authentasaurus 0.7.3 → 0.8.3
Sign up to get free protection for your applications and to get access to all the features.
- data/TODO +3 -0
- data/app/controllers/areas_controller.rb +1 -1
- data/app/controllers/groups_controller.rb +1 -1
- data/app/controllers/permissions_controller.rb +1 -1
- data/app/controllers/recoveries_controller.rb +1 -1
- data/app/controllers/registrations_controller.rb +1 -1
- data/app/controllers/sessions_controller.rb +1 -1
- data/app/controllers/user_invitations_controller.rb +1 -1
- data/app/controllers/users_controller.rb +1 -1
- data/app/controllers/validations_controller.rb +1 -1
- data/app/models/area.rb +1 -1
- data/app/models/group.rb +1 -1
- data/app/models/permission.rb +1 -1
- data/app/models/recovery.rb +1 -1
- data/app/models/session.rb +1 -1
- data/app/models/user_invitation.rb +1 -1
- data/app/models/validation.rb +1 -1
- data/lib/authentasaurus.rb +22 -36
- data/lib/authentasaurus/ac/acts_as_overrider.rb +47 -0
- data/lib/authentasaurus/ac/controllers/areas_controller.rb +80 -0
- data/lib/authentasaurus/ac/controllers/groups_controller.rb +81 -0
- data/lib/authentasaurus/ac/controllers/permissions_controller.rb +81 -0
- data/lib/authentasaurus/ac/controllers/recoveries_controller.rb +72 -0
- data/lib/authentasaurus/ac/controllers/registrations_controller.rb +45 -0
- data/lib/authentasaurus/ac/controllers/sessions_controller.rb +58 -0
- data/lib/authentasaurus/ac/controllers/user_invitations_controller.rb +50 -0
- data/lib/authentasaurus/ac/controllers/users_controller.rb +80 -0
- data/lib/authentasaurus/ac/controllers/validations_controller.rb +53 -0
- data/lib/authentasaurus/ac/routing.rb +90 -0
- data/lib/authentasaurus/ar/acts_as_authenticatable.rb +113 -0
- data/lib/authentasaurus/ar/acts_as_authenticatable_validatable.rb +38 -0
- data/lib/authentasaurus/ar/acts_as_overrider.rb +51 -0
- data/lib/authentasaurus/ar/authenticatable.rb +66 -0
- data/lib/authentasaurus/ar/migrations.rb +173 -0
- data/lib/authentasaurus/{models → ar/models}/recovery.rb +3 -3
- data/lib/authentasaurus/{models → ar/models}/session.rb +1 -1
- data/lib/authentasaurus/{models → ar/models}/user_invitation.rb +1 -1
- data/lib/authentasaurus/{models → ar/models}/validation.rb +1 -1
- data/lib/authentasaurus/arel/acts_as_authenticatable.rb +72 -0
- data/lib/authentasaurus/arel/authenticatable.rb +25 -0
- data/lib/authentasaurus/authorization.rb +341 -0
- data/lib/authentasaurus/railtie.rb +4 -4
- data/lib/generators/authentasaurus/install/templates/initializer.rb +1 -1
- data/rdoc/apple-touch-icon.png +0 -0
- data/rdoc/classes/Authentasaurus.html +65 -0
- data/rdoc/classes/Authentasaurus/Ac.html +72 -0
- data/rdoc/classes/Authentasaurus/Ac/ActsAsOverrider.html +104 -0
- data/rdoc/classes/Authentasaurus/Ac/ActsAsOverrider/ClassMethods.html +397 -0
- data/rdoc/classes/Authentasaurus/Ac/Routing.html +61 -0
- data/rdoc/classes/Authentasaurus/Ac/Routing/InstanceMethods.html +390 -0
- data/rdoc/classes/Authentasaurus/Ar.html +77 -0
- data/rdoc/classes/Authentasaurus/Ar/ActsAsAuthenticatable.html +107 -0
