New authorization
This commit is contained in:
parent
d24bd176cc
commit
c474fa063f
|
@ -1,13 +1,13 @@
|
||||||
class Admin::AuthorizationsController < OrbitBackendController
|
class Admin::AuthorizationsController < OrbitBackendController
|
||||||
|
|
||||||
before_filter :admin_or_manager
|
prepend_before_filter :admin_or_manager
|
||||||
|
|
||||||
def index
|
def index
|
||||||
@module_apps ||= ModuleApp.where(is_authorizable: true).order_by([:title, :asc])
|
@module_apps ||= ModuleApp.any_of({is_authorizable: true}, {is_approvable: true}).order_by([:title, :asc])
|
||||||
if @module_apps && @module_apps.include?(@module_app)
|
if @module_apps && @module_apps.include?(@module_app)
|
||||||
if @type
|
if @type
|
||||||
case @type
|
case @type
|
||||||
when 'category', 'approval'
|
when 'category_authorization', 'category_approval'
|
||||||
if @module_app.has_category
|
if @module_app.has_category
|
||||||
@objects = @module_app.categories
|
@objects = @module_app.categories
|
||||||
else
|
else
|
||||||
|
@ -18,12 +18,12 @@ class Admin::AuthorizationsController < OrbitBackendController
|
||||||
end
|
end
|
||||||
unless @objects.blank?
|
unless @objects.blank?
|
||||||
@object ||= @objects.first
|
@object ||= @objects.first
|
||||||
@users = @object.get_object_auth_by_title("#{@type}_#{@module_app.key}").auth_users
|
@users = @object.get_authorization_by_title("#{@type}_#{@module_app.key}").authorized_users rescue nil
|
||||||
else
|
else
|
||||||
@error = t(:no_data)
|
@error = t(:no_data)
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
@users = @module_app.managing_users
|
@users = @module_app.managers
|
||||||
end
|
end
|
||||||
elsif @module_apps
|
elsif @module_apps
|
||||||
@module_app = @module_apps.first
|
@module_app = @module_apps.first
|
||||||
|
@ -33,35 +33,42 @@ class Admin::AuthorizationsController < OrbitBackendController
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def add(users)
|
def add_roles
|
||||||
unless users.blank?
|
roles = Role.find(params[:role_ids]) rescue []
|
||||||
if @type
|
users = []
|
||||||
if @object
|
roles.each do |role|
|
||||||
object_auth = @object.get_object_auth_by_title("#{@type}_#{@module_app.key}")
|
users += role.users.all.entries
|
||||||
add_users_to_object_auth(object_auth, users)
|
|
||||||
else
|
|
||||||
@error = t(:no_data)
|
|
||||||
end
|
|
||||||
else
|
|
||||||
add_managers(users) unless users.blank?
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
@users = users
|
unless roles.blank?
|
||||||
render 'admin/authorizations/insert_users'
|
authorization = get_or_create_authorization
|
||||||
|
add_roles_to_auth(authorization, roles) unless @error
|
||||||
|
end
|
||||||
|
@users = authorization.authorized_users
|
||||||
|
render 'admin/authorizations/reload_users'
|
||||||
|
end
|
||||||
|
|
||||||
|
def add_sub_roles
|
||||||
|
sub_roles = SubRole.find(params[:sub_role_ids]) rescue []
|
||||||
|
users = []
|
||||||
|
sub_roles.each do |sub_role|
|
||||||
|
users += sub_role.users.all.entries
|
||||||
|
end
|
||||||
|
unless sub_roles.blank?
|
||||||
|
authorization = get_or_create_authorization
|
||||||
|
add_sub_roles_to_auth(authorization, sub_roles) unless @error
|
||||||
|
end
|
||||||
|
@users = authorization.authorized_users
|
||||||
|
render 'admin/authorizations/reload_users'
|
||||||
end
|
end
|
||||||
|
|
||||||
def add_users
|
def add_users
|
||||||
users = User.find(params[:user_ids]) rescue []
|
users = User.find(params[:user_ids]) rescue []
|
||||||
add(users)
|
unless users.blank?
|
||||||
end
|
authorization = get_or_create_authorization
|
||||||
|
add_users_to_auth(authorization, users) unless @error
|
||||||
def add_roles
|
|
||||||
roles = Role.find(params[:role_ids]) rescue []
|
|
||||||
users = roles.inject([]) do |users, role|
|
|
||||||
users += role.users.all.entries
|
|
||||||
users
|
|
||||||
end
|
end
|
||||||
add(users)
|
@users = authorization.authorized_users
|
||||||
|
render 'admin/authorizations/reload_users'
|
||||||
end
|
end
|
||||||
|
|
||||||
def modal_select
|
def modal_select
|
||||||
|
@ -70,63 +77,111 @@ class Admin::AuthorizationsController < OrbitBackendController
|
||||||
if @type
|
if @type
|
||||||
@object_id = @object.id if @object
|
@object_id = @object.id if @object
|
||||||
@sorted_users = roles.inject({}) do |users, role|
|
@sorted_users = roles.inject({}) do |users, role|
|
||||||
users[role] = role.users.where(admin: false).not_guest_user - existing_users - @module_app.managing_users
|
users[role] = role.users.where(admin: false) - existing_users - @module_app.managers
|
||||||
users
|
users
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
@sorted_users = roles.inject({}) do |users, role|
|
@sorted_users = roles.inject({}) do |users, role|
|
||||||
users[role] = role.users.where(admin: false).not_guest_user - existing_users
|
users[role] = role.users.where(admin: false) - existing_users
|
||||||
users
|
users
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def remove_roles
|
||||||
|
roles = Role.find(params[:role_ids]) rescue []
|
||||||
|
unless roles.blank?
