First version of app and object auth for web_resource module. Basic fund is ok. backend need to be secued
This commit is contained in:
parent
b23b5e8ec5
commit
3f744dab05
|
@ -3,7 +3,6 @@ class Admin::ObjectAuthsNewInterfaceController < OrbitBackendController
|
||||||
layout "new_admin"
|
layout "new_admin"
|
||||||
before_filter :force_order
|
before_filter :force_order
|
||||||
|
|
||||||
layout "new_admin"
|
|
||||||
|
|
||||||
|
|
||||||
def setting
|
def setting
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
class OrbitBackendController< ApplicationController
|
class OrbitBackendController< ApplicationController
|
||||||
before_filter :force_order,:except => [:public]
|
before_filter :force_order,:except => [:public]
|
||||||
before_filter :setup_vars
|
before_filter :setup_vars
|
||||||
|
before_filter :set_current_user
|
||||||
|
|
||||||
# before_filter {|c| c.front_end_available(@app_title)}
|
# before_filter {|c| c.front_end_available(@app_title)}
|
||||||
# before_filter :check_user_can_use
|
# before_filter :check_user_can_use
|
||||||
include OrbitCoreLib::PermissionUnility
|
include OrbitCoreLib::PermissionUnility
|
||||||
|
|
|
@ -16,8 +16,8 @@ module Admin::AdBannerHelper
|
||||||
end
|
end
|
||||||
|
|
||||||
def show_ad_banner_permission_link(ad_banner)
|
def show_ad_banner_permission_link(ad_banner)
|
||||||
type = 'edit'
|
type = 'edit'
|
||||||
oa = ad_banner.get_object_auth_by_title(type)
|
oa = ad_banner.get_object_auth_by_title(type)
|
||||||
if oa.nil?
|
if oa.nil?
|
||||||
ad_banner.object_auths.new(title: type ).save
|
ad_banner.object_auths.new(title: type ).save
|
||||||
oa = ad_banner.get_object_auth_by_title(type)
|
oa = ad_banner.get_object_auth_by_title(type)
|
||||||
|
@ -26,8 +26,6 @@ module Admin::AdBannerHelper
|
||||||
link_to t('admin.ad.cate_auth'),admin_object_auth_ob_auth_path(oa),:class => "btn btn-warning"
|
link_to t('admin.ad.cate_auth'),admin_object_auth_ob_auth_path(oa),:class => "btn btn-warning"
|
||||||
end
|
end
|
||||||
|
|
||||||
def at_least_module_manager
|
|
||||||
is_manager? || is_admin?
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
end
|
|
@ -0,0 +1,11 @@
|
||||||
|
module Admin::WebLinkHelper
|
||||||
|
def show_web_link_permission_link(web_link)
|
||||||
|
type = 'edit'
|
||||||
|
oa = web_link.get_object_auth_by_title(type)
|
||||||
|
if oa.nil?
|
||||||
|
web_link.object_auths.new(title: type ).save
|
||||||
|
oa = web_link.get_object_auth_by_title(type)
|
||||||
|
end
|
||||||
|
link_to t('admin.web_link.cate_auth'),admin_object_auth_ob_auth_path(oa)
|
||||||
|
end
|
||||||
|
end
|
|
@ -173,4 +173,8 @@ module ApplicationHelper
|
||||||
locale.to_sym == I18n.locale ? 'active in': ''
|
locale.to_sym == I18n.locale ? 'active in': ''
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def at_least_module_manager
|
||||||
|
is_manager? || is_admin?
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -11,9 +11,7 @@ class ObjectAuth < PrototypeAuth
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_user_has_app_auth
|
def check_user_has_app_auth
|
||||||
debugger
|
sub_managing_users = auth_obj.app_auth.sub_managing_users rescue []
|
||||||
a=1
|
|
||||||
sub_managing_users = auth_obj.app_auth.sub_managing_users
|
|
||||||
app_auth = auth_obj.app_auth
|
app_auth = auth_obj.app_auth
|
||||||
self.auth_users.each do |auth_user|
|
self.auth_users.each do |auth_user|
|
||||||
if !sub_managing_users.include? auth_user && !auth_user.admin?
|
if !sub_managing_users.include? auth_user && !auth_user.admin?