- data/rdoc/classes/Authentasaurus/Ar/ActsAsAuthenticatable/ClassMethods.html +168 -0
- data/rdoc/classes/Authentasaurus/Ar/ActsAsAuthenticatable/InstanceMethods.html +357 -0
- data/rdoc/classes/Authentasaurus/Ar/ActsAsAuthenticatableValidatable.html +109 -0
- data/rdoc/classes/Authentasaurus/Ar/ActsAsAuthenticatableValidatable/ClassMethods.html +113 -0
- data/rdoc/classes/Authentasaurus/Ar/ActsAsAuthenticatableValidatable/InstanceMethods.html +54 -0
- data/rdoc/classes/Authentasaurus/Ar/ActsAsOverrider.html +104 -0
- data/rdoc/classes/Authentasaurus/Ar/ActsAsOverrider/ClassMethods.html +320 -0
- data/rdoc/classes/Authentasaurus/Ar/Authenticatable.html +104 -0
- data/rdoc/classes/Authentasaurus/Ar/Authenticatable/ClassMethods.html +182 -0
- data/rdoc/classes/Authentasaurus/Ar/Migrations.html +63 -0
- data/rdoc/classes/Authentasaurus/Ar/Migrations/Columns.html +68 -0
- data/rdoc/classes/Authentasaurus/Ar/Migrations/Columns/InstanceMethods.html +106 -0
- data/rdoc/classes/Authentasaurus/Ar/Migrations/Tables.html +68 -0
- data/rdoc/classes/Authentasaurus/Ar/Migrations/Tables/InstanceMethods.html +703 -0
- data/rdoc/classes/Authentasaurus/Arel.html +65 -0
- data/rdoc/classes/Authentasaurus/Arel/ActsAsAuthenticatable.html +107 -0
- data/rdoc/classes/Authentasaurus/Arel/ActsAsAuthenticatable/ClassMethods.html +139 -0
- data/rdoc/classes/Authentasaurus/Arel/ActsAsAuthenticatable/InstanceMethods.html +113 -0
- data/rdoc/classes/Authentasaurus/Arel/Authenticatable.html +105 -0
- data/rdoc/classes/Authentasaurus/Arel/Authenticatable/ClassMethods.html +119 -0
- data/rdoc/classes/Authentasaurus/Authorization.html +230 -0
- data/rdoc/classes/Authentasaurus/Authorization/ActionController.html +63 -0
- data/rdoc/classes/Authentasaurus/Authorization/ActionController/ClassMethods.html +263 -0
- data/rdoc/classes/Authentasaurus/Authorization/ActionController/InstanceMethods.html +54 -0
- data/rdoc/classes/Authentasaurus/Authorization/ActionView.html +54 -0
- data/rdoc/classes/Authentasaurus/Authorization/CommonInstanceMethods.html +240 -0
- data/rdoc/created.rid +1 -0
- data/rdoc/css/main.css +278 -0
- data/rdoc/css/panel.css +383 -0
- data/rdoc/css/reset.css +53 -0
- data/rdoc/favicon.ico +0 -0
- data/rdoc/files/README_rdoc.html +366 -0
- data/rdoc/files/TODO.html +64 -0
- data/rdoc/files/lib/authentasaurus/ac/acts_as_overrider_rb.html +52 -0
- data/rdoc/files/lib/authentasaurus/ac/routing_rb.html +60 -0
- data/rdoc/files/lib/authentasaurus/ar/acts_as_authenticatable_rb.html +52 -0
- data/rdoc/files/lib/authentasaurus/ar/acts_as_authenticatable_validatable_rb.html +52 -0
- data/rdoc/files/lib/authentasaurus/ar/acts_as_overrider_rb.html +52 -0
- data/rdoc/files/lib/authentasaurus/ar/authenticatable_rb.html +52 -0
- data/rdoc/files/lib/authentasaurus/ar/migrations_rb.html +52 -0
- data/rdoc/files/lib/authentasaurus/arel/acts_as_authenticatable_rb.html +52 -0
- data/rdoc/files/lib/authentasaurus/arel/authenticatable_rb.html +72 -0
- data/rdoc/files/lib/authentasaurus/authorization_rb.html +208 -0
- data/rdoc/i/arrows.png +0 -0
- data/rdoc/i/results_bg.png +0 -0