|
||||||
|
authorization = get_or_create_authorization
|
||||||
|
remove_roles_form_auth(authorization, roles)
|
||||||
|
end
|
||||||
|
@users = authorization.authorized_users
|
||||||
|
render 'admin/authorizations/reload_users'
|
||||||
|
end
|
||||||
|
|
||||||
|
def remove_sub_roles
|
||||||
|
sub_roles = SubRole.find(params[:sub_role_ids]) rescue []
|
||||||
|
unless sub_roles.blank?
|
||||||
|
authorization = get_or_create_authorization
|
||||||
|
remove_sub_roles_from_auth(authorization, sub_roles)
|
||||||
|
end
|
||||||
|
@users = authorization.authorized_users
|
||||||
|
render 'admin/authorizations/reload_users'
|
||||||
|
end
|
||||||
|
|
||||||
def remove_users
|
def remove_users
|
||||||
@users = User.find(params[:ids]) rescue []
|
@users = User.find(params[:ids]) rescue []
|
||||||
unless @users.blank?
|
unless @users.blank?
|
||||||
if @type
|
authorization = get_or_create_authorization
|
||||||
if @object
|
remove_users_from_auth(authorization, @users)
|
||||||
object_auth = @object.get_object_auth_by_title("#{@type}_#{@module_app.key}")
|
|
||||||
remove_users_form_object_auth(object_auth, @users)
|
|
||||||
else
|
|
||||||
@error = t(:no_data)
|
|
||||||
end
|
|
||||||
else
|
|
||||||
remove_managers(@users)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
render 'admin/authorizations/remove_users'
|
@users = authorization.authorized_users
|
||||||
|
render 'admin/authorizations/reload_users'
|
||||||
end
|
end
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
|
||||||
def add_managers(users)
|
def add_managers_to_auth(users)
|
||||||
users.each do |user|
|
@module_app.add_managers(users)
|
||||||
@module_app.assign_manager(user, current_user)
|
end
|
||||||
|
|
||||||
|
def add_roles_to_auth(authorization, roles)
|
||||||
|
authorization.add_roles(roles)
|
||||||
|
end
|
||||||
|
|
||||||
|
def add_sub_roles_to_auth(authorization, sub_roles)
|
||||||
|
authorization.add_sub_roles(sub_roles)
|
||||||
|
end
|
||||||
|
|
||||||
|
def add_users_to_auth(authorization, users)
|
||||||
|
authorization.add_users(users)
|
||||||
|
end
|
||||||
|
|
||||||
|
def get_or_create_authorization
|
||||||
|
case @type
|
||||||
|
when 'category_approval'
|
||||||
|
if @object
|
||||||
|
@object.auth_approval || @object.create_auth_approval(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}")
|
||||||
|
else
|
||||||
|
@error = t(:no_data)
|
||||||
|
end
|
||||||
|
when 'category_authorization'
|
||||||
|
if @object
|
||||||
|
@object.auth_sub_manager || @object.create_auth_sub_manager(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}")
|
||||||
|
else
|
||||||
|
@error = t(:no_data)
|
||||||
|
end
|
||||||
|
when nil
|
||||||
|
@module_app.auth_manager || @module_app.create_auth_manager(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}")
|
||||||
|
else
|
||||||
|
auth = @object.get_authorization_by_title("#{@type}_#{@module_app.key}")
|
||||||
|
unless auth
|
||||||
|
auth = @object.create_auth_approval(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}") if @type.include?('approval')
|
||||||
|
auth = @object.create_auth_sub_manager(module_app_id: @module_app.id, title: "#{@type}_#{@module_app.key}") if @type.include?('authorization')
|
||||||
|
end
|
||||||
|
auth
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def add_users_to_object_auth(object_auth, users)
|
def remove_managers_from_auth(users)
|
||||||
users.each do |user|
|
@module_app.remove_manager(users)
|
||||||
object_auth.add_user_to_privilege_list(user)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def remove_managers(users)
|
def remove_roles_form_auth(authorization, roles)
|
||||||
users.each do |user|
|
authorization.remove_roles(roles)
|
||||||
@module_app.remove_manager(user)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def remove_users_form_object_auth(object_auth, users)
|
def remove_sub_roles_from_auth(authorization, sub_roles)
|
||||||
users.each do |user|
|
authorization.remove_sub_roles(sub_roles)
|
||||||
object_auth.remove_user_from_privilege_list(user)
|
end
|
||||||
end
|
|
||||||
|
def remove_users_from_auth(authorization, users)
|
||||||
|
authorization.remove_users(users)
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def admin_or_manager
|
def admin_or_manager
|
||||||
|
@override_can_use = true
|
||||||
setup_vars
|
setup_vars
|
||||||
authenticate_user!
|
authenticate_user!
|
||||||
user_is_manager?
|
user_is_manager?
|
||||||
|
@ -136,7 +191,7 @@ class Admin::AuthorizationsController < OrbitBackendController
|
||||||
@module_app = ModuleApp.first(conditions: {:key => params[:module]} ) if params[:module]
|
@module_app = ModuleApp.first(conditions: {:key => params[:module]} ) if params[:module]
|
||||||
@type = params[:type].underscore if params[:type]
|
@type = params[:type].underscore if params[:type]
|
||||||
if @type
|
if @type
|
||||||
@klass = @type.classify.constantize rescue nil
|
@klass = @type.gsub('_authorization', '').gsub('_approval', '').classify.constantize rescue nil
|
||||||
@object = @klass.find(params[:id]) rescue nil
|
@object = @klass.find(params[:id]) rescue nil
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -4,6 +4,8 @@ class Admin::DashboardsController < OrbitBackendController
|
||||||
#before_filter :authenticate_user!, :except => [:index]
|
#before_filter :authenticate_user!, :except => [:index]
