egov_utils 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (80) hide show
  1. checksums.yaml +7 -0
  2. data/MIT-LICENSE +20 -0
  3. data/README.md +28 -0
  4. data/Rakefile +26 -0
  5. data/app/assets/config/egov_utils_manifest.js +2 -0
  6. data/app/assets/javascripts/egov_utils/application.js +23 -0
  7. data/app/assets/javascripts/egov_utils/eGovUtilities.coffee.erb +70 -0
  8. data/app/assets/javascripts/egov_utils/groups.js +2 -0
  9. data/app/assets/javascripts/egov_utils/roles.coffee.erb +56 -0
  10. data/app/assets/javascripts/egov_utils/setup_locale.coffee.erb +2 -0
  11. data/app/assets/javascripts/egov_utils/users.js +2 -0
  12. data/app/assets/stylesheets/egov_utils/application.scss +15 -0
  13. data/app/assets/stylesheets/egov_utils/groups.css +4 -0
  14. data/app/assets/stylesheets/egov_utils/roles.css +4 -0
  15. data/app/assets/stylesheets/egov_utils/users.css +4 -0
  16. data/app/attributes/egov_utils/district.rb +13 -0
  17. data/app/attributes/egov_utils/full_address.rb +17 -0
  18. data/app/attributes/egov_utils/region.rb +13 -0
  19. data/app/controllers/egov_utils/addresses_controller.rb +34 -0
  20. data/app/controllers/egov_utils/application_controller.rb +7 -0
  21. data/app/controllers/egov_utils/groups_controller.rb +27 -0
  22. data/app/controllers/egov_utils/roles_controller.rb +28 -0
  23. data/app/controllers/egov_utils/sessions_controller.rb +83 -0
  24. data/app/controllers/egov_utils/users_controller.rb +64 -0
  25. data/app/helpers/egov_utils/application_helper.rb +4 -0
  26. data/app/helpers/egov_utils/grid_helper.rb +40 -0
  27. data/app/helpers/egov_utils/groups_helper.rb +4 -0
  28. data/app/helpers/egov_utils/roles_helper.rb +4 -0
  29. data/app/helpers/egov_utils/users_helper.rb +4 -0
  30. data/app/jobs/egov_utils/application_job.rb +4 -0
  31. data/app/mailers/egov_utils/application_mailer.rb +6 -0
  32. data/app/models/ability.rb +17 -0
  33. data/app/models/egov_utils/address.rb +79 -0
  34. data/app/models/egov_utils/application_record.rb +5 -0
  35. data/app/models/egov_utils/audit_detail.rb_bac +28 -0
  36. data/app/models/egov_utils/audit_record.rb_bac +98 -0
  37. data/app/models/egov_utils/group.rb +26 -0
  38. data/app/models/egov_utils/person.rb +9 -0
  39. data/app/models/egov_utils/principal.rb +20 -0
  40. data/app/models/egov_utils/user.rb +108 -0
  41. data/app/schemas/egov_utils/address_schema.rb +30 -0
  42. data/app/validators/email_validator.rb +8 -0
  43. data/app/validators/ico_validator.rb +7 -0
  44. data/app/views/common/_grid.html.coffee +130 -0
  45. data/app/views/common/_modal.html.haml +11 -0
  46. data/app/views/egov_utils/addresses/_form.html.haml +51 -0
  47. data/app/views/egov_utils/people/_form.html.haml +3 -0
  48. data/app/views/egov_utils/roles/index.html.haml +29 -0
  49. data/app/views/egov_utils/sessions/new.html.haml +5 -0
  50. data/app/views/egov_utils/users/_form.html.haml +6 -0
  51. data/app/views/egov_utils/users/index.html.haml +62 -0
  52. data/app/views/egov_utils/users/new.html.haml +3 -0
  53. data/app/views/egov_utils/users/show.html.haml +1 -0
  54. data/app/views/errors/error_403.html.haml +1 -0
  55. data/app/views/layouts/egov_utils/_messages.html.haml +7 -0
