egov_utils 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/MIT-LICENSE +20 -0
- data/README.md +28 -0
- data/Rakefile +26 -0
- data/app/assets/config/egov_utils_manifest.js +2 -0
- data/app/assets/javascripts/egov_utils/application.js +23 -0
- data/app/assets/javascripts/egov_utils/eGovUtilities.coffee.erb +70 -0
- data/app/assets/javascripts/egov_utils/groups.js +2 -0
- data/app/assets/javascripts/egov_utils/roles.coffee.erb +56 -0
- data/app/assets/javascripts/egov_utils/setup_locale.coffee.erb +2 -0
- data/app/assets/javascripts/egov_utils/users.js +2 -0
- data/app/assets/stylesheets/egov_utils/application.scss +15 -0
- data/app/assets/stylesheets/egov_utils/groups.css +4 -0
- data/app/assets/stylesheets/egov_utils/roles.css +4 -0
- data/app/assets/stylesheets/egov_utils/users.css +4 -0
- data/app/attributes/egov_utils/district.rb +13 -0
- data/app/attributes/egov_utils/full_address.rb +17 -0
- data/app/attributes/egov_utils/region.rb +13 -0
- data/app/controllers/egov_utils/addresses_controller.rb +34 -0
- data/app/controllers/egov_utils/application_controller.rb +7 -0
- data/app/controllers/egov_utils/groups_controller.rb +27 -0
- data/app/controllers/egov_utils/roles_controller.rb +28 -0
- data/app/controllers/egov_utils/sessions_controller.rb +83 -0
- data/app/controllers/egov_utils/users_controller.rb +64 -0
- data/app/helpers/egov_utils/application_helper.rb +4 -0
- data/app/helpers/egov_utils/grid_helper.rb +40 -0
- data/app/helpers/egov_utils/groups_helper.rb +4 -0
- data/app/helpers/egov_utils/roles_helper.rb +4 -0
- data/app/helpers/egov_utils/users_helper.rb +4 -0
- data/app/jobs/egov_utils/application_job.rb +4 -0
- data/app/mailers/egov_utils/application_mailer.rb +6 -0
- data/app/models/ability.rb +17 -0
- data/app/models/egov_utils/address.rb +79 -0
- data/app/models/egov_utils/application_record.rb +5 -0
- data/app/models/egov_utils/audit_detail.rb_bac +28 -0
- data/app/models/egov_utils/audit_record.rb_bac +98 -0
- data/app/models/egov_utils/group.rb +26 -0
- data/app/models/egov_utils/person.rb +9 -0
- data/app/models/egov_utils/principal.rb +20 -0
- data/app/models/egov_utils/user.rb +108 -0
- data/app/schemas/egov_utils/address_schema.rb +30 -0
- data/app/validators/email_validator.rb +8 -0
- data/app/validators/ico_validator.rb +7 -0
- data/app/views/common/_grid.html.coffee +130 -0
- data/app/views/common/_modal.html.haml +11 -0
- data/app/views/egov_utils/addresses/_form.html.haml +51 -0
- data/app/views/egov_utils/people/_form.html.haml +3 -0
- data/app/views/egov_utils/roles/index.html.haml +29 -0
- data/app/views/egov_utils/sessions/new.html.haml +5 -0
- data/app/views/egov_utils/users/_form.html.haml +6 -0
- data/app/views/egov_utils/users/index.html.haml +62 -0
- data/app/views/egov_utils/users/new.html.haml +3 -0
- data/app/views/egov_utils/users/show.html.haml +1 -0
- data/app/views/errors/error_403.html.haml +1 -0
- data/app/views/layouts/egov_utils/_messages.html.haml +7 -0
- data/app/views/layouts/egov_utils/application.html.erb +14 -0
- data/config/kraj.csv +16 -0
- data/config/locales/cs.yml +80 -0