- data/rdoc/i/tree_bg.png +0 -0
- data/rdoc/index.html +15 -0
- data/rdoc/js/jquery-1.3.2.min.js +19 -0
- data/rdoc/js/jquery-effect.js +593 -0
- data/rdoc/js/main.js +22 -0
- data/rdoc/js/searchdoc.js +628 -0
- data/rdoc/panel/index.html +71 -0
- data/rdoc/panel/search_index.js +1 -0
- data/rdoc/panel/tree.js +1 -0
- metadata +92 -44
- data/lib/action_controller/authorization.rb +0 -215
- data/lib/action_view/authorization.rb +0 -52
- data/lib/active_record/acts_as_authenticatable.rb +0 -111
- data/lib/active_record/acts_as_authenticatable_validatable.rb +0 -36
- data/lib/active_record/authenticatable.rb +0 -64
- data/lib/active_resource/acts_as_authenticatable.rb +0 -70
- data/lib/active_resource/authenticatable.rb +0 -24
- data/lib/authentasaurus/areas_controller.rb +0 -78
- data/lib/authentasaurus/groups_controller.rb +0 -79
- data/lib/authentasaurus/models/area.rb +0 -21
- data/lib/authentasaurus/models/group.rb +0 -19
- data/lib/authentasaurus/models/permission.rb +0 -24
- data/lib/authentasaurus/permissions_controller.rb +0 -79
- data/lib/authentasaurus/recoveries_controller.rb +0 -70
- data/lib/authentasaurus/registrations_controller.rb +0 -43
- data/lib/authentasaurus/sessions_controller.rb +0 -56
- data/lib/authentasaurus/user_invitations_controller.rb +0 -48
- data/lib/authentasaurus/users_controller.rb +0 -78
- data/lib/authentasaurus/validations_controller.rb +0 -51
- data/lib/helpers/migrations.rb +0 -171
- data/lib/helpers/routing.rb +0 -87
@@ -1,7 +1,7 @@
|
|
1
1
|
# This class represents a session model, a session authenticates a username and a password.
|
2
2
|
#
|
3
3
|
# A session behaves just like an ActiveRecord model
|
4
|
-
module Authentasaurus::Models
|
4
|
+
module Authentasaurus::Ar::Models
|
5
5
|
module Session
|
6
6
|
def self.included(base) # :nodoc:
|
7
7
|
base.send :extend, ClassMethods
|
@@ -0,0 +1,72 @@
|
|
1
|
+
module Authentasaurus::Arel
|
2
|
+
module ActsAsAuthenticatable
|
3
|
+
def self.included(base)
|
4
|
+
base.send :extend, ClassMethods
|
5
|
+
base.send :include, InstanceMethods
|
6
|
+
end
|
7
|
+
|
8
|
+
module ClassMethods
|
9
|
+
## Authenticates the username and password
|
10
|
+
def authenticate(username, password, remember = false)
|
11
|
+
case(self.format)
|
12
|
+
when ActiveResource::Formats::XmlFormat
|
13
|
+
user = self.new Hash.from_xml(self.post(:signin,:username => username, :password => password, :remember => remember).body).values.first
|
14
|
+
when ActiveResource::Formats::JsonFormat
|
15
|
+
user = self.new ActiveSupport::JSON.decode(self.post(:signin,:username => username, :password => password, :remember => remember).body).first
|
16
|
+
else
|
17
|
+
user = self.new Hash.from_xml(self.post(:signin,:username => username, :password => password, :remember => remember).body).values.first
|
18
|
+
end
|
19
|
+
|
20
|
+
unless user.nil?
|
21
|
+
if self.sync && !self.sync_to.nil?
|
22
|
+
last_update = user.attributes.delete "updated_at"
|
23
|
+
local_user = self.sync_to.find_or_initialize_by_username user.username, user.attributes
|
24
|
+
|
25
|
+
unless local_user.new_record?
