :class => 'icons-purchase') + t('admin.purchase'), admin_purchases_path %>
|
<%#= link_to content_tag(:i, nil, :class => 'icons-purchase') + t('admin.purchase'), admin_purchases_path %>
|
||||||
<%# end -%>
|
<%# end -%>
|
||||||
|
<% content_for :page_specific_javascript do %>
|
||||||
|
<%= javascript_include_tag "/static/kernel.js" %>
|
||||||
|
<% end %>
|
||||||
|
<%= flash_messages %>
|
||||||
|
|
||||||
<%= content_tag :li, :class => active_for_controllers('bulletins', '/panel/announcement/back_end/tags', 'bulletin_categorys','module_apps', 'approvals') do -%>
|
<%= content_tag :li, :class => active_for_controllers('bulletins', '/panel/announcement/back_end/tags', 'bulletin_categorys','module_apps', 'approvals') do -%>
|
||||||
<%= link_to content_tag(:i, nil, :class => 'icons-announcement') + t('admin.announcement'), panel_announcement_back_end_bulletins_path %>
|
<%= link_to content_tag(:i, nil, :class => 'icons-announcement') + t('admin.announcement'), panel_announcement_back_end_bulletins_path %>
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
$(document).ready(function() {
|
$(document).ready(function() {
|
||||||
|
$.each($(".notice"),function(k,v){ alert("EMPTY Cate");});
|
||||||
|
|
||||||
$.each($(".dymanic_load"),function(){
|
$.each($(".dymanic_load"),function(){
|
||||||
if($(this).attr("path")==''){$(this).html("App setting Failed");}
|
if($(this).attr("path")==''){$(this).html("App setting Failed");}
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
class Panel::Announcement::BackEnd::ApprovalsController < OrbitBackendController
|
class Panel::Announcement::BackEnd::ApprovalsController < OrbitBackendController
|
||||||
before_filter :authenticate_user!
|
before_filter :authenticate_user!
|
||||||
|
before_filter :is_admin?
|
||||||
include AdminHelper
|
include AdminHelper
|
||||||
# layout 'admin'
|
# layout 'admin'
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
class Panel::Announcement::BackEnd::BulletinCategorysController < OrbitBackendController
|
class Panel::Announcement::BackEnd::BulletinCategorysController < OrbitBackendController
|
||||||
|
before_filter :for_app_manager,:except => [:index]
|
||||||
|
|
||||||
|
|
||||||
def index
|
def index
|
||||||
@bulletin_categorys = BulletinCategory.all
|
@bulletin_categorys = BulletinCategory.all
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
|
class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
|
||||||
|
|
||||||
before_filter :authenticate_user!
|
before_filter :authenticate_user!
|
||||||
before_filter :is_admin?
|
# before_filter :for_admin_only,:only => [:]
|
||||||
|
# before_filter :for_app_manager,:only => [:index,:show,]
|
||||||
|
before_filter :for_app_sub_manager,:except => [:index,:show,:get_sorted_and_filtered_bulletins]
|
||||||
def index
|
def index
|
||||||
# @bulletins = Bulletin.all
|
# @bulletins = Bulletin.all
|
||||||
# @bulletins = Bulletin.desc("postdate desc")
|
# @bulletins = Bulletin.desc("postdate desc")
|
||||||
|
@ -39,6 +40,10 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
|
||||||
@bulletin_file = BulletinFile.new
|
@bulletin_file = BulletinFile.new
|
||||||
@file_url = panel_announcement_back_end_bulletins_path
|
@file_url = panel_announcement_back_end_bulletins_path
|
||||||
|
|
||||||
|
@bulletins.delete_if{ |bulletin|
|
||||||
|
bulletin.is_pending == true && (!bulletin.bulletin_category.authed_users('fact_check').include?(current_user) || bulletin.create_user_id!=current_user.id)
|
||||||
|
}
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html # index.html.erb
|
format.html # index.html.erb
|
||||||
format.js { }
|
format.js { }
|
||||||
|
@ -77,14 +82,17 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
|
||||||
# @bulletin.bulletin_files.build
|
# @bulletin.bulletin_files.build
|
||||||
# @bulletin.bulletin_files.new
|
# @bulletin.bulletin_files.new
|
||||||
|
|
||||||
get_categorys
|
if get_categorys.empty?