- data/config/okres.csv +79 -0
- data/config/routes.rb +21 -0
- data/db/migrate/20170313100505_create_egov_utils_addresses.rb +18 -0
- data/db/migrate/20170315134217_create_egov_utils_users.rb +16 -0
- data/db/migrate/20170513115712_create_egov_utils_audit_records.rb_bac +11 -0
- data/db/migrate/20170513120006_create_egov_utils_audit_details.rb_bac +13 -0
- data/db/migrate/20170630150633_add_provider_to_user.rb +5 -0
- data/db/migrate/20170801154511_install_audited.rb +30 -0
- data/db/migrate/20170809150646_create_egov_utils_people.rb +12 -0
- data/db/migrate/20170824111701_create_egov_utils_groups.rb +12 -0
- data/lib/bootstrap_form/datetimepicker.rb +17 -0
- data/lib/bootstrap_form/helpers/bootstrap4.rb +12 -0
- data/lib/egov_utils/auth_source.rb +326 -0
- data/lib/egov_utils/engine.rb +84 -0
- data/lib/egov_utils/has_audit_trail.rb +68 -0
- data/lib/egov_utils/user_utils/application_controller_patch.rb +92 -0
- data/lib/egov_utils/user_utils/role.rb +26 -0
- data/lib/egov_utils/version.rb +3 -0
- data/lib/egov_utils.rb +5 -0
- data/lib/grid/shield_grid.rb +9 -0
- data/lib/tasks/egov_utils_tasks.rake +4 -0
- metadata +306 -0
@@ -0,0 +1,326 @@
|
|
1
|
+
require 'net-ldap'
|
2
|
+
|
3
|
+
module EgovUtils
|
4
|
+
|
5
|
+
class AuthSourceException < Exception; end
|
6
|
+
class AuthSourceTimeoutException < AuthSourceException; end
|
7
|
+
|
8
|
+
class AuthSource
|
9
|
+
|
10
|
+
NETWORK_EXCEPTIONS = [
|
11
|
+
Net::LDAP::LdapError,
|
12
|
+
Errno::ECONNABORTED, Errno::ECONNREFUSED, Errno::ECONNRESET,
|
13
|
+
Errno::EHOSTDOWN, Errno::EHOSTUNREACH,
|
14
|
+
SocketError
|
15
|
+
]
|
16
|
+
|
17
|
+
def self.config
|
18
|
+
YAML.load_file(Rails.root.join('config', 'config.yml'))['ldap']
|
19
|
+
end
|
20
|
+
|
21
|
+
def self.providers
|
22
|
+
config.keys
|
23
|
+
end
|
24
|
+
|
25
|
+
def self.authenticate(login, password)
|
26
|
+
providers.collect{|p| AuthSource.new(p).authenticate(login, password) }.compact.first
|
27
|
+
end
|
28
|
+
|
29
|
+
def self.kerberos_providers
|
30
|
+
config.select{|provider, config| config['kerberos']}.keys
|
31
|
+
end
|
32
|
+
|
33
|
+
def self.find_kerberos_user(login)
|
34
|
+
kerberos_providers.collect{|p| AuthSource.new(p).get_kerberos_user_dn(login) }.compact.first
|
35
|
+
end
|
36
|
+
|
37
|
+
attr_accessor :provider
|
38
|
+
|
39
|
+
def initialize(provider)
|
40
|
+
require 'net-ldap'
|
41
|
+
@provider = provider
|
42
|
+
raise "EgovUtils::AuthSource#initialize - Non existing provider (#{provider.to_s})" unless self.class.providers.include?(provider)
|
43
|
+
end
|
44
|
+
|
45
|
+
def options
|
46
|
+
@options ||= self.class.config[provider].dup
|
47
|
+
end
|
48
|
+
|
49
|
+
def host
|
50
|
+
options['host']
|
51
|
+
end
|
52
|
+
|
53
|
+
def port
|
54
|
+
options['port']
|
55
|
+
end
|
56
|
+
|
57
|
+
def encryption
|
58
|
+
case options['method'].to_s
|
59
|
+
when 'ssl'
|
60
|
+
:simple_tls
|
61
|
+
when 'tls'
|
62
|
+
:start_tls
|
63
|
+
else
|
64
|
+
nil
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
def authenticate(login, password)
|
69
|
+
return nil if login.blank? || password.blank?
