2012-02-09 09:48:51 +00:00
|
|
|
module OrbitCoreLib
|
|
|
|
|
module ObjectAuthable
|
|
|
|
|
def self.included(base)
|
|
|
|
|
base.instance_eval("has_many :object_auths,as: :obj_authable,dependent: :delete")
|
|
|
|
|
|
|
|
|
|
base.define_singleton_method :authed_for_user do |user,title = nil|
|
|
|
|
|
sub_role_ids_ary=user.sub_roles.collect{|t| t.id}
|
|
|
|
|
if title.nil?
|
|
|
|
|
auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s)
|
|
|
|
|
else
|
|
|
|
|
auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s,title: title)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
query1 = auth_object_space.any_in({sub_role_ids: sub_role_ids_ary}).excludes(blocked_user_ids: user.id)
|
|
|
|
|
query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id},{role_ids: user.role.id}).excludes(blocked_user_ids: user.id)
|
|
|
|
|
result = (query1 + query2).uniq
|
|
|
|
|
result.collect{|t| t.obj_authable}
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
2012-04-27 10:38:21 +00:00
|
|
|
def get_object_auth_by_title(title)
|
|
|
|
|
self.object_auths.where({title: title }).first
|
|
|
|
|
end
|
|
|
|
|
|
2012-02-09 09:48:51 +00:00
|
|
|
def authed_users(title=nil)
|
|
|
|
|
users = []
|
2012-03-22 06:33:59 +00:00
|
|
|
users = case title
|
|
|
|
|
when :all
|
|
|
|
|
ary = self.object_auths.collect{|t| t.auth_users}
|
|
|
|
|
ary.flatten!
|
|
|
|
|
when nil
|
|
|
|
|
if self.object_auths.count ==1
|
|
|
|
|
self.object_auths.first.auth_users_after_block_list rescue []
|
|
|
|
|
else
|
|
|
|
|
logger.info "Warning calling a auth commend without specificed value( has multi-auths ), return empty"
|
|
|
|
|
[]
|
|
|
|
|
end
|
2012-02-09 09:48:51 +00:00
|
|
|
else
|
2012-04-27 10:38:21 +00:00
|
|
|
get_object_auth_by_title(title).auth_users rescue []
|
2012-02-09 09:48:51 +00:00
|
|
|
end
|
|
|
|
|
users
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|
2012-02-16 05:57:28 +00:00
|
|
|
module ObjectTokenUnility
|
|
|
|
|
def self.included(base)
|
|
|
|
|
base.instance_eval("field :s_token")
|
|
|
|
|
base.instance_eval("after_create :generate_token")
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def token
|
|
|
|
|
return self.s_token
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
protected
|
|
|
|
|
def generate_token
|
|
|
|
|
self.s_token = ActiveSupport::SecureRandom.hex(16)
|
|
|
|
|
self.save!
|
|
|
|
|
end
|
|
|
|
|
end
|
2012-02-15 10:20:44 +00:00
|
|
|
|
|
|
|
|
module PermissionUnility
|
|
|
|
|
private
|
|
|
|
|
def check_permission(type = :use)
|
|
|
|
|
permission_grant = current_user.admin?? true : false
|
2012-02-16 05:57:28 +00:00
|
|
|
module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app
|
2012-02-15 10:20:44 +00:00
|
|
|
unless permission_grant
|
|
|
|
|
permission_grant = case type
|
|
|
|
|
when :use
|
|
|
|
|
users_ary = module_app.app_auth.auth_users rescue nil
|
|
|
|
|
users_ary = [] if users_ary.nil?
|
|
|
|
|
(users_ary.include?(current_user) || module_app.is_manager?(current_user) || module_app.is_sub_manager?(current_user))
|
|
|
|
|
when :manager
|
|
|
|
|
module_app.is_manager?(current_user)
|
|
|
|
|
when :sub_manager
|
|
|
|
|
module_app.is_manager?(current_user) || module_app.is_sub_manager?(current_user)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
permission_grant
|
|
|
|
|
end
|
2012-02-16 05:57:28 +00:00
|
|
|
def find_module_app_by_token(token)
|
|
|
|
|
ModuleApp.first(conditions: {s_token: token})
|
|
|
|
|
end
|
2012-02-15 10:20:44 +00:00
|
|
|
end
|
2012-02-09 09:48:51 +00:00
|
|
|
end
|