|
26
|
+
last_update_datetime = (last_update.kind_of?(String)) ? (DateTime.parse(last_update)) : (last_update)
|
27
|
+
|
28
|
+
if local_user.updated_at < last_update_datetime
|
29
|
+
local_user.update_attributes user.attributes
|
30
|
+
end
|
31
|
+
else
|
32
|
+
local_user.password = password
|
33
|
+
local_user.password_confirmation = password
|
34
|
+
|
35
|
+
local_user.hashed_password = user.hashed_password
|
36
|
+
local_user.password_seed = user.password_seed
|
37
|
+
|
38
|
+
self.sync_to.default_data.each do |key,value|
|
39
|
+
local_user.send(key.to_s + '=', value)
|
40
|
+
end
|
41
|
+
|
42
|
+
local_user.save
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
return user
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
module InstanceMethods
|
51
|
+
def sync
|
52
|
+
if self.class.sync && !self.class.sync_to.nil?
|
53
|
+
user = self.dup
|
54
|
+
last_update = user.attributes.delete "updated_at"
|
55
|
+
local_user = self.class.sync_to.find_or_initialize_by_username user.username, user.attributes
|
56
|
+
|
57
|
+
unless local_user.new_record?
|
58
|
+
local_user.update_attributes user.attributes
|
59
|
+
else
|
60
|
+
self.sync_to.default_data.each do |key,value|
|
61
|
+
local_user.send(key.to_s + '=', value)
|
62
|
+
end
|
63
|
+
|
64
|
+
local_user.save
|
65
|
+
end
|
66
|
+
else
|
67
|
+
false
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
module Authentasaurus::Arel
|
2
|
+
module Authenticatable
|
3
|
+
def self.included(base)
|
4
|
+
base.send :extend, ClassMethods
|
5
|
+
|
6
|
+
end
|
7
|
+
|
8
|
+
module ClassMethods
|
9
|
+
|
10
|
+
def authenticatable(*args)
|
11
|
+
self.unloadable
|
12
|
+
options = args.extract_options!
|
13
|
+
|
14
|
+
self.site = options[:site] || Rails.application.config.authentasaurus[:modules][:remote][self.name.underscore.gsub(/_sync/, "").to_sym][:site]
|
15
|
+
self.element_name = options[:session_element].try(:to_s) || Rails.application.config.authentasaurus[:modules][:remote][self.name.underscore.gsub(/_sync/, "").to_sym][:session_element]
|
16
|
+
self.sync = options[:sync] || Rails.application.config.authentasaurus[:modules][:remote][self.name.underscore.gsub(/_sync/, "").to_sym][:sync]
|
17
|
+
self.sync_to = options[:sync_to].try(:to_s).try(:camelize).try(:constantize) || Rails.application.config.authentasaurus[:modules][:remote][self.name.underscore.gsub(/_sync/, "").to_sym][:sync_to].camelize.constantize
