orbit-4-1/app/controllers/admin/object_auths_new_interface_...

class Admin::ObjectAuthsNewInterfaceController < OrbitBackendController
  include OrbitCoreLib::PermissionUtility
  before_filter :force_order

  def set_module_app
    @module_app = ModuleApp.where(:title=>'Announcement').first
  end

  
  def setting
    @sys_users = User.all(conditions: {admin: false}).includes(:avatar).not_guest_user
    @ob_auth = ObjectAuth.find params[:object_auth_id]
    @options_from_collection_for_select_ob_auth = @ob_auth.siblings.collect{|oa| [oa.auth_obj.pp_object,oa.id] }
    @users_array = @ob_auth.privilege_users rescue []

    respond_to do |format|
      format.html
      format.js
    end
  end
  
  def update_setting
    ob_auth = update_setting_by_params
    if ob_auth.save!
      flash[:notice] = t('update.success_')
    else
      flash[:notice] = t('update.fail')
    end
  end
  
  def user_list
    @ob_auth = ObjectAuth.find params[:ob_auth][:id]
  end

  protected
  def update_setting_by_params
    user_sat = []
    oa = ObjectAuth.find params[:ob_auth][:id]
    user_sat += User.find params[:users].keys if params.has_key? :users
    users_to_new = user_sat - oa.auth_users
    users_to_remove = oa.auth_users - user_sat

    users_to_new.each do |new_user|
      oa.privilege_users << new_user
      oa.add_user_to_privilege_list(new_user)
    end

    users_to_remove.each do |remove_user|
      oa.privilege_users.delete_if{|user| user == remove_user}
      oa.remove_user_from_privilege_list(remove_user)
    end
    oa
  end
  
  # def get_categorys(id = nil)
  #   @bulletin_categorys = []
  #   if(is_manager? || is_admin?)
  #     @bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.all)
  #   elsif is_sub_manager?
  #     @bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit_new')
  #   end
  # end

  def force_order
    authenticate_user!
    set_module_app
    setup_vars
    check_if_user_can_do_object_auth
  end

  def check_if_user_can_do_object_auth
    unless  check_permission(:manager)
      redirect_to '/'
    end
  end

  def check_permission(var)
    #app = ModuleApp.first({conditions:{key: params[:module_app_key]}})
    # setup_vars
    @module_app.is_manager?(current_user) || current_user.admin?
  end

  def setup_vars
    http_referer = request.env['HTTP_REFERER'] || ''
    if http_referer.split('/')[4]  == "object_auths"
      @app_key = params[:app_key]
    else
      @app_key = http_referer.split('/')[4]   
    end

    #@app_key = request.fullpath.split('/')[1] if(@app_key == "back_end") 
    if @app_key
      @app_key.gsub!(/[?].*/,'')
      @module_app = ModuleApp.first(conditions: {:key => @app_key} )
      if @module_app.nil?
        raise ObjectAuthError, 'Auth procress failed, module_app not exist '
      end
    else
        raise ObjectAuthError, 'Auth procress failed, pls redo your sop'
    end
    

  end

end
Change to apply page to had object_auth 2012-05-14 04:34:15 +00:00			`class Admin::ObjectAuthsNewInterfaceController < OrbitBackendController`
default widgets and sidebar. 2012-12-03 10:52:36 +00:00			`include OrbitCoreLib::PermissionUtility`
New Interface for App Auth and Object Auth 2012-05-11 08:44:40 +00:00			`before_filter :force_order`
first version of confined sidebar render 2012-11-20 07:56:52 +00:00
			`def set_module_app`
			`@module_app = ModuleApp.where(:title=>'Announcement').first`
			`end`

New Interface for App Auth and Object Auth 2012-05-11 08:44:40 +00:00
			`def setting`
.not_guest_user 2012-12-19 10:51:17 +00:00			`@sys_users = User.all(conditions: {admin: false}).includes(:avatar).not_guest_user`
New Interface for App Auth and Object Auth 2012-05-11 08:44:40 +00:00			`@ob_auth = ObjectAuth.find params[:object_auth_id]`
object_auth change to reload 2012-10-04 10:20:21 +00:00			`@options_from_collection_for_select_ob_auth = @ob_auth.siblings.collect{\|oa\| [oa.auth_obj.pp_object,oa.id] }`
New Interface for App Auth and Object Auth 2012-05-11 08:44:40 +00:00			`@users_array = @ob_auth.privilege_users rescue []`