|
70
|
+
|
71
|
+
with_timeout do
|
72
|
+
attrs = get_user_dn(login, password)
|
73
|
+
if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
|
74
|
+
Rails.logger.debug "Authentication successful for '#{login}'" if Rails.logger && Rails.logger.debug?
|
75
|
+
return attrs.except(:dn)
|
76
|
+
end
|
77
|
+
end
|
78
|
+
rescue *NETWORK_EXCEPTIONS => e
|
79
|
+
raise AuthSourceException.new(e.message)
|
80
|
+
end
|
81
|
+
|
82
|
+
def get_kerberos_user_dn(login)
|
83
|
+
return nil if login.blank?
|
84
|
+
|
85
|
+
with_timeout do
|
86
|
+
search_user_dn(login)
|
87
|
+
end
|
88
|
+
rescue *NETWORK_EXCEPTIONS => e
|
89
|
+
raise AuthSourceException.new(e.message)
|
90
|
+
end
|
91
|
+
|
92
|
+
def base_user_filter
|
93
|
+
Net::LDAP::Filter.eq("objectClass", "user") & Net::LDAP::Filter.eq("objectCategory", "person")
|
94
|
+
end
|
95
|
+
|
96
|
+
def base_group_filter
|
97
|
+
options['active_directory'] ? Net::LDAP::Filter.eq("objectClass", "group") : Net::LDAP::Filter.eq('objectClass', 'groupOfNames')
|
98
|
+
end
|
99
|
+
|
100
|
+
# Check if a DN (user record) authenticates with the password
|
101
|
+
def authenticate_dn(dn, password)
|
102
|
+
if dn.present? && password.present?
|
103
|
+
initialize_ldap_con(dn, password).bind
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
# Searches the source for users and returns an array of results
|
108
|
+
def search_user(q, by_login=false)
|
109
|
+
q = q.to_s.strip
|
110
|
+
return [] unless q.present?
|
111
|
+
|
112
|
+
results = []
|
113
|
+
search_filter = base_user_filter & user_search_filters(q)
|
114
|
+
ldap_con = initialize_ldap_con(options['bind_dn'], options['password'])
|
115
|
+
ldap_con.search(:base => options['base'],
|
116
|
+
:filter => search_filter,
|
117
|
+
:attributes => user_search_attributes,
|
118
|
+
:size => 10) do |entry|
|
119
|
+
attrs = get_user_attributes_from_ldap_entry(entry)
|
120
|
+
if attrs
|
121
|
+
attrs[:login] = get_attr(entry, options['attributes']['username'])
|
122
|
+
results << attrs
|
123
|
+
end
|
124
|
+
end
|
125
|
+
results
|
126
|
+
rescue *NETWORK_EXCEPTIONS => e
|
127
|
+
raise AuthSourceException.new(e.message)
|
128
|
+
end
|
129
|
+
|
130
|
+
def search_group(q, by_login=false)
|
131
|
+
q = q.to_s.strip
|
132
|
+
return [] unless q.present?