|
||||||
|
flash[:notice] = "You dont have any permission for post on cate"
|
||||||
|
redirect_to :action => :index
|
||||||
|
else
|
||||||
get_tags
|
get_tags
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html # new.html.erb
|
format.html # new.html.erb
|
||||||
format.xml { render :xml => @bulletin }
|
format.xml { render :xml => @bulletin }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
# GET /bulletins/1/edit
|
# GET /bulletins/1/edit
|
||||||
def edit
|
def edit
|
||||||
|
@ -311,7 +319,7 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
|
||||||
if(is_manager? || is_admin?)
|
if(is_manager? || is_admin?)
|
||||||
@bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.excludes('disabled' => true))
|
@bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.excludes('disabled' => true))
|
||||||
elsif is_sub_manager?
|
elsif is_sub_manager?
|
||||||
@bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit_new')
|
@bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -4,10 +4,13 @@
|
||||||
<%= bulletin_category.key %>
|
<%= bulletin_category.key %>
|
||||||
<div class="quick-edit">
|
<div class="quick-edit">
|
||||||
<ul class="nav nav-pills hide">
|
<ul class="nav nav-pills hide">
|
||||||
<li><%= link_to t('bulletin_category.edit'), edit_panel_announcement_back_end_bulletin_category_path(bulletin_category), :remote => true %></li>
|
<%if is_manager? || is_admin? %>
|
||||||
<li><%= show_submit_permission_link(bulletin_category) %></li>
|
<li><%= show_submit_permission_link(bulletin_category) %></li>
|
||||||
|
<% end %>
|
||||||
|
<% if is_admin?%>
|
||||||
|
<li><%= link_to t('bulletin_category.edit'), edit_panel_announcement_back_end_bulletin_category_path(bulletin_category), :remote => true %></li>
|
||||||
<li><%= link_to t('bulletin_category.delete'), panel_announcement_back_end_bulletin_category_path(bulletin_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
|
<li><%= link_to t('bulletin_category.delete'), panel_announcement_back_end_bulletin_category_path(bulletin_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
<div id="form"><%= render :partial => "form" %></div>
|
<div id="form"><%= render :partial => "form" if is_manager?%></div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
<tr id="<%= dom_id bulletin %>" class="with_action">
|
<tr id="<%= dom_id bulletin %>" class="with_action">
|
||||||
<td><%= check_box_tag 'to_delete[]', bulletin.id, false, :class => "checkbox_in_list" %></td>
|
<td>
|
||||||
|
<% if (bulletin.create_user_id == current_user.id) || is_manager? %>
|
||||||
|
<%= check_box_tag 'to_delete[]', bulletin.id, false, :class => "checkbox_in_list" %>
|
||||||
|
<% end -%>
|
||||||
<td>
|
<td>
|
||||||
<% if bulletin.is_top? %>
|
<% if bulletin.is_top? %>
|
||||||
<span class="label label-success"><%= t(:top) %></span>
|
<span class="label label-success"><%= t(:top) %></span>
|
||||||
|
@ -23,8 +26,11 @@
|
||||||
<td><%= bulletin.bulletin_category.i18n_variable[I18n.locale] %></td>
|
<td><%= bulletin.bulletin_category.i18n_variable[I18n.locale] %></td>
|
||||||
<td>
|
<td>
|
||||||
<%= link_to bulletin.title[I18n.locale], panel_announcement_front_end_bulletin_path(bulletin, :category_id => bulletin.bulletin_category.id) rescue ''%>
|
<%= link_to bulletin.title[I18n.locale], panel_announcement_front_end_bulletin_path(bulletin, :category_id => bulletin.bulletin_category.id) rescue ''%>
|
||||||
|
|
||||||
<div class="quick-edit">
|
<div class="quick-edit">
|
||||||
<ul class="nav nav-pills hide">
|