  56. data/app/views/layouts/egov_utils/application.html.erb +14 -0
  57. data/config/kraj.csv +16 -0
  58. data/config/locales/cs.yml +80 -0
  59. data/config/okres.csv +79 -0
  60. data/config/routes.rb +21 -0
  61. data/db/migrate/20170313100505_create_egov_utils_addresses.rb +18 -0
  62. data/db/migrate/20170315134217_create_egov_utils_users.rb +16 -0
  63. data/db/migrate/20170513115712_create_egov_utils_audit_records.rb_bac +11 -0
  64. data/db/migrate/20170513120006_create_egov_utils_audit_details.rb_bac +13 -0
  65. data/db/migrate/20170630150633_add_provider_to_user.rb +5 -0
  66. data/db/migrate/20170801154511_install_audited.rb +30 -0
  67. data/db/migrate/20170809150646_create_egov_utils_people.rb +12 -0
  68. data/db/migrate/20170824111701_create_egov_utils_groups.rb +12 -0
  69. data/lib/bootstrap_form/datetimepicker.rb +17 -0
  70. data/lib/bootstrap_form/helpers/bootstrap4.rb +12 -0
  71. data/lib/egov_utils/auth_source.rb +326 -0
  72. data/lib/egov_utils/engine.rb +84 -0
  73. data/lib/egov_utils/has_audit_trail.rb +68 -0
  74. data/lib/egov_utils/user_utils/application_controller_patch.rb +92 -0
  75. data/lib/egov_utils/user_utils/role.rb +26 -0
  76. data/lib/egov_utils/version.rb +3 -0
  77. data/lib/egov_utils.rb +5 -0
  78. data/lib/grid/shield_grid.rb +9 -0
  79. data/lib/tasks/egov_utils_tasks.rake +4 -0
  80. metadata +306 -0
@@ -0,0 +1,326 @@
1
+ require 'net-ldap'
2
+
3
+ module EgovUtils
4
+
5
+ class AuthSourceException < Exception; end
6
+ class AuthSourceTimeoutException < AuthSourceException; end
7
+
8
+ class AuthSource
9
+
10
+ NETWORK_EXCEPTIONS = [
11
+ Net::LDAP::LdapError,
12
+ Errno::ECONNABORTED, Errno::ECONNREFUSED, Errno::ECONNRESET,
13
+ Errno::EHOSTDOWN, Errno::EHOSTUNREACH,
14
+ SocketError
15
+ ]
16
+
17
+ def self.config
18
+ YAML.load_file(Rails.root.join('config', 'config.yml'))['ldap']
19
+ end
20
+
21
+ def self.providers
22
+ config.keys
23
+ end
24
+
25
+ def self.authenticate(login, password)
26
+ providers.collect{|p| AuthSource.new(p).authenticate(login, password) }.compact.first
27
+ end
28
+
29
+ def self.kerberos_providers
30
+ config.select{|provider, config| config['kerberos']}.keys
31
+ end
32
+
33
+ def self.find_kerberos_user(login)
34
+ kerberos_providers.collect{|p| AuthSource.new(p).get_kerberos_user_dn(login) }.compact.first
35
+ end
36
+
37
+ attr_accessor :provider
38
+
39
+ def initialize(provider)
40
+ require 'net-ldap'
41
+ @provider = provider
42
+ raise "EgovUtils::AuthSource#initialize - Non existing provider (#{provider.to_s})" unless self.class.providers.include?(provider)
43
+ end
44
+
45
+ def options
46
+ @options ||= self.class.config[provider].dup
47
+ end
48
+
49
+ def host
50
+ options['host']
51
+ end
52
+
53
+ def port
54
+ options['port']
55
+ end
56
+
57
+ def encryption
58
+ case options['method'].to_s
59
+ when 'ssl'
60
+ :simple_tls
61
+ when 'tls'
62
+ :start_tls
63
+ else
64
+ nil
65
+ end
66
+ end
67
+
68
+ def authenticate(login, password)
69
+ return nil if login.blank? || password.blank?
70
+
71
+ with_timeout do
72
+ attrs = get_user_dn(login, password)
73
+ if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
74
+ Rails.logger.debug "Authentication successful for '#{login}'" if Rails.logger && Rails.logger.debug?