|
133
|
+
|
134
|
+
results = []
|
135
|
+
search_filter = base_group_filter & group_search_filters(q)
|
136
|
+
ldap_con = initialize_ldap_con(options['bind_dn'], options['password'])
|
137
|
+
ldap_con.search(:base => options['base'],
|
138
|
+
:filter => search_filter,
|
139
|
+
:attributes => group_search_attributes,
|
140
|
+
:size => 10) do |entry|
|
141
|
+
attrs = get_group_attributes_from_ldap_entry(entry)
|
142
|
+
results << attrs if attrs
|
143
|
+
end
|
144
|
+
results
|
145
|
+
rescue *NETWORK_EXCEPTIONS => e
|
146
|
+
raise AuthSourceException.new(e.message)
|
147
|
+
end
|
148
|
+
|
149
|
+
def group_members(group_sid)
|
150
|
+
ldap_con = initialize_ldap_con(options['bind_dn'], options['password'])
|
151
|
+
group_dn = nil
|
152
|
+
ldap_con.search(base: options['base'],
|
153
|
+
filter: base_group_filter & Net::LDAP::Filter.eq('objectSID', group_sid),
|
154
|
+
attributes: ['dn']) do |entry|
|
155
|
+
group_dn = get_attr(entry, 'dn')
|
156
|
+
end
|
157
|
+
results = []
|
158
|
+
if group_dn
|
159
|
+
ldap_con.search(base: options['base'],
|
160
|
+
filter: base_user_filter & Net::LDAP::Filter.ex('memberOf:1.2.840.113556.1.4.1941', group_dn),
|
161
|
+
attributes: user_search_attributes) do |entry|
|
162
|
+
attrs = get_user_attributes_from_ldap_entry(entry)
|
163
|
+
if attrs
|
164
|
+
attrs[:login] = get_attr(entry, options['attributes']['username'])
|
165
|
+
results << attrs
|
166
|
+
end
|
167
|
+
end
|
168
|
+
end
|
169
|
+
results
|
170
|
+
end
|
171
|
+
|
172
|
+
private
|
173
|
+
def with_timeout(&block)
|
174
|
+
timeout = 20
|
175
|
+
Timeout.timeout(timeout) do
|
176
|
+
return yield
|
177
|
+
end
|
178
|
+
rescue Timeout::Error => e
|
179
|
+
raise AuthSourceTimeoutException.new(e.message)
|
180
|
+
end
|
181
|
+
|
182
|
+
def initialize_ldap_con(ldap_user, ldap_password)
|
183
|
+
options = { :host => self.host,
|
184
|
+
:port => self.port,
|
185
|
+
:encryption => encryption
|
186
|
+
}
|
187
|
+
unless ldap_user.blank? && ldap_password.blank?
|
188
|
+
options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password })
|
189
|
+
else
|
190
|
+
options.merge!(:auth => { :method => :anonymous })
|
191
|
+
end
|
192
|
+
Net::LDAP.new options
|
193
|
+
end
|
194
|
+
|
195
|
+
def onthefly_register?
|
196
|
+
!!options['onthefly_register']
|
197
|
+
end
|
198
|
+
|
199
|
+
def register_members_only?
|
200
|
+
options['onthefly_register'] == 'members'
|
201
|
+
end
|
202
|
+
|
203
|
+
def get_user_attributes_from_ldap_entry(entry)
|
204
|
+
{
|
205
|
+
:dn => entry.dn,
|
206
|
+
:login => get_attr(entry, options['attributes']['username']),
|
207
|
+
:firstname => get_attr(entry, options['attributes']['first_name']),
|
208
|
+
:lastname => get_attr(entry, options['attributes']['last_name']),
|
209
|
+
:mail => get_attr(entry, options['attributes']['email']),
|
210
|
+
:provider => provider
|
211
|
+
}
|
212
|
+
end
|
213
|
+
|
214
|
+
def get_group_attributes_from_ldap_entry(entry)
|
215
|
+
{
|
216
|
+
:dn => entry.dn,
|
217
|
+
:name => get_attr(entry, 'cn'),
|
218
|
+
:provider => provider,
|
219
|
+
:ldap_uid => get_sid_string( get_attr(entry, 'objectSID') )
|
220
|
+
}
|
221
|
+
end
|
222
|
+
|
223
|
+
# Return the attributes needed for the LDAP search. It will only
|
224
|
+
# include the user attributes if on-the-fly registration is enabled
|
225
|
+
def user_search_attributes
|
226
|
+
['dn'] + options['attributes']['username'] + options['attributes']['email'] + [options['attributes']['name'], options['attributes']['first_name'], options['attributes']['last_name']]
|
227
|
+
end
|
228
|
+
def login_attributes
|
229
|
+
if onthefly_register?