|
18
|
+
|
19
|
+
|
20
|
+
# include authentication methods
|
21
|
+
include Authentasaurus::Arel::ActsAsAuthenticatable
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,341 @@
|
|
1
|
+
# =Authorization Helpers
|
2
|
+
# The authorization module provides helpers for restricting access to your controllers.
|
3
|
+
#
|
4
|
+
# Each controller is considered an area in Authentasaurus, for example UsersController stands for
|
5
|
+
# "users" area. Each area must be defined in the Areas table so Authentasaurus can control access
|
6
|
+
# to it.
|
7
|
+
#
|
8
|
+
# Authentasaurus provides a simple rake task to define areas automatically:
|
9
|
+
#
|
10
|
+
# rake authentasaurus:create_areas
|
11
|
+
#
|
12
|
+
# == Restricting Access
|
13
|
+
# You can restrict access to any controller using one of the following class methods on your
|
14
|
+
# controller.
|
15
|
+
#
|
16
|
+
# At login, Authentasaurus will load the permissions of the group the user belongs to in the session
|
17
|
+
# and will use them to authorize access to the area.
|
18
|
+
#
|
19
|
+
# There are three levels of restriction in Authentasaurus, login, read and write; with the exception
|
20
|
+
# of login, read and write don't have any logic behind them; they are defined using the Permission and
|
21
|
+
# are only symbolically named i.e.: you can use read instead of write and vice versa it only depends on
|
22
|
+
# how you use them.
|
23
|
+
#
|
24
|
+
# === Restricting access to logged in users
|
25
|
+
# You can restrict access to an area to logged in users only using the ActionController::ClassMethods#require_login
|
26
|
+
# class method.
|
27
|
+
#
|
28
|
+
# Consider the following example restricting access to the pages controller to only logged in users:
|
29
|
+
#
|
30
|
+
# class PagesController < ActionController::Base
|
31
|
+
# require_login
|
32
|
+
# ...
|
33
|
+
# end
|
34
|
+
#
|
35
|
+
# You can also specify which actions to restrict:
|
36
|
+
#
|
37
|
+
# require_login :new, :create, :index
|
38
|
+
#
|
39
|
+
# Authentasaurus will automatically redirect users to the sign-in page if they try accessing the area
|
40
|
+
# while they are not logged in. Once the user logs in he/she is redirected back to his/her original destination
|
41
|
+
# unless you explicitly skip that behaviour:
|
42
|
+
#
|
43
|
+
# require_login :skip_request => true
|
44
|
+
#
|
45
|
+
# === Restricting access according to permissions
|
46
|
+
# Unlike the login restriction, permissions restrictions checks if the user is logged in and has
|
47
|
+
# the permission to access the area.
|
48
|
+
#
|
49
|
+
# Users get permissions from their parent group and permissions are dynamically set in the database.
|
50
|
+
#
|
51
|
+
# Authentasaurus currently supports only two permissions, read and write, both permissions are
|
52
|
+
# symbolically named, they have no meaning.
|
53
|
+
#
|
54
|
+
# ==== Restricting access to users with read permission
|
55
|
+
#
|
56
|
+
# class PagesController < ActionController::Base
|
57
|
+
# require_read
|
58
|
+
# ...
|
59
|
+
# end
|
60
|
+
#
|
61
|
+
# ActionController::ClassMethods#require_read takes the same options as ActionController::ClassMethods#require_login
|
62
|
+
# and ActionController::ClassMethods#require_write
|
63
|
+
#
|
64
|
+
# ==== Restricting access to users with write permission
|
65
|
+
#
|
66
|
+
# class PagesController < ActionController::Base
|
67
|
+
# require_write
|
68
|
+
# ...
|
69
|
+
# end
|
70
|
+
#
|
71
|
+
# ActionController::ClassMethods#require_write takes the same options as ActionController::ClassMethods#require_login
|
72
|
+
# and ActionController::ClassMethods#require_read
|
73
|
+
#
|
74
|
+
# == Checking if the user is logged in in actions or views
|
75
|
+
# Along with the class helpers, Authentasaurus includes a helper to check if the user is logged in
|
76
|
+
# inside any of your actions:
|
77
|
+
#
|
78
|
+
# is_logged_in?
|
79
|
+
#
|
80
|
+
# Check ActionController::CommonInstanceMethods#is_logged_in? for more information.
|
81
|
+
#
|
82
|
+
# == Checking permissions in actions or views
|
83
|
+
# You can also check if the logged in user has a certain permission.
|
84
|
+
#
|
85
|
+
# Consider the following example to check if the logged in user has read permission on the current
|
86
|
+
# area
|
87
|
+
#
|
88
|
+
# has?(:read)
|
89
|
+
#
|
90
|
+
# You can also check permissions on an area while in another, for example to check if the current
|
91
|
+
# user has write permission on the users area:
|
92
|
+
#
|
93
|
+
# has?(:write,:users)
|
94
|
+
#
|
95
|
+
# Check ActionController::CommonInstanceMethods#has? for more information.
|
96
|
+
#
|
97
|
+
# == Retrieving the current user in actions or views
|
98
|
+
# To get the logged in user you can use the following helper:
|
99
|
+
#
|
100
|
+
# current_user
|
101
|
+
#
|
102
|
+
# Check ActionController::CommonInstanceMethods#current_user for more information.
|
103
|
+
module Authentasaurus::Authorization
|
104
|
+
module CommonInstanceMethods
|
105
|
+
# Returns an object of the current user
|
106
|
+
#
|
107
|
+
# <b>Parameters:</b>
|
108
|
+
#
|
109
|
+
# user_model - The model class representing a user (User by default)
|
110
|
+
def current_user(user_model = nil)#:doc:
|
111
|
+
user_model = User if user_model.nil?