|
||||||
# before_filter :is_admin?
|
# before_filter :is_admin?
|
||||||
|
|
||||||
|
prepend_before_filter :set_public
|
||||||
|
|
||||||
layout "basic_back_end"
|
layout "basic_back_end"
|
||||||
|
|
||||||
def index
|
def index
|
||||||
|
|
|
@ -2,18 +2,9 @@ class Admin::UsersNewInterfaceController < OrbitMemberController
|
||||||
|
|
||||||
helper MemberHelper
|
helper MemberHelper
|
||||||
|
|
||||||
# before_filter :authenticate_user!
|
|
||||||
# before_filter :set_attribute, :only => [:index, :show, :new, :edit]
|
|
||||||
|
|
||||||
before_filter :force_order_for_visitor,:only=>[:index,:show]
|
|
||||||
before_filter :force_order_for_user,:except => [:index,:show]
|
|
||||||
before_filter :set_attribute,:except => [:index,:show]
|
before_filter :set_attribute,:except => [:index,:show]
|
||||||
|
prepend_filter :set_public, :only => [:index, :show]
|
||||||
|
|
||||||
def setup_vars
|
|
||||||
# @app_title ||= controller_path.split('/')[1].singularize
|
|
||||||
# @module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
|
|
||||||
# raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil?
|
|
||||||
end
|
|
||||||
|
|
||||||
def index
|
def index
|
||||||
get_tags
|
get_tags
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
class OrbitBackendController < ApplicationController
|
class OrbitBackendController < ApplicationController
|
||||||
include OrbitCategory::Categorizing
|
include OrbitCategory::Categorizing
|
||||||
include OrbitCoreLib::AppBackendUtility
|
include OrbitCoreLib::Authorization
|
||||||
include OrbitCoreLib::PermissionUtility
|
|
||||||
include OrbitTag::Tagging
|
include OrbitTag::Tagging
|
||||||
include AdminHelper
|
include AdminHelper
|
||||||
include ApplicationHelper
|
include ApplicationHelper
|
||||||
|
@ -10,12 +9,6 @@ class OrbitBackendController < ApplicationController
|
||||||
|
|
||||||
layout "back_end"
|
layout "back_end"
|
||||||
|
|
||||||
def setup_vars
|
|
||||||
@app_title ||= controller_path.split('/')[1].singularize
|
|
||||||
@module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
|
|
||||||
raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil?
|
|
||||||
end
|
|
||||||
|
|
||||||
def get_statuses
|
def get_statuses
|
||||||
status = []
|
status = []
|
||||||
status << 'is_top'
|
status << 'is_top'
|
||||||
|
@ -28,27 +21,4 @@ class OrbitBackendController < ApplicationController
|
||||||
end
|
end
|
||||||
status
|
status
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
|
||||||
|
|
||||||
def force_order_for_visitor
|
|
||||||
check_backend_openness
|
|
||||||
setup_vars
|
|
||||||
set_current_user
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
def force_order_for_user
|
|
||||||
setup_vars
|
|
||||||
set_current_user
|
|
||||||
authenticate_user!
|
|
||||||
check_user_can_use
|
|
||||||
end
|
|
||||||
|
|
||||||
def check_user_can_use
|
|
||||||
unless check_permission
|
|
||||||
#redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
|
|
||||||
redirect_to root_url
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
class OrbitMemberController < ApplicationController
|
class OrbitMemberController < ApplicationController
|
||||||
include OrbitCategory::Categorizing
|
include OrbitCategory::Categorizing
|
||||||
include OrbitCoreLib::AppBackendUtility
|
include OrbitCoreLib::Authorization
|
||||||
include OrbitCoreLib::PermissionUtility
|
|
||||||
include OrbitTag::Tagging
|
include OrbitTag::Tagging
|
||||||
include AdminHelper
|
include AdminHelper
|
||||||
include ApplicationHelper
|
include ApplicationHelper
|
||||||
|
@ -10,12 +9,6 @@ class OrbitMemberController < ApplicationController
|
||||||
|
|
||||||
layout "member"
|
layout "member"
|
||||||
|
|
||||||
def setup_vars
|
|
||||||
@app_title ||= controller_path.split('/')[1].singularize
|
|
||||||
@module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
|
|
||||||
raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil?
|
|
||||||
end
|
|
||||||
|
|
||||||
def get_statuses
|
def get_statuses
|
||||||
status = []
|
status = []
|
||||||
status << 'is_top'
|
status << 'is_top'
|
||||||
|
@ -28,27 +21,4 @@ class OrbitMemberController < ApplicationController
|
||||||
end
|
end
|
||||||
status
|
status
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
|
||||||
|
|
||||||
def force_order_for_visitor
|
|
||||||
check_backend_openness
|
|
||||||
setup_vars
|
|
||||||
set_current_user
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
def force_order_for_user
|
|
||||||
setup_vars
|
|
||||||
set_current_user
|
|
||||||
authenticate_user!