75
+ return attrs.except(:dn)
76
+ end
77
+ end
78
+ rescue *NETWORK_EXCEPTIONS => e
79
+ raise AuthSourceException.new(e.message)
80
+ end
81
+
82
+ def get_kerberos_user_dn(login)
83
+ return nil if login.blank?
84
+
85
+ with_timeout do
86
+ search_user_dn(login)
87
+ end
88
+ rescue *NETWORK_EXCEPTIONS => e
89
+ raise AuthSourceException.new(e.message)
90
+ end
91
+
92
+ def base_user_filter
93
+ Net::LDAP::Filter.eq("objectClass", "user") & Net::LDAP::Filter.eq("objectCategory", "person")
94
+ end
95
+
96
+ def base_group_filter
97
+ options['active_directory'] ? Net::LDAP::Filter.eq("objectClass", "group") : Net::LDAP::Filter.eq('objectClass', 'groupOfNames')
98
+ end
99
+
100
+ # Check if a DN (user record) authenticates with the password
101
+ def authenticate_dn(dn, password)
102
+ if dn.present? && password.present?
103
+ initialize_ldap_con(dn, password).bind
104
+ end
105
+ end
106
+
107
+ # Searches the source for users and returns an array of results
108
+ def search_user(q, by_login=false)
109
+ q = q.to_s.strip
110
+ return [] unless q.present?
111
+
112
+ results = []
113
+ search_filter = base_user_filter & user_search_filters(q)
114
+ ldap_con = initialize_ldap_con(options['bind_dn'], options['password'])
115
+ ldap_con.search(:base => options['base'],
116
+ :filter => search_filter,
117
+ :attributes => user_search_attributes,
118
+ :size => 10) do |entry|
119
+ attrs = get_user_attributes_from_ldap_entry(entry)
120
+ if attrs
121
+ attrs[:login] = get_attr(entry, options['attributes']['username'])
122
+ results << attrs
123
+ end
124
+ end
125
+ results
126
+ rescue *NETWORK_EXCEPTIONS => e
127
+ raise AuthSourceException.new(e.message)
128
+ end
129
+
130
+ def search_group(q, by_login=false)
131
+ q = q.to_s.strip
132
+ return [] unless q.present?
133
+
134
+ results = []
135
+ search_filter = base_group_filter & group_search_filters(q)
136
+ ldap_con = initialize_ldap_con(options['bind_dn'], options['password'])
137
+ ldap_con.search(:base => options['base'],
138
+ :filter => search_filter,
139
+ :attributes => group_search_attributes,
140
+ :size => 10) do |entry|
141
+ attrs = get_group_attributes_from_ldap_entry(entry)
142
+ results << attrs if attrs
143
+ end
144
+ results
145
+ rescue *NETWORK_EXCEPTIONS => e
146
+ raise AuthSourceException.new(e.message)
147
+ end
148
+
149
+ def group_members(group_sid)
150
+ ldap_con = initialize_ldap_con(options['bind_dn'], options['password'])
151
+ group_dn = nil
152
+ ldap_con.search(base: options['base'],
153
+ filter: base_group_filter & Net::LDAP::Filter.eq('objectSID', group_sid),
154
+ attributes: ['dn']) do |entry|
155
+ group_dn = get_attr(entry, 'dn')
156
+ end
157
+ results = []
158
+ if group_dn
159
+ ldap_con.search(base: options['base'],
160
+ filter: base_user_filter & Net::LDAP::Filter.ex('memberOf:1.2.840.113556.1.4.1941', group_dn),
161
+ attributes: user_search_attributes) do |entry|
162
+ attrs = get_user_attributes_from_ldap_entry(entry)
163
+ if attrs
164
+ attrs[:login] = get_attr(entry, options['attributes']['username'])
165
+ results << attrs
166
+ end
167
+ end
168
+ end
169
+ results
170
+ end
171
+
172
+ private
173
+ def with_timeout(&block)
174
+ timeout = 20
175
+ Timeout.timeout(timeout) do
176
+ return yield
177
+ end
178
+ rescue Timeout::Error => e
179
+ raise AuthSourceTimeoutException.new(e.message)
180
+ end
181
+
182
+ def initialize_ldap_con(ldap_user, ldap_password)
183
+ options = { :host => self.host,
184
+ :port => self.port,
185
+ :encryption => encryption
186
+ }
187
+ unless ldap_user.blank? && ldap_password.blank?
