orbit-basic/app/controllers/admin/object_auths_controller.rb

class Admin::ObjectAuthsController < ApplicationController
  include OrbitCoreLib::PermissionUnility
  layout "admin"
  before_filter :force_order
#  before_filter :is_admin? ,:only => :index
  

  
  def index
    # if current_user.admin?
      @object_auths = ObjectAuth.all
    # else
    #       @module_apps = current_user.managing_apps.collect{|t| t.managing_app}
    #     end
  end
  
  def new
    obj = eval(params[:type]).find params[:obj_id]
    @object_auth=obj.object_auths.build
    @object_auth_title_option = eval(params[:type]+"::ObjectAuthTitlesOptions")
    respond_to do |format|
      format.html # new.html.erb
      format.xml  { render :xml => @post }
    end
  end
  
  def create
    obj = eval(params[:object_auth][:type]).find params[:object_auth][:obj_id]
    @object_auth=obj.object_auths.build :title=> params[:object_auth][:title]
    if @object_auth.save
      redirect_to edit_admin_object_auth_path(@object_auth)
    else
      flash[:error] = t('admin.object.a_object_must_have_only_one_object_auth_profile_for_each_action')
      redirect_to (:back)
    end
  end

  def create_role
    object_auth = ObjectAuth.find(params[:id])
    auth_all = params[:auth_all] || false
    object_auth.update_attribute(:all,auth_all)
    new_array = params[:new] || []
    new_array.each do |item|
      field = item[0]
      field_value = item[1]
      if field_value!=''
        case field
        when 'role'
          object_auth.send("add_#{field}",(Role.find field_value)) rescue nil
        when 'sub_role'
          object_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil
        when 'privilege_user'
          object_auth.add_user_to_privilege_list (User.find field_value) rescue nil
        when 'blocked_user'  
          object_auth.add_user_to_black_list (User.find field_value) rescue nil
        end
      end
    end
    redirect_to edit_admin_object_auth_path(object_auth)
   end
  
  def remove_role
    object_auth = ObjectAuth.find(params[:id])
         type = params[:type]
         field_value = params[:target_id]
         if field_value!=''
           case type
           when 'role'
             object_auth.remove_role(Role.find field_value) rescue nil
           when 'sub_role'
             object_auth.remove_sub_role(SubRole.find field_value) rescue nil
           when 'privilege_user'
             object_auth.remove_user_from_privilege_list (User.find field_value) rescue nil
           when 'blocked_user'  
             object_auth.remove_user_from_black_list (User.find field_value) rescue nil
           end
         end
       redirect_to edit_admin_object_auth_path(object_auth)
  end

  def edit
    @object_auth = ObjectAuth.find(params[:id])
  end

private

  def force_order
    authenticate_user!
    check_if_user_can_do_object_auth
  end

  def check_if_user_can_do_object_auth
    unless  check_permission(:manager)
      render :nothing => true, :status => 403 
    end
  end
end