|
|
||||||
check_user_can_use
|
|
||||||
end
|
|
||||||
|
|
||||||
def check_user_can_use
|
|
||||||
unless check_permission
|
|
||||||
#redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
|
|
||||||
redirect_to root_url
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -321,9 +321,9 @@ module OrbitBackendHelper
|
||||||
def is_authorized(object)
|
def is_authorized(object)
|
||||||
autorized = @module_app.authorizable_models.inject(false) do |autorized, klass|
|
autorized = @module_app.authorizable_models.inject(false) do |autorized, klass|
|
||||||
if object.is_a?(klass.constantize)
|
if object.is_a?(klass.constantize)
|
||||||
autorized ||= object.cur_user_is_sub_manager_of("#{klass.underscore}_#{@module_app.key}")
|
autorized ||= object.user_can_sub_manage?(current_user)
|
||||||
else
|
else
|
||||||
autorized ||= object.category.cur_user_is_sub_manager_of("category_#{@module_app.key}")
|
autorized ||= object.category.user_can_sub_manage?(current_user)
|
||||||
end
|
end
|
||||||
autorized
|
autorized
|
||||||
end
|
end
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
class AuthApproval < Authorization
|
||||||
|
field :title
|
||||||
|
|
||||||
|
belongs_to :approval_authorizable, polymorphic: true
|
||||||
|
has_and_belongs_to_many :authorized_users, class_name: 'User', inverse_of: 'approving_apps'
|
||||||
|
end
|
|
@ -0,0 +1,4 @@
|
||||||
|
class AuthManager < Authorization
|
||||||
|
# belongs_to :manager_authorizable, polymorphic: true
|
||||||
|
has_and_belongs_to_many :authorized_users, class_name: 'User', inverse_of: 'managing_apps'
|
||||||
|
end
|
|
@ -0,0 +1,6 @@
|
||||||
|
class AuthSubManager < Authorization
|
||||||
|
field :title
|
||||||
|
|
||||||
|
belongs_to :sub_manager_authorizable, polymorphic: true
|
||||||
|
has_and_belongs_to_many :authorized_users, class_name: 'User', inverse_of: 'sub_managing_apps'
|
||||||
|
end
|
|
@ -0,0 +1,108 @@
|
||||||
|
class Authorization
|
||||||
|
include Mongoid::Document
|
||||||
|
include Mongoid::Timestamps
|
||||||
|
|
||||||
|
field :title
|
||||||
|
|
||||||
|
belongs_to :module_app
|
||||||
|
|
||||||
|
has_and_belongs_to_many :roles
|
||||||
|
has_and_belongs_to_many :sub_roles
|
||||||
|
|
||||||
|
delegate :update_auth_approval_users, :update_auth_manager_users, :update_auth_sub_manager_users, to: :module_app, prefix: true, allow_nil: true
|
||||||
|
|
||||||
|
after_save :update_module_app
|
||||||
|
|
||||||
|
|
||||||
|
def add_roles(roles)
|
||||||
|
users = []
|
||||||
|
roles = Array(roles)
|
||||||
|
add_operation(:roles, roles)
|
||||||
|
sub_roles = []
|
||||||
|
roles.each{|role| role.sub_roles.each{|sub_role| sub_roles << sub_role.id}}
|
||||||
|
add_operation(:sub_roles, sub_roles)
|
||||||
|
roles.each{|role| role.users.where(admin: false).each{|user| users << user}}
|
||||||
|
add_users(users, false)
|
||||||
|
end
|
||||||
|
|
||||||
|
def add_sub_roles(sub_roles)
|
||||||
|
users = []
|
||||||
|
sub_roles = Array(sub_roles)
|
||||||
|
add_operation(:sub_roles, sub_roles)
|
||||||
|
sub_roles.each do |sub_role|
|
||||||
|
self.roles << sub_role.role unless self.roles.include?(sub_role.role)
|
||||||
|
sub_role.users.where(admin: false).each{|user| users << user}
|
||||||
|
end
|
||||||
|
add_users(users, false)
|
||||||
|
end
|
||||||
|
|
||||||
|
def add_users(users, with_parents = true)
|
||||||
|
users = Array(users)
|
||||||
|
add_operation(:authorized_users, users)
|
||||||
|
users.each do |user|
|
||||||
|
user.roles.each do |role|
|
||||||
|
self.roles << role unless self.roles.include?(role)
|
||||||
|
end
|
||||||
|
user.sub_roles.each do |sub_role|
|
||||||
|
self.sub_roles << sub_role unless self.sub_roles.include?(sub_role)
|
||||||
|
end
|
||||||
|
end if with_parents
|
||||||
|
self.save
|
||||||
|
end
|
||||||
|
|
||||||
|
def remove_roles(roles)
|
||||||
|
users = []
|
||||||
|
sub_roles = []
|
||||||
|
roles = Array(roles)
|
||||||
|
remove_operation(:roles, roles)
|
||||||
|
roles.each do |role|
|
||||||
|
role.sub_roles.each{|sub_role| sub_roles << sub_role}
|
||||||
|
role.users.where(admin: false).each{|user| users << user}
|
||||||
|
end
|
||||||
|
remove_operation(:sub_role_ids, sub_roles)
|
||||||
|
remove_operation(:authorized_user_ids, users)
|
||||||
|
add_roles(self.roles)
|
||||||
|
end
|
||||||
|
|
||||||
|
def remove_sub_roles(sub_roles)
|
||||||
|
users = []
|
||||||
|
sub_roles = Array(sub_roles)
|
||||||
|
remove_operation(:sub_roles, sub_roles)
|
||||||
|
sub_roles.each do |sub_role|
|
||||||
|
users << sub_role.users.where(admin: false)
|
||||||
|
end
|
||||||
|
remove_operation(:authorized_user_ids, users)
|
||||||
|
add_roles(self.roles)
|
||||||
|
end
|
||||||
|
|
||||||
|
def remove_users(users)
|
||||||
|
users = Array(users)
|
||||||
|
remove_operation(:authorized_user_ids, users)
|
||||||
|
self.save
|
||||||
|
end
|
||||||
|
|
||||||
|
protected
|
||||||
|
|
||||||
|
def add_operation(db_field, objs)
|
||||||
|
objs.each do |obj|
|
||||||
|
self.send(db_field) << obj unless self.send(db_field).include?(obj)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def remove_operation(db_field, obj)
|
||||||
|
self.write_attribute(db_field, self.send(db_field) - obj.map{|y| y.id})