188
+ options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password })
189
+ else
190
+ options.merge!(:auth => { :method => :anonymous })
191
+ end
192
+ Net::LDAP.new options
193
+ end
194
+
195
+ def onthefly_register?
196
+ !!options['onthefly_register']
197
+ end
198
+
199
+ def register_members_only?
200
+ options['onthefly_register'] == 'members'
201
+ end
202
+
203
+ def get_user_attributes_from_ldap_entry(entry)
204
+ {
205
+ :dn => entry.dn,
206
+ :login => get_attr(entry, options['attributes']['username']),
207
+ :firstname => get_attr(entry, options['attributes']['first_name']),
208
+ :lastname => get_attr(entry, options['attributes']['last_name']),
209
+ :mail => get_attr(entry, options['attributes']['email']),
210
+ :provider => provider
211
+ }
212
+ end
213
+
214
+ def get_group_attributes_from_ldap_entry(entry)
215
+ {
216
+ :dn => entry.dn,
217
+ :name => get_attr(entry, 'cn'),
218
+ :provider => provider,
219
+ :ldap_uid => get_sid_string( get_attr(entry, 'objectSID') )
220
+ }
221
+ end
222
+
223
+ # Return the attributes needed for the LDAP search. It will only
224
+ # include the user attributes if on-the-fly registration is enabled
225
+ def user_search_attributes
226
+ ['dn'] + options['attributes']['username'] + options['attributes']['email'] + [options['attributes']['name'], options['attributes']['first_name'], options['attributes']['last_name']]
227
+ end
228
+ def login_attributes
229
+ if onthefly_register?
230
+ user_search_attributes
231
+ else
232
+ ['dn']
233
+ end
234
+ end
235
+
236
+ def group_search_attributes
237
+ ['dn', 'cn', 'objectSID']
238
+ end
239
+
240
+ def get_user_dn(login, password=nil)
241
+ ldap_con = nil
242
+ if options['bind_dn'].include?("$login")
243
+ ldap_con = initialize_ldap_con(options['bind_dn'].sub("$login", Net::LDAP::DN.escape(login)), password)
244
+ else
245
+ ldap_con = initialize_ldap_con(options['bind_dn'], options['password'])
246
+ end
247
+ attrs = nil
248
+ search_filter = base_user_filter & login_filters(login)
249
+ ldap_con.search( :base => options['base'],
250
+ :filter => search_filter,
251
+ :attributes=> user_search_attributes) do |entry|
252
+ if onthefly_register?
253
+ attrs = get_user_attributes_from_ldap_entry(entry)
254
+ else
255
+ attrs = {:dn => entry.dn}
256
+ end
257
+ Rails.logger.debug "DN found for #{login}: #{attrs[:dn]}" if Rails.logger && Rails.logger.debug?
258
+ end
259
+ attrs
260
+ end
261
+
262
+ def search_user_dn(login, password=nil)
263
+ ldap_con = nil
264
+ if options['bind_dn'].include?("$login")
265
+ ldap_con = initialize_ldap_con(options['bind_dn'].sub("$login", Net::LDAP::DN.escape(login)), password)
266
+ else
267
+ ldap_con = initialize_ldap_con(options['bind_dn'], options['password'])
268
+ end
269
+ attrs = nil
270
+ search_filter = login_search_filters(login) #base_filter & Net::LDAP::Filter.eq(self.attr_login, login)
271
+ ldap_con.search( :base => options['base'],
272
+ :filter => search_filter,
273
+ :attributes=> user_search_attributes) do |entry|
274
+ attrs ||= get_user_attributes_from_ldap_entry(entry)
275
+ Rails.logger.debug "DN found for #{login}: #{attrs[:dn]}" if Rails.logger && Rails.logger.debug?