|
230
|
+
user_search_attributes
|
231
|
+
else
|
232
|
+
['dn']
|
233
|
+
end
|
234
|
+
end
|
235
|
+
|
236
|
+
def group_search_attributes
|
237
|
+
['dn', 'cn', 'objectSID']
|
238
|
+
end
|
239
|
+
|
240
|
+
def get_user_dn(login, password=nil)
|
241
|
+
ldap_con = nil
|
242
|
+
if options['bind_dn'].include?("$login")
|
243
|
+
ldap_con = initialize_ldap_con(options['bind_dn'].sub("$login", Net::LDAP::DN.escape(login)), password)
|
244
|
+
else
|
245
|
+
ldap_con = initialize_ldap_con(options['bind_dn'], options['password'])
|
246
|
+
end
|
247
|
+
attrs = nil
|
248
|
+
search_filter = base_user_filter & login_filters(login)
|
249
|
+
ldap_con.search( :base => options['base'],
|
250
|
+
:filter => search_filter,
|
251
|
+
:attributes=> user_search_attributes) do |entry|
|
252
|
+
if onthefly_register?
|
253
|
+
attrs = get_user_attributes_from_ldap_entry(entry)
|
254
|
+
else
|
255
|
+
attrs = {:dn => entry.dn}
|
256
|
+
end
|
257
|
+
Rails.logger.debug "DN found for #{login}: #{attrs[:dn]}" if Rails.logger && Rails.logger.debug?
|
258
|
+
end
|
259
|
+
attrs
|
260
|
+
end
|
261
|
+
|
262
|
+
def search_user_dn(login, password=nil)
|
263
|
+
ldap_con = nil
|
264
|
+
if options['bind_dn'].include?("$login")
|
265
|
+
ldap_con = initialize_ldap_con(options['bind_dn'].sub("$login", Net::LDAP::DN.escape(login)), password)
|
266
|
+
else
|
267
|
+
ldap_con = initialize_ldap_con(options['bind_dn'], options['password'])
|
268
|
+
end
|
269
|
+
attrs = nil
|
270
|
+
search_filter = login_search_filters(login) #base_filter & Net::LDAP::Filter.eq(self.attr_login, login)
|
271
|
+
ldap_con.search( :base => options['base'],
|
272
|
+
:filter => search_filter,
|
273
|
+
:attributes=> user_search_attributes) do |entry|
|
274
|
+
attrs ||= get_user_attributes_from_ldap_entry(entry)
|
275
|
+
Rails.logger.debug "DN found for #{login}: #{attrs[:dn]}" if Rails.logger && Rails.logger.debug?
|
276
|
+
end
|
277
|
+
attrs
|
278
|
+
end
|
279
|
+
|
280
|
+
def login_filters(login)
|
281
|
+
filters = options['attributes']['username'].collect{|un| Net::LDAP::Filter.eq(un, login)}
|
282
|
+
filters[1..-1].inject(filters.first){|filter, lf| filter | lf }
|
283
|
+
end
|
284
|
+
|
285
|
+
def login_search_filters(q)
|
286
|
+
filters = options['attributes']['username'].collect{|un| Net::LDAP::Filter.begins(un, q)}
|
287
|
+
filters[1..-1].inject(filters.first){|filter, lf| filter | lf }
|
288
|
+
end
|
289
|
+
|
290
|
+
def user_search_filters(q)
|
291
|
+
Net::LDAP::Filter.begins(options['attributes']['name'], q) |
|
292
|
+
Net::LDAP::Filter.begins(options['attributes']['first_name'], q) |
|
293
|
+
Net::LDAP::Filter.begins(options['attributes']['last_name'], q) |
|
294
|
+
Net::LDAP::Filter.begins(options['attributes']['username'].first, q) |
|
295
|
+
Net::LDAP::Filter.begins(options['attributes']['email'].first, q)
|
296
|
+
end
|
297
|
+
|
298
|
+
def group_search_filters(q)
|
299
|
+
Net::LDAP::Filter.begins('cn', q)
|
300
|
+
end
|
301
|
+
|
302
|
+
def get_attr(entry, attr_name)
|
303
|
+
if attr_name.is_a? Array
|
304
|
+
attr_name.collect{|an| get_attr(entry, an).presence }.compact.first.to_s
|
305
|
+
elsif !attr_name.blank?
