Merge branch 'master' of github.com:saberma/shopqi

app/controllers/admin/oauth_controller.rb

@@ -1,5 +1,6 @@
 class Admin::OauthController < Admin::AppController
   prepend_before_filter :authenticate_user!, except: [:access_token]
+  before_filter :check_theme_permission, except: :access_token
 
 
   def authorize # 返回authorize_code
@@ -41,5 +42,8 @@ def allow
   #     nil
   #   end
   # end
+  def check_theme_permission
+    render template: 'shared/access_deny', layout: 'application' if current_user && !current_user.has_right?('themes')
+  end
 
 end

app/controllers/theme/themes_controller.rb

@@ -84,7 +84,7 @@ def authenticate # 跳转至用户商店的认证登录页面oauth
       session[:shop_url] ||= params[:shop_url] # 如果后台管理已经设置了商店url
       if session[:shop_url] == ""
          session[:shop_url] = nil
-         redirect_to theme_store_url_with_port and return 
+         redirect_to theme_store_url_with_port and return
       end
       redirect_to client.auth_code.authorize_url(
         redirect_uri: "#{theme_store_url_with_port}/callback"

app/models/user.rb

@@ -39,7 +39,7 @@ def is_admin?
 
   def has_right?(resource_code)
     #暂时不需要校验首页权限，目前没有很多数据内容
-    no_check_controller_array = ['account','users','kindeditor','photos','sessions','home']     #不需要校验权限的控制器
+    no_check_controller_array = ['account','users','kindeditor','photos','sessions','home','oauth']     #不需要校验权限的控制器
     permissions = [all_resources.map(&:code) << no_check_controller_array].flatten
     resource_code.in?(permissions)
   end

spec/requests/account_spec.rb

@@ -32,7 +32,7 @@
   context '#update user permission' do #在账户页面更改用户权限
     describe "change the user permission" do
       include_context 'login admin'
-      it "should can update the permission",js: true,f: true do
+      it "should can update the permission",js: true do
         visit account_index_path
         click_on '新增用户'
         fill_in 'user[name]', with: 'liwh'