1.make module app forbid unearthed access except from admin
2.override sidebar link when it's object_auth or app_auth.
This commit is contained in:
parent
15be80a35f
commit
4a08a1992b
|
@ -1,10 +1,24 @@
|
||||||
class Admin::ModuleAppsNewInterfaceController < OrbitBackendController
|
class Admin::ModuleAppsNewInterfaceController < OrbitBackendController
|
||||||
before_filter :authenticate_user!
|
before_filter :check_auth
|
||||||
before_filter :is_admin?
|
# before_filter :authenticate_user!
|
||||||
|
# before_filter :is_admin?
|
||||||
include AdminHelper
|
include AdminHelper
|
||||||
|
|
||||||
layout "new_admin"
|
layout "new_admin"
|
||||||
|
|
||||||
|
def check_auth
|
||||||
|
|
||||||
|
unless is_admin? and is_manager?
|
||||||
|
flash[:error] = "unauthorized access"
|
||||||
|
if request.env["HTTP_REFERER"]
|
||||||
|
redirect_to :back
|
||||||
|
else
|
||||||
|
render(:file => File.join(Rails.root, 'public/403.html'), :status => 403, :layout => false)
|
||||||
|
end
|
||||||
|
false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def setting
|
def setting
|
||||||
@sys_users = User.all(conditions: {admin: false}).includes(:avatar).not_guest_user
|
@sys_users = User.all(conditions: {admin: false}).includes(:avatar).not_guest_user
|
||||||
@module_app = ModuleApp.find(params[:module_app_id])
|
@module_app = ModuleApp.find(params[:module_app_id])
|
||||||
|
|
|
@ -138,9 +138,9 @@ module OrbitApp
|
||||||
|
|
||||||
def initialize(label_i18n="NoNameLink",options={})
|
def initialize(label_i18n="NoNameLink",options={})
|
||||||
@label_i18n = label_i18n
|
@label_i18n = label_i18n
|
||||||
@available_for = options[:available_for]
|
|
||||||
@priority = options[:priority] || 0
|
@priority = options[:priority] || 0
|
||||||
@path = options[:link_path] || ""
|
@path = options[:link_path] || ""
|
||||||
|
set_available_for_avoiding_sensitive_links(options[:available_for] )
|
||||||
@active_for_action = options[:active_for_action] || []
|
@active_for_action = options[:active_for_action] || []
|
||||||
@active_for_object_auth = options[:active_for_object_auth] || []
|
@active_for_object_auth = options[:active_for_object_auth] || []
|
||||||
@active_for_app_auth = options[:active_for_app_auth] || []
|
@active_for_app_auth = options[:active_for_app_auth] || []
|
||||||
|
@ -148,6 +148,24 @@ module OrbitApp
|
||||||
@get_module_app = options[:get_module_app]
|
@get_module_app = options[:get_module_app]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def set_available_for_avoiding_sensitive_links(available_for)
|
||||||
|
sensitive_list = {}
|
||||||
|
sensitive_list[:module_app] =/.*manager_auth_proc.*/
|
||||||
|
sensitive_list[:object_auth] = /.*object_auth.*/
|
||||||
|
|
||||||
|
sensitive_list.each do |index,regx|
|
||||||
|
if @path.match(regx)
|
||||||
|
@available_for = case index
|
||||||
|
when :module_app
|
||||||
|
[:admin]
|
||||||
|
when :object_auth
|
||||||
|
[:manager,:admin]
|
||||||
|
end #of case
|
||||||
|
end #of if
|
||||||
|
end #of each
|
||||||
|
@available_for = available_for if @available_for.nil?
|
||||||
|
end #of def
|
||||||
|
|
||||||
def get_module_app
|
def get_module_app
|
||||||
@get_module_app.call
|
@get_module_app.call
|
||||||
end
|
end
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
403 FORIBDDEN
|
|
@ -3,6 +3,8 @@ class Panel::Announcement::BackEnd::ApprovalsController < OrbitBackendControlle
|
||||||
before_filter :is_admin?
|
before_filter :is_admin?
|
||||||
include AdminHelper
|
include AdminHelper
|
||||||
# layout 'admin'
|
# layout 'admin'
|
||||||
|
|
||||||
|
|
||||||
def preview_and_approve
|
def preview_and_approve
|
||||||
@bulletin = Bulletin.find params[:bulletin_id]
|
@bulletin = Bulletin.find params[:bulletin_id]
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
|
class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
|
||||||
include AdminHelper
|
|
||||||
include OrbitControllerLib::DivisionForDisable
|
include OrbitControllerLib::DivisionForDisable
|
||||||
|
|
||||||
before_filter :clean_values, :only => [:create, :update]
|
before_filter :clean_values, :only => [:create, :update]
|
||||||
|
|
|
@ -131,8 +131,7 @@ module Announcement
|
||||||
context_link 'module_authorization',
|
context_link 'module_authorization',
|
||||||
:link_path=>"admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: 'Announcement'}))",
|
:link_path=>"admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: 'Announcement'}))",
|
||||||
:priority=>6,
|
:priority=>6,
|
||||||
:active_for_app_auth => 'Announcement',
|
:active_for_app_auth => 'Announcement'
|
||||||
:available_for => [:admin]
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Reference in New Issue