			`respond_to do \|format\|`
			`format.html`
			`format.js`
			`end`
			`end`

			`def update_setting`
			`ob_auth = update_setting_by_params`
			`if ob_auth.save!`
Changes for i18n yml 2012-09-12 11:12:50 +00:00			`flash[:notice] = t('update.success_')`
New Interface for App Auth and Object Auth 2012-05-11 08:44:40 +00:00			`else`
Changes for i18n yml 2012-09-12 11:12:50 +00:00			`flash[:notice] = t('update.fail')`
New Interface for App Auth and Object Auth 2012-05-11 08:44:40 +00:00			`end`
			`end`

			`def user_list`
			`@ob_auth = ObjectAuth.find params[:ob_auth][:id]`
			`end`

			`protected`
			`def update_setting_by_params`
Change to apply page to had object_auth 2012-05-14 04:34:15 +00:00			`user_sat = []`
New Interface for App Auth and Object Auth 2012-05-11 08:44:40 +00:00			`oa = ObjectAuth.find params[:ob_auth][:id]`
Change to apply page to had object_auth 2012-05-14 04:34:15 +00:00			`user_sat += User.find params[:users].keys if params.has_key? :users`
New Interface for App Auth and Object Auth 2012-05-11 08:44:40 +00:00			`users_to_new = user_sat - oa.auth_users`
			`users_to_remove = oa.auth_users - user_sat`

			`users_to_new.each do \|new_user\|`
fix object auth without app_auth 2012-10-16 06:23:44 +00:00			`oa.privilege_users << new_user`
New Interface for App Auth and Object Auth 2012-05-11 08:44:40 +00:00			`oa.add_user_to_privilege_list(new_user)`
			`end`

			`users_to_remove.each do \|remove_user\|`
fix object auth without app_auth 2012-10-16 06:23:44 +00:00			`oa.privilege_users.delete_if{\|user\| user == remove_user}`
New Interface for App Auth and Object Auth 2012-05-11 08:44:40 +00:00			`oa.remove_user_from_privilege_list(remove_user)`
			`end`
			`oa`
			`end`

			`# def get_categorys(id = nil)`
			`# @bulletin_categorys = []`
			`# if(is_manager? \|\| is_admin?)`
hide category at front end 2012-07-09 04:05:21 +00:00			`# @bulletin_categorys = (id ? BulletinCategory.find(id).to_a : BulletinCategory.all)`
New Interface for App Auth and Object Auth 2012-05-11 08:44:40 +00:00			`# elsif is_sub_manager?`
			`# @bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit_new')`
			`# end`
			`# end`

			`def force_order`
			`authenticate_user!`
first version of confined sidebar render 2012-11-20 07:56:52 +00:00			`set_module_app`
fix object auth. show error message if user try to do object auth in a wrong way. 2013-01-02 06:34:34 +00:00			`setup_vars`
New Interface for App Auth and Object Auth 2012-05-11 08:44:40 +00:00			`check_if_user_can_do_object_auth`
			`end`

			`def check_if_user_can_do_object_auth`
			`unless check_permission(:manager)`
fix for 403 for new interface 2012-08-31 10:56:26 +00:00			`redirect_to '/'`
New Interface for App Auth and Object Auth 2012-05-11 08:44:40 +00:00			`end`
			`end`

fix object_auth security problem 2012-09-07 09:53:43 +00:00			`def check_permission(var)`
			`#app = ModuleApp.first({conditions:{key: params[:module_app_key]}})`
			`# setup_vars`
			`@module_app.is_manager?(current_user) \|\| current_user.admin?`
			`end`

			`def setup_vars`
fix object auth. show error message if user try to do object auth in a wrong way. 2013-01-02 06:34:34 +00:00			`http_referer = request.env['HTTP_REFERER'] \|\| ''`
			`if http_referer.split('/')[4] == "object_auths"`
fix for listing object error 2012-09-19 02:45:03 +00:00			`@app_key = params[:app_key]`
			`else`
fix object auth. show error message if user try to do object auth in a wrong way. 2013-01-02 06:34:34 +00:00			`@app_key = http_referer.split('/')[4]`
fix for listing object error 2012-09-19 02:45:03 +00:00			`end`

			`#@app_key = request.fullpath.split('/')[1] if(@app_key == "back_end")`
fix object auth. show error message if user try to do object auth in a wrong way. 2013-01-02 06:34:34 +00:00			`if @app_key`
			`@app_key.gsub!(/[?].*/,'')`
			`@module_app = ModuleApp.first(conditions: {:key => @app_key} )`
			`if @module_app.nil?`
			`raise ObjectAuthError, 'Auth procress failed, module_app not exist '`
			`end`
			`else`
			`raise ObjectAuthError, 'Auth procress failed, pls redo your sop'`
			`end`


fix object_auth security problem 2012-09-07 09:53:43 +00:00			`end`

.not_guest_user 2012-12-19 10:51:17 +00:00			`end`