<ul class="nav nav-pills hide">
|
||||||
|
<% if (bulletin.create_user_id == current_user.id) || is_manager? %>
|
||||||
|
|
||||||
<% if current_user.admin? || (!bulletin.is_rejected? && !bulletin.is_checked?) %>
|
<% if current_user.admin? || (!bulletin.is_rejected? && !bulletin.is_checked?) %>
|
||||||
<li><%= link_to t('bulletin.edit'), edit_panel_announcement_back_end_bulletin_path(bulletin) %></li>
|
<li><%= link_to t('bulletin.edit'), edit_panel_announcement_back_end_bulletin_path(bulletin) %></li>
|
||||||
<li class="dropdown">
|
<li class="dropdown">
|
||||||
|
@ -39,11 +45,13 @@
|
||||||
</li>
|
</li>
|
||||||
<%#= debugger %>
|
<%#= debugger %>
|
||||||
<%#= a=1 %>
|
<%#= a=1 %>
|
||||||
|
|
||||||
|
<% end %>
|
||||||
|
<li class="dropdown"><%= link_to t('bulletin.delete'), panel_announcement_back_end_bulletin_path(bulletin), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
|
||||||
|
<% end -%>
|
||||||
<% if show_approval_link(bulletin) %>
|
<% if show_approval_link(bulletin) %>
|
||||||
<li><%= link_to t('announcement.bulletin.approval'), edit_panel_announcement_back_end_bulletin_path(bulletin) %></li><%#= #TODO add ancher so user can quick access into that part %>
|
<li><%= link_to t('announcement.bulletin.approval'), edit_panel_announcement_back_end_bulletin_path(bulletin) %></li><%#= #TODO add ancher so user can quick access into that part %>
|
||||||
<% end %>
|
<% end %>
|
||||||
<% end %>
|
|
||||||
<li class="dropdown"><%= link_to t('bulletin.delete'), panel_announcement_back_end_bulletin_path(bulletin), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
|
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
</td>
|
</td>
|
||||||
|
|
|
@ -2,8 +2,10 @@
|
||||||
<thead>
|
<thead>
|
||||||
<tr class="sort-header">
|
<tr class="sort-header">
|
||||||
<th class="span1 strong">
|
<th class="span1 strong">
|
||||||
|
<% if is_manager? %>
|
||||||
<input id="check_all_bulletins" type="checkbox">
|
<input id="check_all_bulletins" type="checkbox">
|
||||||
<a href='#' class="list-remove"><i class="icon-trash"></i></a>
|
<a href='#' class="list-remove"><i class="icon-trash"></i></a>
|
||||||
|
<% end -%>
|
||||||
</th>
|
</th>
|
||||||
<th class="sort span1-2 <%= is_sort_active?('status') %>">
|
<th class="sort span1-2 <%= is_sort_active?('status') %>">
|
||||||
<%= link_to (t('bulletin.status') + content_tag(:b, nil, :class => is_sort?('status'))).html_safe, panel_announcement_back_end_bulletins_path({:filter => @filter}.merge(sortable('status'))), :class => 'js_history' %>
|
<%= link_to (t('bulletin.status') + content_tag(:b, nil, :class => is_sort?('status'))).html_safe, panel_announcement_back_end_bulletins_path({:filter => @filter}.merge(sortable('status'))), :class => 'js_history' %>
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
|
||||||
|
|
||||||
<%= form_for :bulletins, :url => delete_panel_announcement_back_end_bulletins_path(:direction => params[:direction], :sort => params[:sort], :filter => @filter, :new_filter => nil), :html => {:id => 'delete_bulletins'}, :remote => true do %>
|
<%= form_for :bulletins, :url => delete_panel_announcement_back_end_bulletins_path(:direction => params[:direction], :sort => params[:sort], :filter => @filter, :new_filter => nil), :html => {:id => 'delete_bulletins'}, :remote => true do %>
|
||||||
<%= render 'filter' %>
|
<%= render 'filter' %>
|
||||||
<table id="bulettin_sort_list" class="table main-list">
|
<table id="bulettin_sort_list" class="table main-list">
|
||||||
|
|
Reference in New Issue