|
112
|
+
return user_model.find session[:user_id] if session[:user_id]
|
113
|
+
end
|
114
|
+
|
115
|
+
# Checks if the current user has the appropriate permission
|
116
|
+
#
|
117
|
+
# <b>ex</b>:
|
118
|
+
# has?(:write) or has?(:read, :users)
|
119
|
+
#
|
120
|
+
# <b>Parameters:</b>
|
121
|
+
#
|
122
|
+
# permission - The permission to check, either :read or :write
|
123
|
+
# area - The area to check the permission on, by default checks the current area.
|
124
|
+
def has?(permission, area = nil) #:doc:
|
125
|
+
return false unless is_logged_in?
|
126
|
+
check = false
|
127
|
+
case permission
|
128
|
+
when :write
|
129
|
+
unless area
|
130
|
+
user_permissions = session[:user_permissions]
|
131
|
+
check = user_permissions[:write].find { |perm| perm==self.controller_name || perm=="all" }
|
132
|
+
else
|
133
|
+
user_permissions = session[:user_permissions]
|
134
|
+
check = user_permissions[:write].find { |perm| perm==area.to_s || perm=="all" }
|
135
|
+
end
|
136
|
+
when :read
|
137
|
+
unless area
|
138
|
+
user_permissions = session[:user_permissions]
|
139
|
+
check = user_permissions[:read].find { |perm| perm==self.controller_name || perm=="all" }
|
140
|
+
else
|
141
|
+
user_permissions = session[:user_permissions]
|
142
|
+
check = user_permissions[:read].find { |perm| perm==area.to_s || perm=="all" }
|
143
|
+
end
|
144
|
+
end
|
145
|
+
return check
|
146
|
+
end
|
147
|
+
|
148
|
+
# Checks if the current user is logged in but takes no further action
|
149
|
+
#
|
150
|
+
# <b>Parameters:</b>
|
151
|
+
#
|
152
|
+
# user_model - The model class representing a user (User by default)
|
153
|
+
def is_logged_in?(user_model = nil) #:doc:
|
154
|
+
user_model = User if user_model.nil?
|
155
|
+
unless user_model.find_by_id(session[:user_id])
|
156
|
+
return cookie_login?(user_model)
|
157
|
+
end
|
158
|
+
return true
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
162
|
+
module ActionController
|
163
|
+
def self.included(base) # :nodoc:
|
164
|
+
base.send :extend, ClassMethods
|
165
|
+
base.send :include, InstanceMethods
|
166
|
+
end
|
167
|
+
|
168
|
+
module ClassMethods
|
169
|
+
|
170
|
+
# Requires the user to login before accessing the actions specified
|
171
|
+
#
|
172
|
+
# <b>ex:</b> Tells Authentasaurus that the action destroy requires login and that Authentasaurus
|
173
|
+
# shouldn't store the request in the session (typically for logout actions).
|
174
|
+
#
|
175
|
+
# require_login :destroy, :skip_request => true
|
176
|
+
#
|
177
|
+
# <b>Options</b>
|
178
|
+
#
|
179
|
+
# :skip_request - skips saving the original request (to redirect to after login)
|
180
|
+
# :user_model - if defined, authentasaurus will use that model instead of the default "User"
|
181
|
+
# :if - specifies a method, proc or string to call to determine if the authorization should occur
|
182
|
+
# :unless - specifies a method, proc or string to call to determine if the authorization should not occur
|
183
|
+
def require_login (*attrs)
|
184
|
+
options = attrs.extract_options!.symbolize_keys
|
185
|
+
attrs = attrs.flatten
|
186
|
+
|
187
|
+
unless attrs.empty?
