Merge branch 'master' into ldap
This commit is contained in:
commit
5fcd3cd783
|
@ -1,8 +1,7 @@
|
||||||
class Admin::ObjectAuthsController < ApplicationController
|
class Admin::ObjectAuthsController < ApplicationController
|
||||||
include OrbitCoreLib::PermissionUnility
|
include OrbitCoreLib::PermissionUnility
|
||||||
layout "admin"
|
layout "admin"
|
||||||
before_filter :authenticate_user!
|
before_filter :force_order
|
||||||
before_filter :check_if_user_can_do_object_auth
|
|
||||||
# before_filter :is_admin? ,:only => :index
|
# before_filter :is_admin? ,:only => :index
|
||||||
|
|
||||||
|
|
||||||
|
@ -84,6 +83,12 @@ class Admin::ObjectAuthsController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
|
def force_order
|
||||||
|
authenticate_user!
|
||||||
|
check_if_user_can_do_object_auth
|
||||||
|
end
|
||||||
|
|
||||||
def check_if_user_can_do_object_auth
|
def check_if_user_can_do_object_auth
|
||||||
unless check_permission(:manager)
|
unless check_permission(:manager)
|
||||||
render :nothing => true, :status => 403
|
render :nothing => true, :status => 403
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
class OrbitBackendController< ApplicationController
|
class OrbitBackendController< ApplicationController
|
||||||
before_filter :authenticate_user!
|
before_filter :force_order,:except => [:public]
|
||||||
before_filter :setup_vars
|
before_filter :setup_vars
|
||||||
# before_filter {|c| c.front_end_available(@app_title)}
|
# before_filter {|c| c.front_end_available(@app_title)}
|
||||||
before_filter :check_user_can_use,:except => [:public]
|
# before_filter :check_user_can_use
|
||||||
include OrbitCoreLib::PermissionUnility
|
include OrbitCoreLib::PermissionUnility
|
||||||
include AdminHelper
|
include AdminHelper
|
||||||
|
|
||||||
|
@ -15,6 +15,11 @@ class OrbitBackendController< ApplicationController
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
|
def force_order
|
||||||
|
authenticate_user!
|
||||||
|
check_user_can_use
|
||||||
|
end
|
||||||
|
|
||||||
def check_user_can_use
|
def check_user_can_use
|
||||||
unless check_permission
|
unless check_permission
|
||||||
redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
|
redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
|
||||||
|
|
Reference in New Issue