fix object auth without app_auth
This commit is contained in:
parent
d027cf8e6a
commit
6dfe10040b
|
@ -37,10 +37,12 @@ class Admin::ObjectAuthsNewInterfaceController < OrbitBackendController
|
||||||
users_to_remove = oa.auth_users - user_sat
|
users_to_remove = oa.auth_users - user_sat
|
||||||
|
|
||||||
users_to_new.each do |new_user|
|
users_to_new.each do |new_user|
|
||||||
|
oa.privilege_users << new_user
|
||||||
oa.add_user_to_privilege_list(new_user)
|
oa.add_user_to_privilege_list(new_user)
|
||||||
end
|
end
|
||||||
|
|
||||||
users_to_remove.each do |remove_user|
|
users_to_remove.each do |remove_user|
|
||||||
|
oa.privilege_users.delete_if{|user| user == remove_user}
|
||||||
oa.remove_user_from_privilege_list(remove_user)
|
oa.remove_user_from_privilege_list(remove_user)
|
||||||
end
|
end
|
||||||
oa
|
oa
|
||||||
|
|
|
@ -2,9 +2,9 @@ class AppManager
|
||||||
include Mongoid::Document
|
include Mongoid::Document
|
||||||
include Mongoid::Timestamps
|
include Mongoid::Timestamps
|
||||||
|
|
||||||
belongs_to :user
|
belongs_to :user,index: true
|
||||||
|
|
||||||
belongs_to :managing_app, :polymorphic => true #,:class_name => 'ModuleApp',:inverse_of => :managers,:foreign_key => "user_id"
|
belongs_to :managing_app, :polymorphic => true,index: true #,:class_name => 'ModuleApp',:inverse_of => :managers,:foreign_key => "user_id"
|
||||||
belongs_to :sub_managing_app, :polymorphic => true #,:class_name => 'ModuleApp',:inverse_of => :sub_manager,:foreign_key => "sub_user_id"
|
belongs_to :sub_managing_app, :polymorphic => true #,:class_name => 'ModuleApp',:inverse_of => :sub_manager,:foreign_key => "sub_user_id"
|
||||||
|
|
||||||
belongs_to :rule_creator,:class_name => 'User'
|
belongs_to :rule_creator,:class_name => 'User'
|
||||||
|
|
|
@ -54,7 +54,7 @@ class ModuleApp
|
||||||
def assign_sub_manager(user,assigner)
|
def assign_sub_manager(user,assigner)
|
||||||
submanager = AppManager.first(conditions: {sub_managing_app_id: self.id,user_id: user.id}) rescue nil
|
submanager = AppManager.first(conditions: {sub_managing_app_id: self.id,user_id: user.id}) rescue nil
|
||||||
if submanager.nil? && !self.managing_users.include?(user)
|
if submanager.nil? && !self.managing_users.include?(user)
|
||||||
submanager = self.sub_managers.create(:user => user,:rule_creator => assigner)
|
submanager = self.sub_managers.create(:user_id => user.id,:rule_creator_id => assigner.id)
|
||||||
end
|
end
|
||||||
submanager
|
submanager
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,7 +2,7 @@ class ObjectAuth < PrototypeAuth
|
||||||
include OrbitCoreLib::ObjectTokenUnility
|
include OrbitCoreLib::ObjectTokenUnility
|
||||||
validates_uniqueness_of :title ,:scope => [:obj_authable_type,:obj_authable_id] #{ |c| }
|
validates_uniqueness_of :title ,:scope => [:obj_authable_type,:obj_authable_id] #{ |c| }
|
||||||
belongs_to :obj_authable, polymorphic: true
|
belongs_to :obj_authable, polymorphic: true
|
||||||
after_save :check_user_has_app_auth
|
after_save :check_user_has_can_access_app
|
||||||
# > - Something.find_with_auth(query)
|
# > - Something.find_with_auth(query)
|
||||||
# > - or Something.find(query).auth
|
# > - or Something.find(query).auth
|
||||||
def siblings
|
def siblings
|
||||||
|
@ -14,15 +14,16 @@ class ObjectAuth < PrototypeAuth
|
||||||
class_obj.find self.obj_authable_id
|
class_obj.find self.obj_authable_id
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_user_has_app_auth
|
def check_user_has_can_access_app
|
||||||
sub_managing_users = auth_obj.app_auth.sub_managing_users rescue []
|
sub_managing_users = auth_obj.module_app.sub_managing_users rescue []
|
||||||
app_auth = auth_obj.app_auth
|
module_app = auth_obj.module_app
|
||||||
self.auth_users.each do |auth_user|
|
self.auth_users.each do |auth_user|
|
||||||
if !sub_managing_users.include? auth_user && !auth_user.admin?
|
if !sub_managing_users.include? auth_user && !auth_user.admin?
|
||||||
app_auth.assign_sub_manager(auth_user,User.current)
|
module_app.assign_sub_manager(auth_user,User.current)
|
||||||
app_auth.save!
|
module_app.save
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
|
@ -92,7 +92,7 @@ module OrbitCoreLib
|
||||||
authed_users(title).include?(User.current)
|
authed_users(title).include?(User.current)
|
||||||
end
|
end
|
||||||
|
|
||||||
def app_auth
|
def module_app
|
||||||
ModuleApp.first(conditions: {:title => self.class::APP_NAME} )
|
ModuleApp.first(conditions: {:title => self.class::APP_NAME} )
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -78,10 +78,22 @@ namespace :nccu do
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
task :add_nccu_account_1016 => :environment do
|
||||||
|
a = ["waynedd@nccu.edu.tw","sfchang@nccu.edu.tw","kyokolin@nccu.edu.tw","sfaylin@nccu.edu.tw","jinyulin@nccu.edu.tw"]
|
||||||
|
users_ary = User.any_in(email: a)
|
||||||
|
NewsBulletinCategory.all.each do |cate|
|
||||||
|
oa = ObjectAuth.first({conditions:{title: "submit",obj_authable_type: "NewsBulletinCategory",obj_authable_id: cate.id}})
|
||||||
|
oa.privilege_users = oa.privilege_users + users_ary
|
||||||
|
oa.save
|
||||||
|
end
|
||||||
|
|
||||||
|
users_ary = User.any_in(email: a)
|
||||||
|
key = 'Announcement'
|
||||||
|
bc = BulletinCategory.first({conditions:{key: key}})
|
||||||
|
oa = ObjectAuth.first({conditions:{title: "submit",obj_authable_type: "BulletinCategory",obj_authable_id: bc.id}})
|
||||||
|
oa.privilege_users = oa.privilege_users + users_ary
|
||||||
|
oa.save
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
end
|
end
|
Reference in New Issue