This repository has been archived on 2024-03-16. You can view files and clone it, but cannot push or open issues or pull requests.
orbit-4-1/app/controllers/admin/object_auths_controller.rb

84 lines
2.6 KiB
Ruby

class Admin::ObjectAuthsController < ApplicationController
include OrbitCoreLib::PermissionUnility
layout "admin"
before_filter :authenticate_user!
before_filter :check_if_user_can_do_object_auth
# before_filter :is_admin? ,:only => :index
def index
# if current_user.admin?
@object_auths = ObjectAuth.all
# else
# @module_apps = current_user.managing_apps.collect{|t| t.managing_app}
# end
end
def new
obj = eval(params[:type]).find params[:obj_id]
@object_auth=obj.object_auths.build
@object_auth_title_option = eval(params[:type]+"::ObjectAuthTitlesOptions")
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @post }
end
end
def create
obj = eval(params[:object_auth][:type]).find params[:object_auth][:obj_id]
@object_auth=obj.object_auths.create :title=> params[:object_auth][:title]
redirect_to edit_admin_object_auth_path(@object_auth)
end
def create_role
object_auth = ObjectAuth.find(params[:id])
params[:new].each do |item|
field = item[0]
field_value = item[1]
if field_value!=''
case field
when 'role'
object_auth.send("add_#{field}",(Role.find field_value)) rescue nil
when 'sub_role'
object_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil
when 'privilege_user'
object_auth.add_user_to_privilege_list (User.find field_value) rescue nil
when 'blocked_user'
object_auth.add_user_to_black_list (User.find field_value) rescue nil
end
end
end
redirect_to edit_admin_object_auth_path(object_auth)
end
def remove_role
object_auth = ObjectAuth.find(params[:id])
type = params[:type]
field_value = params[:target_id]
if field_value!=''
case type
when 'role'
object_auth.remove_role(Role.find field_value) rescue nil
when 'sub_role'
object_auth.remove_sub_role(SubRole.find field_value) rescue nil
when 'privilege_user'
object_auth.remove_user_from_privilege_list (User.find field_value) rescue nil
when 'blocked_user'
object_auth.remove_user_from_black_list (User.find field_value) rescue nil
end
end
redirect_to edit_admin_object_auth_path(object_auth)
end
def edit
@object_auth = ObjectAuth.find(params[:id])
end
private
def check_if_user_can_do_object_auth
unless check_permission(:manager)
render :nothing => true, :status => 403
end
end
end