|
188
|
+
before_filter :only => attrs, :if => options[:if], :unless => options[:unless] do |controller|
|
189
|
+
controller.instance_eval {check_logged_in !options[:skip_request].nil?, options[:user_model]}
|
190
|
+
end
|
191
|
+
else
|
192
|
+
before_filter :if => options[:if], :unless => options[:unless] do |c|
|
193
|
+
c.instance_eval {check_logged_in !options[:skip_request].nil?, options[:user_model]}
|
194
|
+
end
|
195
|
+
end
|
196
|
+
end
|
197
|
+
|
198
|
+
# Requires the user to have a write permission to that area to access the actions specified
|
199
|
+
#
|
200
|
+
# <b>ex:</b> Tells Authentasaurus that the actions create_user and delete_user requires login and write
|
201
|
+
# permission.
|
202
|
+
#
|
203
|
+
# require_write :create_user, :delete_user
|
204
|
+
#
|
205
|
+
# <b>Options</b>
|
206
|
+
#
|
207
|
+
# :skip_request - skips saving the original request (to redirect to after login)
|
208
|
+
# :user_model - if defined, authentasaurus will use that model instead of the default "User"
|
209
|
+
# :if - specifies a method, proc or string to call to determine if the authorization should occur
|
210
|
+
# :unless - specifies a method, proc or string to call to determine if the authorization should not occur
|
211
|
+
def require_write(*attrs)
|
212
|
+
options = attrs.extract_options!.symbolize_keys
|
213
|
+
attrs = attrs.flatten
|
214
|
+
|
215
|
+
|
216
|
+
unless attrs.empty?
|
217
|
+
before_filter :only => attrs, :if => options[:if], :unless => options[:unless] do |controller|
|
218
|
+
controller.instance_eval { check_write_permissions !options[:skip_request].nil?, options[:user_model] }
|
219
|
+
end
|
220
|
+
else
|
221
|
+
before_filter :if => options[:if], :unless => options[:unless] do |c|
|
222
|
+
c.instance_eval {check_write_permissions !options[:skip_request].nil?, options[:user_model]}
|
223
|
+
end
|
224
|
+
end
|
225
|
+
end
|
226
|
+
|
227
|
+
# Requires the user to have a read permission to that area to access the actions specified
|
228
|
+
#
|
229
|
+
# <b>ex:</b> Tells Authentasaurus that the action show_user requires login and read permission.
|
230
|
+
#
|
231
|
+
# require_read :show_user
|
232
|
+
#
|
233
|
+
# <b>Options</b>
|
234
|
+
#
|
235
|
+
# :skip_request - skips saving the original request (to redirect to after login)
|
236
|
+
# :user_model - if defined, authentasaurus will use that model instead of the default "User"
|
237
|
+
# :if - specifies a method, proc or string to call to determine if the authorization should occur
|
238
|
+
# :unless - specifies a method, proc or string to call to determine if the authorization should not occur
|
239
|
+
def require_read(*attrs)
|
240
|
+
options = attrs.extract_options!.symbolize_keys
|
241
|
+
attrs = attrs.flatten
|
242
|
+
|
243
|
+
unless attrs.empty?
|
244
|
+
before_filter :only => attrs, :if => options[:if], :unless => options[:unless] do |controller|
|
245
|
+
controller.instance_eval { check_read_permissions !options[:skip_request].nil?, options[:user_model] }
|
246
|
+
end
|
247
|
+
else
|
248
|
+
before_filter :if => options[:if], :unless => options[:unless] do |c|
|
249
|
+
c.instance_eval { check_read_permissions !options[:skip_request].nil?, options[:user_model] }
|
250
|
+
end
|
251
|
+
end
|
252
|
+
end
|
253
|
+
end
|
254
|
+
|
255
|
+
module InstanceMethods #:nodoc:
