From 951be509e582d2843fb13314c09a4ae56175186f Mon Sep 17 00:00:00 2001
From: manson <manson@rulingcom.com>
Date: Thu, 31 Jul 2014 20:41:24 +0800
Subject: [PATCH] Add authorization

---
 app/controllers/admin/faqs_controller.rb |  8 ++++++--
 app/views/admin/faqs/_index.html.erb     |  6 ++++--
 lib/faq/engine.rb                        | 14 +++++++++-----
 3 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/app/controllers/admin/faqs_controller.rb b/app/controllers/admin/faqs_controller.rb
index cded815..58168e0 100644
--- a/app/controllers/admin/faqs_controller.rb
+++ b/app/controllers/admin/faqs_controller.rb
@@ -63,8 +63,12 @@ class Admin::FaqsController < OrbitAdminController
 
   def edit
     @qa = Qa.find(params[:id])
-    @tags = @module_app.tags
-    @categories = @module_app.categories
+    if can_edit_or_delete?(@qa)
+      @tags = @module_app.tags
+      @categories = @module_app.categories
+    else
+      render_401
+    end
   end
 
   def update
diff --git a/app/views/admin/faqs/_index.html.erb b/app/views/admin/faqs/_index.html.erb
index c48ddf7..22e09f0 100644
--- a/app/views/admin/faqs/_index.html.erb
+++ b/app/views/admin/faqs/_index.html.erb
@@ -19,8 +19,10 @@
 				<a href="#" target="_blank"><%= qa.title %></a>
 				<div class="quick-edit">
 					<ul class="nav nav-pills">
-						<li><a href="/<%= I18n.locale.to_s %>/admin/faqs/<%= qa.id.to_s %>/edit"><%= t(:edit) %></a></li>
-						<li><a href="/admin/faqs/<%= qa.id.to_s %>" data-method="delete" data-confirm="Are you sure?"><%= t(:delete_) %></a></li>
+						<% if can_edit_or_delete?(qa) %>
+							<li><a href="/<%= I18n.locale.to_s %>/admin/faqs/<%= qa.id.to_s %>/edit"><%= t(:edit) %></a></li>
+							<li><a href="/admin/faqs/<%= qa.id.to_s %>" data-method="delete" data-confirm="Are you sure?"><%= t(:delete_) %></a></li>
+						<% end %>
 					</ul>
 				</div>
 			</td>
diff --git a/lib/faq/engine.rb b/lib/faq/engine.rb
index aa51d7f..c9f2173 100644
--- a/lib/faq/engine.rb
+++ b/lib/faq/engine.rb
@@ -13,33 +13,37 @@ module Faq
         data_count 1..10
         side_bar do
           head_label_i18n 'faq.faq', icon_class: "icons-help"
-          available_for [:admin,:manager,:sub_manager]
+          available_for "users"
           active_for_controllers (['admin/faqs'])
           head_link_path "admin_faqs_path"
 
           context_link 'all',
                 :link_path=>"admin_faqs_path" ,
                 :priority=>1,
-                :active_for_action=>{'admin/faqs'=>"index"}
+                :active_for_action=>{'admin/faqs'=>"index"},
+                :available_for => 'users'
 
           context_link 'new_',
                 :link_path=>"new_admin_faq_path" ,
                 :priority=>2,
-                :active_for_action=>{'admin/faqs'=>"new"}
+                :active_for_action=>{'admin/faqs'=>"new"},
+                :available_for => 'sub_managers'
 
           context_link 'categories',
                 :link_path=>"admin_module_app_categories_path" ,
                 :link_arg=>"{:module_app_id=>ModuleApp.find_by(:key=>'faq').id}",
                 :priority=>3,
                 :active_for_action=>{'admin/faqs'=>'categories'},
-                :active_for_category => 'Faq'
+                :active_for_category => 'Faq',
+                :available_for => 'managers'
 
           context_link 'tags',
                 :link_path=>"admin_module_app_tags_path" ,
                 :link_arg=>"{:module_app_id=>ModuleApp.find_by(:key=>'faq').id}",
                 :priority=>4,
                 :active_for_action=>{'admin/faqs'=>'tags'},
-                :active_for_tag => 'Faq'
+                :active_for_tag => 'Faq',
+                :available_for => 'managers'
       	end
       end
   	end