Merge branch 'master' into ldap

This commit is contained in:
Christophe Vilayphiou 2012-03-20 14:27:04 +08:00
commit 5fcd3cd783
2 changed files with 14 additions and 4 deletions

View File

@ -1,8 +1,7 @@
class Admin::ObjectAuthsController < ApplicationController class Admin::ObjectAuthsController < ApplicationController
include OrbitCoreLib::PermissionUnility include OrbitCoreLib::PermissionUnility
layout "admin" layout "admin"
before_filter :authenticate_user! before_filter :force_order
before_filter :check_if_user_can_do_object_auth
# before_filter :is_admin? ,:only => :index # before_filter :is_admin? ,:only => :index
@ -84,6 +83,12 @@ class Admin::ObjectAuthsController < ApplicationController
end end
private private
def force_order
authenticate_user!
check_if_user_can_do_object_auth
end
def check_if_user_can_do_object_auth def check_if_user_can_do_object_auth
unless check_permission(:manager) unless check_permission(:manager)
render :nothing => true, :status => 403 render :nothing => true, :status => 403

View File

@ -1,8 +1,8 @@
class OrbitBackendController< ApplicationController class OrbitBackendController< ApplicationController
before_filter :authenticate_user! before_filter :force_order,:except => [:public]
before_filter :setup_vars before_filter :setup_vars
# before_filter {|c| c.front_end_available(@app_title)} # before_filter {|c| c.front_end_available(@app_title)}
before_filter :check_user_can_use,:except => [:public] # before_filter :check_user_can_use
include OrbitCoreLib::PermissionUnility include OrbitCoreLib::PermissionUnility
include AdminHelper include AdminHelper
@ -15,6 +15,11 @@ class OrbitBackendController< ApplicationController
private private
def force_order
authenticate_user!
check_user_can_use
end
def check_user_can_use def check_user_can_use
unless check_permission unless check_permission
redirect_to polymorphic_path(['panel',@app_title,'back_end','public']) redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])