|
256
|
+
private
|
257
|
+
include CommonInstanceMethods
|
258
|
+
|
259
|
+
# Checks if the current user is logged in and redirects to the login path if the user is not logged in.
|
260
|
+
#
|
261
|
+
# If skip_request is set to true, the user won't be redirected to the original url after he/she logs in.
|
262
|
+
def check_logged_in(skip_request = false, user_model = nil) #:nodoc:
|
263
|
+
unless is_logged_in?(user_model)
|
264
|
+
login_required skip_request
|
265
|
+
end
|
266
|
+
end
|
267
|
+
|
268
|
+
# Checks if the current user is logged in and has write permission over the current controller, redirects to no access
|
269
|
+
# page if the user hasn't the permissions and redirects to the login path if the user is not logged in
|
270
|
+
#
|
271
|
+
# If skip_request is set to true, the user won't be redirected to the original url after he/she logs in.
|
272
|
+
def check_write_permissions(skip_request = false, user_model = nil) #:nodoc:
|
273
|
+
if is_logged_in?(user_model)
|
274
|
+
user_permissions = session[:user_permissions]
|
275
|
+
check = user_permissions[:write].find { |perm| perm==self.controller_name || perm=="all" }
|
276
|
+
unless check
|
277
|
+
redirect_to no_access_sessions_path
|
278
|
+
end
|
279
|
+
else
|
280
|
+
login_required skip_request
|
281
|
+
end
|
282
|
+
end
|
283
|
+
|
284
|
+
# Checks if the current user is logged in and has read permission over the current controller, redirects to no access
|
285
|
+
# page if the user hasn't the permissions and redirects to the login path if the user is not logged in
|
286
|
+
#
|
287
|
+
# If skip_request is set to true, the user won't be redirected to the original url after he/she logs in.
|
288
|
+
def check_read_permissions(skip_request = false, user_model = nil) #:nodoc:
|
289
|
+
if is_logged_in?(user_model)
|
290
|
+
user_permissions = session[:user_permissions]
|
291
|
+
check = user_permissions[:read].find { |perm| perm==self.controller_name || perm=="all" }
|
292
|
+
unless check
|
293
|
+
redirect_to no_access_sessions_path
|
294
|
+
end
|
295
|
+
else
|
296
|
+
login_required skip_request
|
297
|
+
end
|
298
|
+
end
|
299
|
+
|
300
|
+
# Logs in the user through a remember me cookie
|
301
|
+
def cookie_login?(user_model = nil) #:nodoc:
|
302
|
+
user_model = User if user_model.nil?
|
303
|
+
|
304
|
+
if cookies[:remember_me_token]
|
305
|
+
user = user_model.find_by_remember_me_token cookies[:remember_me_token]
|
306
|
+
if user.nil?
|
307
|
+
cookies.delete :remember_me_token
|
308
|
+
return false
|
309
|
+
else
|
310
|
+
session[:user_id] = user.id
|
311
|
+
session[:user_permissions] = {:read => user.permissions.collect{|per| per.area.name if per.read}, :write => user.permissions.collect{|per| per.area.name if per.write}}
|
312
|
+
return true
|
313
|
+
end
|
314
|
+
else
|
315
|
+
return false
|
316
|
+
end
|
317
|
+
end
|
318
|
+
|
319
|
+
# Redirects the user to the login page
|
320
|
+
#
|
321
|
+
# If skip_request is set to true, the user won't be redirected to the original url after he/she logs in.
|
322
|
+
def login_required(skip_request) #:nodoc:
|
323
|
+
unless(skip_request)
|
324
|
+
session[:original_url]=request.url
|
325
|
+
end
|
326
|
+
flash.now[:alert] = t(:login_required, :scope => [:authentasaurus, :action_controller, :errors, :messages])
|
327
|
+
redirect_to new_session_path
|
328
|
+
end
|
329
|
+
|
330
|
+
def controller_instance #:nodoc:
|
331
|
+
self
|
332
|
+
end
|
333
|
+
end
|
334
|
+
end
|
335
|
+
|
336
|
+
module ActionView # :nodoc:
|
337
|
+
def self.included(base)
|
338
|
+
base.send :include, CommonInstanceMethods
|
339
|
+
end
|
340
|
+
end
|
341
|
+
end
|