diff --git a/app/controllers/admin/labs_controller.rb b/app/controllers/admin/labs_controller.rb
index 53ff63d..3570edf 100644
--- a/app/controllers/admin/labs_controller.rb
+++ b/app/controllers/admin/labs_controller.rb
@@ -4,6 +4,9 @@ class Admin::LabsController < OrbitMemberController
before_action :set_plugin
before_action :get_settings,:only => [:new, :edit, :setting]
+ before_action :need_access_right
+ before_action :allow_admin_only, :only => [:index, :setting]
+
def index
@labs = Lab.order_by(:year=>'desc').page(params[:page]).per(10)
end
@@ -17,7 +20,7 @@ class Admin::LabsController < OrbitMemberController
@member = MemberProfile.find(lab_params['member_profile_id']) rescue nil
@lab = Lab.new(lab_params)
@lab.save
- redirect_to URI.encode('/admin/members/'+@member.to_param+'/Lab')
+ redirect_to params['referer_url']
end
def edit
@@ -30,7 +33,7 @@ class Admin::LabsController < OrbitMemberController
@lab = Lab.find(params[:id])
@lab.update_attributes(lab_params)
@lab.save
- redirect_to URI.encode('/admin/members/'+@member.to_param+'/Lab')
+ redirect_to params['referer_url']
end
def destroy
diff --git a/app/views/admin/labs/_form.html.erb b/app/views/admin/labs/_form.html.erb
index de9fcbe..0a8078c 100644
--- a/app/views/admin/labs/_form.html.erb
+++ b/app/views/admin/labs/_form.html.erb
@@ -205,6 +205,7 @@
<%= f.hidden_field :user_id, :value => params[:user_id] if !params[:user_id].blank? %>
+
<%= f.submit t('submit'), class: 'btn btn-primary' %>
<%= link_to t('cancel'), get_go_back, :class=>"btn" %>
diff --git a/app/views/plugin/personal_lab/_profile.html.erb b/app/views/plugin/personal_lab/_profile.html.erb
index 3f43316..3c75ad7 100644
--- a/app/views/plugin/personal_lab/_profile.html.erb
+++ b/app/views/plugin/personal_lab/_profile.html.erb
@@ -6,15 +6,14 @@
<% end %>
<%
- is_autorized_user = (current_user==@member.user || current_user.is_admin?)
- if is_autorized_user
+ if has_access?
@labs = Lab.where(member_profile_id: @member.id).desc(:year).page(params[:page]).per(10)
else
@labs = Lab.where(is_hidden: false, member_profile_id: @member.id).desc(:year).page(params[:page]).per(10)
end
%>
-<% if is_autorized_user %>
+<% if has_access? %>
<%= link_to('Hide', '#', :class => "btn btn-mini list-active-btn disabled", "data-check-action" => "list-be-hide", :rel => toggle_hide_admin_labs_path(member_profile_id: params[:id], disable: 'true') ) %>
@@ -26,7 +25,7 @@
- <% if is_autorized_user %>
+ <% if has_access? %>
|
<% end -%>
<%= t('personal_lab.year') %> |
@@ -37,7 +36,7 @@
<% @labs.each do |lab| %>
">
- <% if is_autorized_user %>
+ <% if has_access? %>
<%= check_box_tag 'to_change[]', lab.id.to_s, false, :class => "list-check" %>
|
@@ -47,8 +46,10 @@
<%= link_to lab.lab_title, OrbitHelper.url_to_plugin_show(lab.to_param,'personal_lab'), target: "blank"%>
- - <%= link_to t('edit'), '/admin/members/'+@member.to_param+'/labs/'+lab.id+'/edit' %>
- - <%= link_to t(:delete_), admin_lab_path(id: lab.id, member_profile_id: @member.id), method: :delete, remote: true, data: { confirm: t('sure?') } %>
+ <% if has_access? %>
+ - <%= link_to t('edit'), '/admin/members/'+@member.to_param+'/labs/'+lab.id+'/edit' %>
+ - <%= link_to t(:delete_), admin_lab_path(id: lab.id, member_profile_id: @member.id), method: :delete, remote: true, data: { confirm: t('sure?') } %>
+ <% end %>
@@ -60,7 +61,7 @@
- <% if is_autorized_user %>
+ <% if has_access? %>
<%= link_to content_tag(:i, nil, :class => 'icon-edit') +' '+ t('setting'),'/admin/members/'+@member.to_param+'/labs/frontend_setting', :class => 'btn btn-primary' %>
<%= link_to content_tag(:i, nil, :class => 'icon-plus') +' '+ t('new_'),