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
<% end -%>
|
<% end -%>
|
||||||
<h3><%= t("admin.ad.picture_list")%></h3>
|
<h3><%= t("admin.ad.picture_list")%></h3>
|
||||||
<div class="adbanner-list">
|
<div class="adbanner-list">
|
||||||
<%if at_least_module_manager || sub_manager?(ad_banner_tab)%>
|
<%if (at_least_module_manager || ad_banner_tab.cur_user_is_sub_manager_of(:edit) )%>
|
||||||
<%= content_tag :div ,:class=>'adbanner-action' do%>
|
<%= content_tag :div ,:class=>'adbanner-action' do%>
|
||||||
<%= link_to t("admin.ad.new_image"),new_admin_ad_banner_ad_image_path(ad_banner_tab) ,:class => "btn btn-primary"%>
|
<%= link_to t("admin.ad.new_image"),new_admin_ad_banner_ad_image_path(ad_banner_tab) ,:class => "btn btn-primary"%>
|
||||||
<%= link_to t("modal.preview"), admin_realtime_preview_ad_banner_path(ad_banner_tab.id) , :class=>'preview_trigger btn btn-success'%>
|
<%= link_to t("modal.preview"), admin_realtime_preview_ad_banner_path(ad_banner_tab.id) , :class=>'preview_trigger btn btn-success'%>
|
||||||
|
|
|
@ -54,16 +54,17 @@
|
||||||
<%#= content_tag :li, link_to(t('admin.ad.all_banners'), admin_ad_banners_path), :class => active_for_action('ad_banners', 'index') %>
|
<%#= content_tag :li, link_to(t('admin.ad.all_banners'), admin_ad_banners_path), :class => active_for_action('ad_banners', 'index') %>
|
||||||
<%#= content_tag :li, link_to(t('admin.ad.new_banner'), new_admin_ad_banner_path), :class => active_for_action('ad_banners', 'new') %>
|
<%#= content_tag :li, link_to(t('admin.ad.new_banner'), new_admin_ad_banner_path), :class => active_for_action('ad_banners', 'new') %>
|
||||||
<%#= content_tag :li, link_to(t('admin.ad.new_image'), new_ad_image_admin_ad_banners_path), :class => active_for_action('ad_images', 'new') %>
|
<%#= content_tag :li, link_to(t('admin.ad.new_image'), new_ad_image_admin_ad_banners_path), :class => active_for_action('ad_images', 'new') %>
|
||||||
<%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "ad_banners"}))), :class => active_for_app_auth('ad_banners') if (is_admin? rescue nil) %>
|
<%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "ad_banners"}))), :class => active_for_app_auth('ad_banners') if (is_admin? rescue nil) %>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<%= content_tag :li, :class => active_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys') do -%>
|
<%= content_tag :li, :class => active_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys') || active_for_app_auth('web_resource') do -%>
|
||||||
<%= link_to content_tag(:i, nil, :class => 'icons-link') + t('admin.link'), panel_web_resource_back_end_web_links_path %>
|
<%= link_to content_tag(:i, nil, :class => 'icons-link') + t('admin.link'), panel_web_resource_back_end_web_links_path %>
|
||||||
<%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys')) do -%>
|
<%= content_tag :ul, :class => ("nav nav-list " + visible_for_controllers('web_links', '/panel/web_resource/back_end/tags', 'web_link_categorys')) do -%>
|
||||||
<%= content_tag :li, link_to(t('admin.all_articles'), panel_web_resource_back_end_web_links_path), :class => active_for_action('web_links', 'index') %>
|
<%= content_tag :li, link_to(t('admin.all_articles'), panel_web_resource_back_end_web_links_path), :class => active_for_action('web_links', 'index') %>
|
||||||
<%= content_tag :li, link_to(t('announcement.add_new'), new_panel_web_resource_back_end_web_link_path), :class => active_for_action('web_links', 'new') %>
|
<%= content_tag :li, link_to(t('announcement.add_new'), new_panel_web_resource_back_end_web_link_path), :class => active_for_action('web_links', 'new') %>
|
||||||
<%= content_tag :li, link_to(t('announcement.categories'), panel_web_resource_back_end_web_link_categorys_path), :class => active_for_action('web_link_categorys', 'index') %>
|
<%= content_tag :li, link_to(t('announcement.categories'), panel_web_resource_back_end_web_link_categorys_path), :class => active_for_action('web_link_categorys', 'index') %>
|
||||||
<%= content_tag :li, link_to(t('announcement.tags'), panel_web_resource_back_end_tags_path), :class => active_for_action('/panel/web_resource/back_end/tags', 'index') %>
|
<%= content_tag :li, link_to(t('announcement.tags'), panel_web_resource_back_end_tags_path), :class => active_for_action('/panel/web_resource/back_end/tags', 'index') %>
|
||||||
|
<%= content_tag :li, link_to(t('admin.module.authorization'),admin_module_app_manager_auth_proc_path(ModuleApp.first(conditions: {title: "web_resource"}))), :class => active_for_app_auth('web_resource') if (is_admin? rescue nil) %>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
|
|
@ -19,6 +19,10 @@ module OrbitCoreLib
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def cur_user_is_sub_manager_of(title)
|
||||||
|
authed_users(title).include?(User.current)
|
||||||
|
end
|
||||||
|
|
||||||
def app_auth
|
def app_auth
|
||||||
ModuleApp.first(conditions: {:title => self.class::APP_NAME} )
|
ModuleApp.first(conditions: {:title => self.class::APP_NAME} )
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
class Panel::WebResource::BackEnd::WebLinksController < OrbitBackendController
|
class Panel::WebResource::BackEnd::WebLinksController < OrbitBackendController
|
||||||
|
|
||||||
before_filter :authenticate_user!