276
+ end
277
+ attrs
278
+ end
279
+
280
+ def login_filters(login)
281
+ filters = options['attributes']['username'].collect{|un| Net::LDAP::Filter.eq(un, login)}
282
+ filters[1..-1].inject(filters.first){|filter, lf| filter | lf }
283
+ end
284
+
285
+ def login_search_filters(q)
286
+ filters = options['attributes']['username'].collect{|un| Net::LDAP::Filter.begins(un, q)}
287
+ filters[1..-1].inject(filters.first){|filter, lf| filter | lf }
288
+ end
289
+
290
+ def user_search_filters(q)
291
+ Net::LDAP::Filter.begins(options['attributes']['name'], q) |
292
+ Net::LDAP::Filter.begins(options['attributes']['first_name'], q) |
293
+ Net::LDAP::Filter.begins(options['attributes']['last_name'], q) |
294
+ Net::LDAP::Filter.begins(options['attributes']['username'].first, q) |
295
+ Net::LDAP::Filter.begins(options['attributes']['email'].first, q)
296
+ end
297
+
298
+ def group_search_filters(q)
299
+ Net::LDAP::Filter.begins('cn', q)
300
+ end
301
+
302
+ def get_attr(entry, attr_name)
303
+ if attr_name.is_a? Array
304
+ attr_name.collect{|an| get_attr(entry, an).presence }.compact.first.to_s
305
+ elsif !attr_name.blank?
306
+ value = entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
307
+ value.to_s.force_encoding('UTF-8')
308
+ end
309
+ end
310
+
311
+ # converts hex representation of SID returned by AD to its string representation
312
+ def get_sid_string(data)
313
+ return if data.nil?
314
+ sid = data.unpack('b x nN V*')
315
+ sid[1, 2] = Array[nil, b48_to_fixnum(sid[1], sid[2])]
316
+ 'S-' + sid.compact.join('-')
317
+ end
318
+
319
+ B32 = 2**32
320
+
321
+ def b48_to_fixnum(i16, i32)
322
+ i32 + (i16 * B32)
323
+ end
324
+
325
+ end
326
+ end
@@ -0,0 +1,84 @@
1
+ require 'i18n-js'
2
+ require 'cancancan'
3
+ require 'audited'
4
+
5
+ module EgovUtils
6
+ class Engine < ::Rails::Engine
7
+ isolate_namespace EgovUtils
8
+
9
+ config.generators do |g|
10
+ g.test_framework :rspec
11
+ g.fixture_replacement :factory_girl, :dir => 'spec/factories'
12
+ end
13
+
14
+ initializer :append_migrations do |app|
15
+ unless app.root.to_s.match root.to_s
16
+ config.paths["db/migrate"].expanded.each do |expanded_path|
17
+ app.config.paths["db/migrate"] << expanded_path
18
+ end
19
+ end
20
+ end
21
+
22
+ initializer 'egov_utils.set_locales' do
23
+ config.middleware.use I18n::JS::Middleware
24
+ end
25
+
26
+ initializer 'egov_utils.grid_setup' do
27
+ require 'grid/shield_grid'
28
+ ActiveSupport::Reloader.to_prepare do
29
+ AzaharaSchema::Outputs.register(Grid::ShieldGrid)
30
+ end
31
+ ActiveSupport.on_load(:action_controller) do
32
+ ::ActionController::Base.helper EgovUtils::GridHelper
33
+ end
34
+ end
35
+
36
+ # initializer "active_record.include_plugins" do
37
+ # ActiveSupport.on_load(:active_record) do
38
+ # require 'egov_utils/has_audit_trail'
39
+ # include EgovUtils::HasAuditTrail
40
+ # end
41
+ # end
42
+
43
+ initializer 'egov_utils.user_setup' do
44
+ require 'egov_utils/user_utils/role'
45
+ require_dependency 'ability'
46
+ ActiveSupport.on_load(:action_controller) do
47
+ require 'egov_utils/user_utils/application_controller_patch'
48
+ ::ActionController::Base.include EgovUtils::UserUtils::ApplicationControllerPatch
49
+ end
50
+ # require 'omniauth'
51
+ # require 'omniauth-kerberos'
52
+ # Rails.application.config.middleware.use OmniAuth::Builder do
53
+ # provider :kerberos
54
+ # end
55
+ end