|
306
|
+
value = entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
|
307
|
+
value.to_s.force_encoding('UTF-8')
|
308
|
+
end
|
309
|
+
end
|
310
|
+
|
311
|
+
# converts hex representation of SID returned by AD to its string representation
|
312
|
+
def get_sid_string(data)
|
313
|
+
return if data.nil?
|
314
|
+
sid = data.unpack('b x nN V*')
|
315
|
+
sid[1, 2] = Array[nil, b48_to_fixnum(sid[1], sid[2])]
|
316
|
+
'S-' + sid.compact.join('-')
|
317
|
+
end
|
318
|
+
|
319
|
+
B32 = 2**32
|
320
|
+
|
321
|
+
def b48_to_fixnum(i16, i32)
|
322
|
+
i32 + (i16 * B32)
|
323
|
+
end
|
324
|
+
|
325
|
+
end
|
326
|
+
end
|
@@ -0,0 +1,84 @@
|
|
1
|
+
require 'i18n-js'
|
2
|
+
require 'cancancan'
|
3
|
+
require 'audited'
|
4
|
+
|
5
|
+
module EgovUtils
|
6
|
+
class Engine < ::Rails::Engine
|
7
|
+
isolate_namespace EgovUtils
|
8
|
+
|
9
|
+
config.generators do |g|
|
10
|
+
g.test_framework :rspec
|
11
|
+
g.fixture_replacement :factory_girl, :dir => 'spec/factories'
|
12
|
+
end
|
13
|
+
|
14
|
+
initializer :append_migrations do |app|
|
15
|
+
unless app.root.to_s.match root.to_s
|
16
|
+
config.paths["db/migrate"].expanded.each do |expanded_path|
|
17
|
+
app.config.paths["db/migrate"] << expanded_path
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
initializer 'egov_utils.set_locales' do
|
23
|
+
config.middleware.use I18n::JS::Middleware
|
24
|
+
end
|
25
|
+
|
26
|
+
initializer 'egov_utils.grid_setup' do
|
27
|
+
require 'grid/shield_grid'
|
28
|
+
ActiveSupport::Reloader.to_prepare do
|
29
|
+
AzaharaSchema::Outputs.register(Grid::ShieldGrid)
|
30
|
+
end
|
31
|
+
ActiveSupport.on_load(:action_controller) do
|
32
|
+
::ActionController::Base.helper EgovUtils::GridHelper
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
# initializer "active_record.include_plugins" do
|
37
|
+
# ActiveSupport.on_load(:active_record) do
|
38
|
+
# require 'egov_utils/has_audit_trail'
|
39
|
+
# include EgovUtils::HasAuditTrail
|
40
|
+
# end
|
41
|
+
# end
|
42
|
+
|
43
|
+
initializer 'egov_utils.user_setup' do
|
44
|
+
require 'egov_utils/user_utils/role'
|
45
|
+
require_dependency 'ability'
|
46
|
+
ActiveSupport.on_load(:action_controller) do
|
47
|
+
require 'egov_utils/user_utils/application_controller_patch'
|
48
|
+
::ActionController::Base.include EgovUtils::UserUtils::ApplicationControllerPatch
|
49
|
+
end
|
50
|
+
# require 'omniauth'
|
51
|
+
# require 'omniauth-kerberos'
|
52
|
+
# Rails.application.config.middleware.use OmniAuth::Builder do
|
53
|
+
# provider :kerberos
|
54
|
+
# end
|
55
|
+
end
|
56
|
+
|
57
|
+
initializer 'egov_utils.bootstrap_form' do
|
58
|
+
require 'bootstrap_form'
|
59
|
+
|
60
|
+
require 'bootstrap_form/helpers/bootstrap4'
|
61
|
+
require 'bootstrap_form/datetimepicker'
|
62
|
+
BootstrapForm::Helpers::Bootstrap.__send__(:prepend, BootstrapForm::Helpers::Bootstrap4)
|
63
|
+
|
64
|
+
BootstrapForm::DATE_FORMAT = 'DD/MM/YYYY'
|
65
|
+
ruby_format_string = BootstrapForm::DATE_FORMAT.gsub('YYYY', "%Y").gsub('MM', "%m").gsub('DD', "%d")
|
66
|
+
|
67
|
+
BootstrapForm::FormBuilder.__send__(:prepend, BootstrapForm::Datetimepicker)
|
68
|
+
|
69
|
+
|
70
|
+
ActionView::Helpers::Tags::DateField.redefine_method(:format_date) do |value|
|
71
|
+
value.try(:strftime, ruby_format_string)
|
72
|
+
end
|
73
|
+
|
74
|
+
ActionView::Helpers::Tags::DatetimeLocalField.redefine_method(:format_date) do |value|
|
75
|
+
value.try(:strftime, ruby_format_string+"T%T")