|
||||||
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def update_module_app
|
||||||
|
case self._type
|
||||||
|
when "AuthApproval"
|
||||||
|
self.module_app_update_auth_approval_users
|
||||||
|
when "AuthManager"
|
||||||
|
self.module_app_update_auth_manager_users
|
||||||
|
when "AuthSubManager"
|
||||||
|
self.module_app_update_auth_sub_manager_users
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,7 +1,7 @@
|
||||||
class Category
|
class Category
|
||||||
include Mongoid::Document
|
include Mongoid::Document
|
||||||
include Mongoid::Timestamps
|
include Mongoid::Timestamps
|
||||||
include OrbitCoreLib::ObjectAuthable
|
include OrbitModel::Authorizable
|
||||||
|
|
||||||
field :disable, type: Boolean, default: false
|
field :disable, type: Boolean, default: false
|
||||||
field :title, localize: true
|
field :title, localize: true
|
||||||
|
|
|
@ -1,16 +1,26 @@
|
||||||
class ModuleApp
|
class ModuleApp
|
||||||
include Mongoid::Document
|
include Mongoid::Document
|
||||||
include Mongoid::Timestamps
|
include Mongoid::Timestamps
|
||||||
include OrbitCoreLib::ObjectTokenUtility
|
# include OrbitCoreLib::ObjectTokenUtility
|
||||||
include OrbitApp::ModuleAppMembershipTools
|
# include OrbitApp::ModuleAppMembershipTools
|
||||||
|
|
||||||
|
field :auth_approval_users, type: Array, default: nil
|
||||||
|
field :auth_manager_users, type: Array, default: nil
|
||||||
|
field :auth_sub_manager_users, type: Array, default: nil
|
||||||
field :key
|
field :key
|
||||||
field :title
|
field :title
|
||||||
field :sidebar_order,type: Integer,default: 0
|
field :sidebar_order,type: Integer,default: 0
|
||||||
|
|
||||||
|
has_one :auth_manager, dependent: :destroy
|
||||||
|
has_many :auth_approvals, dependent: :destroy
|
||||||
|
has_many :auth_sub_managers, dependent: :destroy
|
||||||
has_many :categories, dependent: :destroy
|
has_many :categories, dependent: :destroy
|
||||||
has_many :module_tags, dependent: :destroy
|
has_many :module_tags, dependent: :destroy
|
||||||
|
|
||||||
|
has_many :approvals #to remove
|
||||||
|
|
||||||
|
delegate :authorized_users, to: :auth_manager, prefix: true, allow_nil: true
|
||||||
|
|
||||||
def refetch_setting!(reg)
|
def refetch_setting!(reg)
|
||||||
# %w{module_label category base_url version organization author intro update_info create_date}.each do |field|
|
# %w{module_label category base_url version organization author intro update_info create_date}.each do |field|
|
||||||
# self[field.to_sym] = reg.send field
|
# self[field.to_sym] = reg.send field
|
||||||
|
@ -24,6 +34,7 @@ class ModuleApp
|
||||||
self[:has_category] = reg.get_has_category
|
self[:has_category] = reg.get_has_category
|
||||||
self[:is_approvable] = reg.get_is_approvable
|
self[:is_approvable] = reg.get_is_approvable
|
||||||
self[:is_authorizable] = reg.get_is_authorizable
|
self[:is_authorizable] = reg.get_is_authorizable
|
||||||
|
self[:approvable_models] = reg.get_approvable_models
|
||||||
self[:authorizable_models] = reg.get_authorizable_models
|
self[:authorizable_models] = reg.get_authorizable_models
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -168,4 +179,71 @@ class ModuleApp
|
||||||
self.module_tags.map{|t| t.tag }
|
self.module_tags.map{|t| t.tag }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
# authorization
|
||||||
|
def update_auth_approval_users
|
||||||
|
user_ids = self.auth_approvals.inject([]) do |users, auth|
|
||||||
|
users += auth.authorized_users.map{|user| user.id}
|
||||||
|
end
|
||||||
|
update_attribute(:auth_approval_users, user_ids.uniq)
|
||||||
|
end
|
||||||
|
|
||||||
|
def update_auth_manager_users
|
||||||
|
update_attribute(:auth_manager_users, self.auth_manager_authorized_users.map{|user| user.id})
|
||||||
|
end
|
||||||
|
|
||||||
|
def update_auth_sub_manager_users
|
||||||
|
user_ids = self.auth_sub_managers.inject([]) do |users, auth|
|
||||||
|
users += auth.authorized_users.map{|user| user.id}
|
||||||
|
end
|
||||||
|
update_attribute(:auth_sub_manager_users, user_ids.uniq)
|
||||||
|
end
|
||||||
|
|
||||||
|
def managers
|
||||||
|
auth_manager_authorized_users || []
|
||||||
|
end
|
||||||
|
|
||||||
|
def user_can_manage?(user)
|
||||||
|
managers.include?(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
def add_managers(users)
|
||||||
|
users = Array(users)
|
||||||
|
if auth_manager = self.auth_manager
|
||||||
|
auth_manager.update_attribute(:authorized_users, (auth_manager.authorized_users + users).uniq)
|
||||||
|
else
|
||||||
|
self.create_auth_manager(authorized_users: users)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def remove_managers(users)
|
||||||
|
users = Array(users)
|
||||||
|
users = users.delete_if{|user| user == current_user || is_admin?}
|
||||||
|
self.auth_manager.update_attribute(:authorized_users, auth_manager.authorized_users - users)
|
||||||
|
end
|
||||||
|
|
||||||
|
def is_manager?(user)
|
||||||
|
if user && !auth_manager_users.blank?
|
||||||
|
auth_manager_users.include?(user.id)
|
||||||
|
else
|
||||||
|
false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def is_sub_manager?(user)
|
||||||
|
if user && !auth_sub_manager_users.blank?