56
+
57
+ initializer 'egov_utils.bootstrap_form' do
58
+ require 'bootstrap_form'
59
+
60
+ require 'bootstrap_form/helpers/bootstrap4'
61
+ require 'bootstrap_form/datetimepicker'
62
+ BootstrapForm::Helpers::Bootstrap.__send__(:prepend, BootstrapForm::Helpers::Bootstrap4)
63
+
64
+ BootstrapForm::DATE_FORMAT = 'DD/MM/YYYY'
65
+ ruby_format_string = BootstrapForm::DATE_FORMAT.gsub('YYYY', "%Y").gsub('MM', "%m").gsub('DD', "%d")
66
+
67
+ BootstrapForm::FormBuilder.__send__(:prepend, BootstrapForm::Datetimepicker)
68
+
69
+
70
+ ActionView::Helpers::Tags::DateField.redefine_method(:format_date) do |value|
71
+ value.try(:strftime, ruby_format_string)
72
+ end
73
+
74
+ ActionView::Helpers::Tags::DatetimeLocalField.redefine_method(:format_date) do |value|
75
+ value.try(:strftime, ruby_format_string+"T%T")
76
+ end
77
+ end
78
+
79
+ # config.after_initialize do
80
+ # Rails.application.reload_routes!
81
+ # OmniAuth.config.path_prefix = "#{Rails.application.routes.named_routes[:egov_utils].path.spec.to_s}/auth"
82
+ # end
83
+ end
84
+ end
@@ -0,0 +1,68 @@
1
+ module EgovUtils
2
+ module HasAuditTrail
3
+
4
+ def self.included(base)
5
+ base.extend(ClassMethods)
6
+ end
7
+
8
+ module ClassMethods
9
+
10
+ def has_audit_trail(options = {})
11
+ return if self.included_modules.include?(EgovUtils::HasAuditTrail::AuditTrailMethods)
12
+
13
+ default_options = {
14
+ :non_audited_columns => %w(id updated_at created_at lft rgt lock_version),
15
+ :important_columns => [],
16
+ :format_detail_date_columns => [],
17
+ :format_detail_time_columns => [],
18
+ :format_detail_reflection_columns => [],
19
+ :format_detail_boolean_columns => [],
20
+ :format_detail_hours_columns => []
21
+ }
22
+
23
+ cattr_accessor :audit_trail_options
24
+ self.audit_trail_options = default_options.dup
25
+
26
+ options.each do |k,v|
27
+ self.audit_trail_options[k] = Array(self.audit_trail_options[k]) | v
28
+ end
29
+
30
+ send :include, EgovUtils::HasAuditTrail::AuditTrailMethods
31
+ end
32
+
33
+ end
34
+
35
+ module AuditTrailMethods
36
+
37
+ def self.included(base)
38
+ base.class_eval do
39
+
40
+ has_many :audit_records, :as => :audited, :dependent => :destroy, :inverse_of => :audited
41
+
42
+ end
43
+ end
44
+
45
+ def clear_current_journal
46
+ @current_record = nil
47
+ end
48
+
49
+ def init_audit_record(user, notes = '')
50
+ @current_record ||= AuditRecord.new(:audited => self, :user => user, :notes => notes)
51
+ end
52
+
53
+ # Returns the names of attributes that are journalized when updating the issue
54
+ def journalized_attribute_names
55
+ self.class.column_names - self.audit_trail_options[:non_audited_columns]
56
+ end
57
+
58
+ private
59
+
60
+ def create_audit_record
61
+ if @current_record
62
+ @current_record.save
63
+ end
64
+ end
65
+
66
+ end
67
+ end
68
+ end
@@ -0,0 +1,92 @@
1
+ module EgovUtils
2
+ module UserUtils
3
+ module ApplicationControllerPatch
4
+
5
+ extend ActiveSupport::Concern
6
+
7
+ included do
8
+
9
+ before_action :user_setup, :set_locale
10
+
11
+ rescue_from CanCan::AccessDenied do |exception|
12
+ respond_to do |format|
13
+ format.json { head :forbidden, content_type: 'text/html' }
14
+ format.html { render template: "errors/error_403", error: exception.message }
15
+ format.js { head :forbidden, content_type: 'text/html' }
16
+ end
17
+ end
18
+
19
+ helper_method :current_user, :internal_network?