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
# config.after_initialize do
|
80
|
+
# Rails.application.reload_routes!
|
81
|
+
# OmniAuth.config.path_prefix = "#{Rails.application.routes.named_routes[:egov_utils].path.spec.to_s}/auth"
|
82
|
+
# end
|
83
|
+
end
|
84
|
+
end
|
@@ -0,0 +1,68 @@
|
|
1
|
+
module EgovUtils
|
2
|
+
module HasAuditTrail
|
3
|
+
|
4
|
+
def self.included(base)
|
5
|
+
base.extend(ClassMethods)
|
6
|
+
end
|
7
|
+
|
8
|
+
module ClassMethods
|
9
|
+
|
10
|
+
def has_audit_trail(options = {})
|
11
|
+
return if self.included_modules.include?(EgovUtils::HasAuditTrail::AuditTrailMethods)
|
12
|
+
|
13
|
+
default_options = {
|
14
|
+
:non_audited_columns => %w(id updated_at created_at lft rgt lock_version),
|
15
|
+
:important_columns => [],
|
16
|
+
:format_detail_date_columns => [],
|
17
|
+
:format_detail_time_columns => [],
|
18
|
+
:format_detail_reflection_columns => [],
|
19
|
+
:format_detail_boolean_columns => [],
|
20
|
+
:format_detail_hours_columns => []
|
21
|
+
}
|
22
|
+
|
23
|
+
cattr_accessor :audit_trail_options
|
24
|
+
self.audit_trail_options = default_options.dup
|
25
|
+
|
26
|
+
options.each do |k,v|
|
27
|
+
self.audit_trail_options[k] = Array(self.audit_trail_options[k]) | v
|
28
|
+
end
|
29
|
+
|
30
|
+
send :include, EgovUtils::HasAuditTrail::AuditTrailMethods
|
31
|
+
end
|
32
|
+
|
33
|
+
end
|
34
|
+
|
35
|
+
module AuditTrailMethods
|
36
|
+
|
37
|
+
def self.included(base)
|
38
|
+
base.class_eval do
|
39
|
+
|
40
|
+
has_many :audit_records, :as => :audited, :dependent => :destroy, :inverse_of => :audited
|
41
|
+
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
def clear_current_journal
|
46
|
+
@current_record = nil
|
47
|
+
end
|
48
|
+
|
49
|
+
def init_audit_record(user, notes = '')
|
50
|
+
@current_record ||= AuditRecord.new(:audited => self, :user => user, :notes => notes)
|
51
|
+
end
|
52
|
+
|
53
|
+
# Returns the names of attributes that are journalized when updating the issue
|
54
|
+
def journalized_attribute_names
|
55
|
+
self.class.column_names - self.audit_trail_options[:non_audited_columns]
|
56
|
+
end
|
57
|
+
|
58
|
+
private
|
59
|
+
|
60
|
+
def create_audit_record
|
61
|
+
if @current_record
|
62
|
+
@current_record.save
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
@@ -0,0 +1,92 @@
|
|
1
|
+
module EgovUtils
|
2
|
+
module UserUtils
|
3
|
+
module ApplicationControllerPatch
|
4
|
+
|
5
|
+
extend ActiveSupport::Concern
|
6
|
+
|
7
|
+
included do
|
8
|
+
|
9
|
+
before_action :user_setup, :set_locale
|
10
|
+
|
11
|
+
rescue_from CanCan::AccessDenied do |exception|
|
12
|
+
respond_to do |format|
|
13
|
+
format.json { head :forbidden, content_type: 'text/html' }
|
14
|
+
format.html { render template: "errors/error_403", error: exception.message }
|
15
|
+
format.js { head :forbidden, content_type: 'text/html' }
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
helper_method :current_user, :internal_network?