|
||||||
|
auth_sub_manager_users.include?(user.id)
|
||||||
|
else
|
||||||
|
false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def can_approve?(user)
|
||||||
|
if user && !auth_approval_users.blank?
|
||||||
|
auth_approval_users.include?(user.id)
|
||||||
|
else
|
||||||
|
false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -19,12 +19,16 @@ class User
|
||||||
field :cache_dept,type: Hash
|
field :cache_dept,type: Hash
|
||||||
field :status_record,type: Hash
|
field :status_record,type: Hash
|
||||||
|
|
||||||
|
has_and_belongs_to_many :approving_apps, class_name: 'AuthApproval', inverse_of: 'authorized_users'
|
||||||
|
has_and_belongs_to_many :managing_apps, class_name: 'AuthManager', inverse_of: 'authorized_users'
|
||||||
|
has_and_belongs_to_many :sub_managing_apps, class_name: 'AuthSubManager', inverse_of: 'authorized_users'
|
||||||
|
|
||||||
has_many :attribute_values, :autosave => true, :dependent => :destroy
|
has_many :attribute_values, :autosave => true, :dependent => :destroy
|
||||||
has_many :app_auths,as: :privilege_apps,:inverse_of => :privilege_lists
|
has_many :app_auths,as: :privilege_apps,:inverse_of => :privilege_lists
|
||||||
has_many :blocked_apps, :inverse_of => :blocked_users, :class_name => "AppAuth", :dependent => :destroy
|
has_many :blocked_apps, :inverse_of => :blocked_users, :class_name => "AppAuth", :dependent => :destroy
|
||||||
has_many :privilege_apps, :inverse_of => :privilege_users, :class_name => "AppAuth", :dependent => :destroy
|
has_many :privilege_apps, :inverse_of => :privilege_users, :class_name => "AppAuth", :dependent => :destroy
|
||||||
|
|
||||||
has_many :managing_apps,:class_name => "AppManager", :dependent => :destroy
|
# has_many :managing_apps,:class_name => "AppManager", :dependent => :destroy
|
||||||
has_one :desktop, :autosave => true, :dependent => :destroy
|
has_one :desktop, :autosave => true, :dependent => :destroy
|
||||||
has_one :facebook, :autosave => true, :dependent => :destroy
|
has_one :facebook, :autosave => true, :dependent => :destroy
|
||||||
has_many :other_accounts, :autosave => true, :dependent => :destroy
|
has_many :other_accounts, :autosave => true, :dependent => :destroy
|
||||||
|
@ -273,8 +277,8 @@ class User
|
||||||
end
|
end
|
||||||
|
|
||||||
def managed_module_apps
|
def managed_module_apps
|
||||||
self.managing_apps.inject([]) do |managed_apps, app_manager|
|
self.managing_apps.inject([]) do |managed_apps, auth_manager|
|
||||||
managed_apps << app_manager.managing_app unless app_manager.managing_app.blank?
|
managed_apps << auth_manager.module_app
|
||||||
managed_apps
|
managed_apps
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
<li class="filter-item selected_user <%= 'check-item' unless user == current_user || is_admin? %>" id="<%= user.id %>">
|
<li class="filter-item selected_user <%= 'check-item' unless user == current_user || user.admin %>" id="<%= user.id %>">
|
||||||
<label>
|
<label>
|
||||||
<%= image_tag (user.avatar? ? user.avatar.thumb : 'menber-pic.png'), :class => "user-pic" %>
|
<%= image_tag (user.avatar? ? user.avatar.thumb : 'menber-pic.png'), :class => "user-pic" %>
|
||||||
<span class="user-name"><%= user.name %></span>
|
<span class="user-name"><%= user.name %></span>
|
||||||
<span><%= get_user_module_role(user) %></span>
|
<span><%= get_user_module_role(user) %></span>
|
||||||
</label>
|
</label>
|
||||||
<% unless user == current_user || is_admin? %>
|
<% unless user == current_user || user.admin %>
|
||||||
<input type="checkbox">
|
<input type="checkbox">
|
||||||
<% end %>
|
<% end %>
|
||||||
</li>
|
</li>
|
|
@ -13,11 +13,13 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="mini-layout-body span10">
|
<div class="mini-layout-body span10">
|
||||||
<%= link_to t(:module_authorization), admin_authorizations_path(@module_app.key) %>
|
<%= link_to t(:module_authorization), admin_authorizations_path(@module_app.key) if @module_app.is_authorizable %>
|
||||||
<% @module_app.authorizable_models.each do |authorizable_model| %>
|
<% @module_app.authorizable_models.each do |authorizable_model| %>
|
||||||
<%= link_to (authorizable_model.eql?('Category') ? t(:category_auth) : "#{authorizable_model.underscore.humanize.capitalize} #{t(:authorization_)}"), admin_authorizations_path(@module_app.key, type: authorizable_model.underscore) %>
|
<%= link_to (authorizable_model.eql?('Category') ? t(:category_auth) : "#{authorizable_model.underscore.humanize.capitalize} #{t(:authorization_)}"), admin_authorizations_path(@module_app.key, type: "#{authorizable_model.underscore}_authorization") %>
|
||||||
|
<% end %>
|
||||||
|
<% @module_app.approvable_models.each do |approvable_model| %>
|
||||||
|
<%= link_to (approvable_model.eql?('Category') ? t(:approval_) : "#{approvable_model.underscore.humanize.capitalize} #{t(:approval_)}"), admin_authorizations_path(@module_app.key, type: "#{approvable_model.underscore}_approval") %>
|
||||||
<% end %>
|
<% end %>
|
||||||
<%= link_to t(:approval_), admin_authorizations_path(@module_app.key, type: 'approval') if @module_app.is_approvable %>
|
|
||||||
<% if @error %>
|
<% if @error %>
|
||||||
<%= @error %>
|
<%= @error %>
|
||||||
<% else %>
|
<% else %>
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
$("#card-list").append("<%= j render partial: 'user', collection: @users %>");
|
|
||||||
$("#member-filter").modal('hide');
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
$("#card-list").html("<%= j render partial: 'user', collection: @users %>");
|
||||||
|
$("#member-filter").modal('hide');