|
before_filter :authenticate_user!
|
||||||
before_filter :is_admin?
|
# before_filter :for_app_manager,:except => [:index,:show]
|
||||||
|
# before_filter :for_app_sub_manager
|
||||||
|
|
||||||
def index
|
def index
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,12 @@
|
||||||
class WebLinkCategory
|
class WebLinkCategory
|
||||||
include Mongoid::Document
|
include Mongoid::Document
|
||||||
include Mongoid::Timestamps
|
include Mongoid::Timestamps
|
||||||
|
include OrbitCoreLib::ObjectAuthable
|
||||||
|
|
||||||
# include Mongoid::MultiParameterAttributes
|
# include Mongoid::MultiParameterAttributes
|
||||||
|
AfterObjectAuthUrl = '/panel/page_content/back_end/page_contexts'
|
||||||
|
APP_NAME = 'web_resource'
|
||||||
|
ObjectAuthTitlesOptions = %W{edit}
|
||||||
|
|
||||||
field :key
|
field :key
|
||||||
|
|
||||||
|
@ -11,4 +16,8 @@ class WebLinkCategory
|
||||||
|
|
||||||
has_many :web_links
|
has_many :web_links
|
||||||
|
|
||||||
|
def pp_object
|
||||||
|
i18n_variable[I18n.locale]
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
|
@ -3,12 +3,15 @@
|
||||||
<tr id="<%= dom_id web_link_category %>" class="with_action">
|
<tr id="<%= dom_id web_link_category %>" class="with_action">
|
||||||
<td>
|
<td>
|
||||||
<%= web_link_category.key %>
|
<%= web_link_category.key %>
|
||||||
<div class="quick-edit">
|
<%if at_least_module_manager %>
|
||||||
<ul class="nav nav-pills hide">
|
<div class="quick-edit">
|
||||||
<li><%= link_to t('web_link_category.edit'), edit_panel_web_resource_back_end_web_link_category_path(web_link_category), :remote => true %></li>
|
<ul class="nav nav-pills hide">
|
||||||
<li><%= link_to t('web_link_category.delete'), panel_web_resource_back_end_web_link_category_path(web_link_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
|
<li><%= link_to t('web_link_category.edit'), edit_panel_web_resource_back_end_web_link_category_path(web_link_category), :remote => true %></li>
|
||||||
</ul>
|
<li><%= link_to t('web_link_category.delete'), panel_web_resource_back_end_web_link_category_path(web_link_category), :confirm => t('announcement.sure?'), :method => :delete, :remote => true %></li>
|
||||||
</div>
|
<li><%= show_web_link_permission_link web_link_category %></li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
<% end -%>
|
||||||
</td>
|
</td>
|
||||||
<% @site_valid_locales.each do |locale| %>
|
<% @site_valid_locales.each do |locale| %>
|
||||||
<td><%= web_link_category.i18n_variable[locale] rescue nil %></td>
|
<td><%= web_link_category.i18n_variable[locale] rescue nil %></td>
|
||||||
|
|
|
@ -34,6 +34,6 @@
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
<div id="form"><%= render :partial => "form" %></div>
|
<div id="form"><%= render :partial => "form" if at_least_module_manager%></div>
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -24,8 +24,10 @@
|
||||||
<%= link_to web_link.name[I18n.locale], panel_web_resource_back_end_web_link_path(web_link) %>
|
<%= link_to web_link.name[I18n.locale], panel_web_resource_back_end_web_link_path(web_link) %>
|
||||||
<div class="quick-edit">
|
<div class="quick-edit">
|
||||||
<ul class="nav nav-pills hide">
|
<ul class="nav nav-pills hide">
|
||||||
|
<%if at_least_module_manager || web_link.web_link_category.cur_user_is_sub_manager_of(:edit)%>
|
||||||
<li><%= link_to t('web_link.edit'), edit_panel_web_resource_back_end_web_link_path(web_link) %></li>
|
<li><%= link_to t('web_link.edit'), edit_panel_web_resource_back_end_web_link_path(web_link) %></li>
|
||||||
<li><%= link_to t('web_link.delete'), panel_web_resource_back_end_web_link_path(web_link), :confirm => t('sure?'), :method => :delete, :remote => true %></li>
|
<li><%= link_to t('web_link.delete'), panel_web_resource_back_end_web_link_path(web_link), :confirm => t('sure?'), :method => :delete, :remote => true %></li>
|
||||||
|
<% end -%>
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
</td>
|
</td>
|
||||||
|
|
Loading…
Reference in New Issue