|
20
|
+
|
21
|
+
end
|
22
|
+
|
23
|
+
def internal_network?
|
24
|
+
request.host.ends_with? 'servis.justice.cz'
|
25
|
+
end
|
26
|
+
|
27
|
+
def current_user
|
28
|
+
User.current || user_setup
|
29
|
+
end
|
30
|
+
|
31
|
+
def user_setup
|
32
|
+
# Find the current user
|
33
|
+
User.current = find_current_user || find_kerberos_user || User.anonymous
|
34
|
+
logger.info(" Current user: " + (User.current.logged? ? "#{User.current.login} (id=#{User.current.id})" : "anonymous")) if logger
|
35
|
+
User.current
|
36
|
+
end
|
37
|
+
|
38
|
+
def redirect_back(fallback_location:, **args)
|
39
|
+
if params[:back_url]
|
40
|
+
redirect_to URI.parse(params[:back_url])
|
41
|
+
else
|
42
|
+
super
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
protected
|
47
|
+
def find_current_user
|
48
|
+
# existing session
|
49
|
+
find_session_user if session[:user_id]
|
50
|
+
end
|
51
|
+
|
52
|
+
def find_kerberos_user
|
53
|
+
return nil unless internal_network? && EgovUtils::AuthSource.kerberos_providers.any? && request.env['HTTP_REMOTE_USER'].present?
|
54
|
+
username = request.env['HTTP_REMOTE_USER'].split('@')[0]
|
55
|
+
logger.info(" Trying kerberos: #{username}") if logger
|
56
|
+
attrs = EgovUtils::AuthSource.find_kerberos_user(username)
|
57
|
+
if attrs
|
58
|
+
logger.info(" Found kerberos user: #{attrs[:login]}") if logger
|
59
|
+
User.active.find_by(login: attrs[:login])
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
|
64
|
+
def find_session_user
|
65
|
+
User.active.find(session[:user_id])
|
66
|
+
rescue ActiveRecord::RecordNotFound => e
|
67
|
+
nil
|
68
|
+
end
|
69
|
+
|
70
|
+
# Sets the logged in user
|
71
|
+
def logged_user=(user)
|
72
|
+
reset_session
|
73
|
+
if user && user.is_a?(EgovUtils::User)
|
74
|
+
User.current = user
|
75
|
+
start_user_session(user)
|
76
|
+
else
|
77
|
+
User.current = User.anonymous
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
def start_user_session(user)
|
82
|
+
session[:user_id] = user.id
|
83
|
+
end
|
84
|
+
|
85
|
+
private
|
86
|
+
def set_locale
|
87
|
+
I18n.default_locale = :cs
|
88
|
+
end
|
89
|
+
|
90
|
+
end
|
91
|
+
end
|
92
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module EgovUtils
|
2
|
+
module UserUtils
|
3
|
+
class Role
|
4
|
+
|
5
|
+
class_attribute :role_name
|
6
|
+
self.role_name = nil
|
7
|
+
|
8
|
+
def self.roles
|
9
|
+
@@roles ||= {}
|
10
|
+
end
|
11
|
+
|
12
|
+
def self.find(name)
|
13
|
+
roles[name]
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.add(name)
|
17
|
+
roles[name] = self
|
18
|
+
self.role_name = name
|
19
|
+
end
|
20
|
+
|
21
|
+
def define_abilities(ability)
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
data/lib/egov_utils.rb
ADDED