|
|
@ -27,6 +27,7 @@ module Orbit
|
||||||
|
|
||||||
# Custom directories with classes and modules you want to be autoloadable.
|
# Custom directories with classes and modules you want to be autoloadable.
|
||||||
# config.autoload_paths += %W(#{config.root}/extras)
|
# config.autoload_paths += %W(#{config.root}/extras)
|
||||||
|
config.autoload_paths += %W(#{config.root}/app/models/auth)
|
||||||
config.autoload_paths += %W(#{config.root}/app/models/ckeditor)
|
config.autoload_paths += %W(#{config.root}/app/models/ckeditor)
|
||||||
config.autoload_paths += %W(#{config.root}/app/models/design)
|
config.autoload_paths += %W(#{config.root}/app/models/design)
|
||||||
config.autoload_paths += %W(#{config.root}/app/models/desktop)
|
config.autoload_paths += %W(#{config.root}/app/models/desktop)
|
||||||
|
|
|
@ -28,7 +28,7 @@ module OrbitApp
|
||||||
end
|
end
|
||||||
|
|
||||||
class DataSheet
|
class DataSheet
|
||||||
attr_reader :name,:key,:base_path,:module_label,:data_count, :has_category, :has_tag, :authorizable_models, :is_approvable, :is_authorizable
|
attr_reader :name,:key,:base_path,:module_label,:data_count, :has_category, :has_tag, :approvable_models, :authorizable_models, :is_approvable, :is_authorizable
|
||||||
|
|
||||||
def initialize(name, &block)
|
def initialize(name, &block)
|
||||||
@name = name
|
@name = name
|
||||||
|
@ -39,6 +39,7 @@ module OrbitApp
|
||||||
@data_count = 1..15 # as default
|
@data_count = 1..15 # as default
|
||||||
@has_category = nil
|
@has_category = nil
|
||||||
@has_tag = nil
|
@has_tag = nil
|
||||||
|
@approvable_models = []
|
||||||
@authorizable_models = []
|
@authorizable_models = []
|
||||||
@is_approvable = nil
|
@is_approvable = nil
|
||||||
@is_authorizable = nil
|
@is_authorizable = nil
|
||||||
|
@ -145,8 +146,13 @@ module OrbitApp
|
||||||
define_method(field){|var| instance_variable_set( "@" + field, var)}
|
define_method(field){|var| instance_variable_set( "@" + field, var)}
|
||||||
end
|
end
|
||||||
|
|
||||||
def approvable(link=true)
|
def approvable(link=true, &block)
|
||||||
@is_approvable = {:with_link => link}
|
@is_approvable = {:with_link => link}
|
||||||
|
if block
|
||||||
|
block.call
|
||||||
|
else
|
||||||
|
approvable_on
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def authorizable(link=true, &block)
|
def authorizable(link=true, &block)
|
||||||
|
@ -158,6 +164,10 @@ module OrbitApp
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def approvable_on(klass = 'Category')
|
||||||
|
@approvable_models << klass
|
||||||
|
end
|
||||||
|
|
||||||
def authorizable_on(klass = 'Category')
|
def authorizable_on(klass = 'Category')
|
||||||
@authorizable_models << klass
|
@authorizable_models << klass
|
||||||
end
|
end
|
||||||
|
@ -170,6 +180,10 @@ module OrbitApp
|
||||||
@has_tag = true
|
@has_tag = true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def get_approvable_models
|
||||||
|
@approvable_models
|
||||||
|
end
|
||||||
|
|
||||||
def get_authorizable_models
|
def get_authorizable_models
|
||||||
@authorizable_models
|
@authorizable_models
|
||||||
end
|
end
|
||||||
|
|
|
@ -9,11 +9,11 @@ module OrbitCategory
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def get_categories_for_form(func_authed_for_sub_manager = "category_#{@module_app.key}")
|
def get_categories_for_form
|
||||||
categories = if is_manager? || is_admin?
|
categories = if is_manager? || is_admin?
|
||||||
@module_app.categories.enabled
|
@module_app.categories.enabled
|
||||||
elsif is_sub_manager?
|
elsif is_sub_manager?
|
||||||
@module_app.categories.enabled.authed_for_user(current_user, func_authed_for_sub_manager)
|
@module_app.categories.enabled.entries.delete_if{|category| !category.user_can_sub_manage?(current_user)}
|
||||||
end
|
end
|
||||||
if categories.empty?
|
if categories.empty?
|
||||||
flash[:alert] = t(:no_category)
|
flash[:alert] = t(:no_category)
|
||||||
|
|
|
@ -140,30 +140,39 @@ module OrbitCoreLib
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
module AppBackendUtility
|
module Authorization
|
||||||
|
def self.included(base)
|
||||||
|
base.class_eval do
|
||||||
|
before_filter :can_use
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def setup_vars
|
def setup_vars
|
||||||
@app_title ||= controller_path.split('/')[1].singularize
|
@app_title ||= controller_path.split('/')[1].singularize
|
||||||
@module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
|
@module_app ||= ModuleApp.first(conditions: {:key => @app_title} )
|
||||||
|
# raise ModuleAppError, 'Can not find ModuleApp' if @module_app.nil?
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def force_order_for_visitor
|
def can_use
|
||||||
setup_vars
|
unless @override_can_use
|
||||||
set_current_user
|
check_backend_openness if @public
|
||||||
|
setup_vars
|
||||||
|
set_current_user
|
||||||
|
unless @public
|
||||||
|
authenticate_user!