20
+
21
+ end
22
+
23
+ def internal_network?
24
+ request.host.ends_with? 'servis.justice.cz'
25
+ end
26
+
27
+ def current_user
28
+ User.current || user_setup
29
+ end
30
+
31
+ def user_setup
32
+ # Find the current user
33
+ User.current = find_current_user || find_kerberos_user || User.anonymous
34
+ logger.info(" Current user: " + (User.current.logged? ? "#{User.current.login} (id=#{User.current.id})" : "anonymous")) if logger
35
+ User.current
36
+ end
37
+
38
+ def redirect_back(fallback_location:, **args)
39
+ if params[:back_url]
40
+ redirect_to URI.parse(params[:back_url])
41
+ else
42
+ super
43
+ end
44
+ end
45
+
46
+ protected
47
+ def find_current_user
48
+ # existing session
49
+ find_session_user if session[:user_id]
50
+ end
51
+
52
+ def find_kerberos_user
53
+ return nil unless internal_network? && EgovUtils::AuthSource.kerberos_providers.any? && request.env['HTTP_REMOTE_USER'].present?
54
+ username = request.env['HTTP_REMOTE_USER'].split('@')[0]
55
+ logger.info(" Trying kerberos: #{username}") if logger
56
+ attrs = EgovUtils::AuthSource.find_kerberos_user(username)
57
+ if attrs
58
+ logger.info(" Found kerberos user: #{attrs[:login]}") if logger
59
+ User.active.find_by(login: attrs[:login])
60
+ end
61
+ end
62
+
63
+
64
+ def find_session_user
65
+ User.active.find(session[:user_id])
66
+ rescue ActiveRecord::RecordNotFound => e
67
+ nil
68
+ end
69
+
70
+ # Sets the logged in user
71
+ def logged_user=(user)
72
+ reset_session
73
+ if user && user.is_a?(EgovUtils::User)
74
+ User.current = user
75
+ start_user_session(user)
76
+ else
77
+ User.current = User.anonymous
78
+ end
79
+ end
80
+
81
+ def start_user_session(user)
82
+ session[:user_id] = user.id
83
+ end
84
+
85
+ private
86
+ def set_locale
87
+ I18n.default_locale = :cs
88
+ end
89
+
90
+ end
91
+ end
92
+ end
@@ -0,0 +1,26 @@
1
+ module EgovUtils
2
+ module UserUtils
3
+ class Role
4
+
5
+ class_attribute :role_name
6
+ self.role_name = nil
7
+
8
+ def self.roles
9
+ @@roles ||= {}
10
+ end
11
+
12
+ def self.find(name)
13
+ roles[name]
14
+ end
15
+
16
+ def self.add(name)
17
+ roles[name] = self
18
+ self.role_name = name
19
+ end
20
+
21
+ def define_abilities(ability)
22
+ end
23
+
24
+ end
25
+ end
26
+ end
@@ -0,0 +1,3 @@
1
+ module EgovUtils
2
+ VERSION = '0.1.0'
3
+ end
data/lib/egov_utils.rb ADDED
@@ -0,0 +1,5 @@
1
+ require "egov_utils/engine"
2
+
3
+ module EgovUtils
4
+ # Your code goes here...
5
+ end
@@ -0,0 +1,9 @@
1
+ module Grid
2
+ class ShieldGrid < AzaharaSchema::Output
3
+
4
+ def self.key
5
+ 'grid'
6
+ end
7
+
8
+ end
9
+ end
@@ -0,0 +1,4 @@
1
+ # desc "Explaining what the task does"
2
+ # task :egov_utils do
3
+ # # Task goes here
4
+ # end