|
||||||
|
check_user_can_use
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def set_public
|
||||||
def force_order_for_user
|
@public = true
|
||||||
setup_vars
|
|
||||||
set_current_user
|
|
||||||
authenticate_user!
|
|
||||||
check_user_can_use
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_user_can_use
|
def check_user_can_use
|
||||||
unless check_permission
|
unless current_or_guest_user.admin? || @module_app.is_manager?(current_or_guest_user) || @module_app.is_sub_manager?(current_or_guest_user) || @module_app.can_approve?(current_or_guest_user)
|
||||||
#redirect_to polymorphic_path(['panel',@app_title,'back_end','public'])
|
|
||||||
redirect_to root_url
|
redirect_to root_url
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -0,0 +1,55 @@
|
||||||
|
module OrbitModel
|
||||||
|
|
||||||
|
module Authorizable
|
||||||
|
|
||||||
|
def self.included(base)
|
||||||
|
base.class_eval do
|
||||||
|
has_one :auth_approval, as: :approval_authorizable, dependent: :destroy
|
||||||
|
has_one :auth_sub_manager, as: :sub_manager_authorizable, dependent: :destroy
|
||||||
|
delegate :authorized_users, to: :auth_approval, prefix: true, allow_nil: true
|
||||||
|
delegate :authorized_users, to: :auth_sub_manager, prefix: true, allow_nil: true
|
||||||
|
send :include, InstanceMethods
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
module InstanceMethods
|
||||||
|
|
||||||
|
# Normal case
|
||||||
|
# Use of categories to define approval and sub-manager
|
||||||
|
def approval_users
|
||||||
|
auth_approval_authorized_users
|
||||||
|
end
|
||||||
|
|
||||||
|
def sub_managers
|
||||||
|
auth_sub_manager_authorized_users
|
||||||
|
end
|
||||||
|
|
||||||
|
def user_can_approve?(user)
|
||||||
|
approval_users.include?(user) if approval_users
|
||||||
|
end
|
||||||
|
|
||||||
|
def user_can_sub_manage?(user)
|
||||||
|
sub_managers.include?(user) if sub_managers
|
||||||
|
end
|
||||||
|
|
||||||
|
# Specific case
|
||||||
|
# Approval or sub-manager is defined on something else than categories
|
||||||
|
def authorized_users_by_title(title)
|
||||||
|
approval_users if auth_approval && auth_approval.title.eql?(title)
|
||||||
|
sub_managers if auth_sub_manager && auth_sub_manager.title.eql?(title)
|
||||||
|
end
|
||||||
|
|
||||||
|
def get_authorization_by_title(title)
|
||||||
|
auth_approval if auth_approval && auth_approval.title.eql?(title)
|
||||||
|
auth_sub_manager if auth_sub_manager && auth_sub_manager.title.eql?(title)
|
||||||
|
end
|
||||||
|
|
||||||
|
def user_is_authorized_by_title?(user, title)
|
||||||
|
authorized_users_by_title(title).include?(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
|
@ -3,11 +3,7 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
|
||||||
|
|
||||||
before_filter :clean_values, :only => [:create, :update]
|
before_filter :clean_values, :only => [:create, :update]
|
||||||
|
|
||||||
# before_filter :for_admin_only,:only => [:]
|
prepend_before_filter :set_public, :only => [:index, :show, :get_sorted_and_filtered_bulletins]
|
||||||
# before_filter :for_app_manager,:only => [:index,:show,]
|
|
||||||
before_filter :force_order_for_visitor,:only=>[:index,:show,:get_sorted_and_filtered_bulletins]
|
|
||||||
before_filter :force_order_for_user,:except => [:index,:show,:get_sorted_and_filtered_bulletins]
|
|
||||||
before_filter :for_app_sub_manager,:except => [:index,:show,:get_sorted_and_filtered_bulletins]
|
|
||||||
|
|
||||||
before_filter :only => [ :new, :create, :edit, :update ] do |controller|
|
before_filter :only => [ :new, :create, :edit, :update ] do |controller|
|
||||||
@categories = get_categories_for_form
|
@categories = get_categories_for_form
|
||||||
|
|
|
@ -1,9 +1,6 @@
|
||||||
class Panel::PageContent::BackEnd::PageContextsController < OrbitBackendController
|
class Panel::PageContent::BackEnd::PageContextsController < OrbitBackendController
|
||||||
before_filter :force_order_for_visitor,:only=>[:index]
|
|
||||||
before_filter :force_order_for_user,:except => [:index]
|
prepend_before_filter :set_public, :only => [:index]
|
||||||
|
|
||||||
before_filter :for_app_manager,:except => [:index]
|
|
||||||
before_filter :for_app_sub_manager,:except => [:index]
|
|
||||||
|
|
||||||
#before_filter :is_admin?
|
#before_filter :is_admin?
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ class PageContext
|
||||||
include Mongoid::Timestamps
|
include Mongoid::Timestamps
|
||||||
include Mongoid::MultiParameterAttributes
|
include Mongoid::MultiParameterAttributes
|
||||||
include Impressionist::Impressionable
|
include Impressionist::Impressionable
|
||||||
include OrbitCoreLib::ObjectAuthable
|
include OrbitModel::Authorizable
|
||||||
|
|
||||||
is_impressionable :counter_cache => { :column_name => :view_count }
|
is_impressionable :counter_cache => { :column_name => :view_count }
|
||||||
|
|
||||||
|
|
Reference in New Issue