shopapp 0.0.11 → 0.0.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/concerns/shoplift_client.rb +18 -1
- data/app/views/shopapp/403.html.haml +61 -0
- data/shopapp.gemspec +2 -2
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b0d34cb99d182cb95c2d79b65964c69e0aed0983
|
4
|
+
data.tar.gz: edda06c79c885845a41ba02b04eed2f3cc55d7e3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 421f92e6ce6160b873cace9270eb8e17e4150d5bcdd67fca7f88cdf15116e682c8db9e1c258cb30e951163a8318d81582e5acc77f70994d215546214cdc440a9
|
7
|
+
data.tar.gz: d064101bc0678fc81c5e110ba77c0078d6fb57bd3f6cea0c12856db1a2a598725655cb2285e7f2249a75078b048bea1add82d9ab89911db045a8ccef0c7a93ec
|
@@ -13,9 +13,9 @@ module ShopliftClient
|
|
13
13
|
|
14
14
|
class_methods do
|
15
15
|
attr_reader :search_path
|
16
|
+
attr_reader :required_scopes
|
16
17
|
attr_reader :do_hide_search_for_this_controller
|
17
18
|
|
18
|
-
|
19
19
|
def set_search_path(value)
|
20
20
|
@search_path = value
|
21
21
|
@search_path = "/#{@search_path}" unless @search_path[0] == '/'
|
@@ -25,6 +25,13 @@ module ShopliftClient
|
|
25
25
|
def hide_search_for_this_controller
|
26
26
|
@do_hide_search_for_this_controller = true
|
27
27
|
end
|
28
|
+
|
29
|
+
def require_scopes(scopes)
|
30
|
+
@required_scopes ||= []
|
31
|
+
scopes = [scopes] unless scopes.is_a? Array
|
32
|
+
@required_scopes.concat scopes.map(&:to_s)
|
33
|
+
@required_scopes.uniq!
|
34
|
+
end
|
28
35
|
end
|
29
36
|
|
30
37
|
def session_cookie
|
@@ -36,6 +43,7 @@ module ShopliftClient
|
|
36
43
|
end
|
37
44
|
|
38
45
|
def redirect_unauthorized
|
46
|
+
return if performed?
|
39
47
|
session.clear
|
40
48
|
session[:previous_url] = request.fullpath
|
41
49
|
redirect_to client.auth_code.authorize_url(
|
@@ -69,6 +77,15 @@ module ShopliftClient
|
|
69
77
|
begin
|
70
78
|
x = srv.get '/api/users/profile'
|
71
79
|
@current_user = JSON.parse x.response.body
|
80
|
+
user_scopes = JSON.parse @current_user['scopes']
|
81
|
+
unless user_scopes.include? 'admin'
|
82
|
+
(self.class.required_scopes || []).each do |required_scope|
|
83
|
+
unless user_scopes.include? required_scope
|
84
|
+
render(file: 'shopapp/403.html', status: 403, layout: false, locals: { missing_scope: required_scope })
|
85
|
+
return false
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
72
89
|
find_company_by_code current_user['company']['code']
|
73
90
|
rescue OAuth2::Error
|
74
91
|
return false
|
@@ -0,0 +1,61 @@
|
|
1
|
+
!!!
|
2
|
+
%html
|
3
|
+
%head
|
4
|
+
%meta{:content => "text/html; charset=UTF-8", "http-equiv" => "Content-Type"}/
|
5
|
+
%title You are not allowed to view this page.
|
6
|
+
%meta{:content => "width=device-width,initial-scale=1", :name => "viewport"}/
|
7
|
+
:css
|
8
|
+
.rails-default-error-page {
|
9
|
+
background-color: #EFEFEF;
|
10
|
+
color: #2E2F30;
|
11
|
+
text-align: center;
|
12
|
+
font-family: arial, sans-serif;
|
13
|
+
margin: 0;
|
14
|
+
}
|
15
|
+
|
16
|
+
.rails-default-error-page div.dialog {
|
17
|
+
width: 95%;
|
18
|
+
max-width: 33em;
|
19
|
+
margin: 4em auto 0;
|
20
|
+
}
|
21
|
+
|
22
|
+
.rails-default-error-page div.dialog > div {
|
23
|
+
border: 1px solid #CCC;
|
24
|
+
border-right-color: #999;
|
25
|
+
border-left-color: #999;
|
26
|
+
border-bottom-color: #BBB;
|
27
|
+
border-top: #B00100 solid 4px;
|
28
|
+
border-top-left-radius: 9px;
|
29
|
+
border-top-right-radius: 9px;
|
30
|
+
background-color: white;
|
31
|
+
padding: 7px 12% 0;
|
32
|
+
box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
|
33
|
+
}
|
34
|
+
|
35
|
+
.rails-default-error-page h1 {
|
36
|
+
font-size: 100%;
|
37
|
+
color: #730E15;
|
38
|
+
line-height: 1.5em;
|
39
|
+
}
|
40
|
+
|
41
|
+
.rails-default-error-page div.dialog > p {
|
42
|
+
margin: 0 0 1em;
|
43
|
+
padding: 1em;
|
44
|
+
background-color: #F7F7F7;
|
45
|
+
border: 1px solid #CCC;
|
46
|
+
border-right-color: #999;
|
47
|
+
border-left-color: #999;
|
48
|
+
border-bottom-color: #999;
|
49
|
+
border-bottom-left-radius: 4px;
|
50
|
+
border-bottom-right-radius: 4px;
|
51
|
+
border-top-color: #DADADA;
|
52
|
+
color: #666;
|
53
|
+
box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
|
54
|
+
}
|
55
|
+
%body.rails-default-error-page
|
56
|
+
/ This file lives in public/404.html
|
57
|
+
.dialog
|
58
|
+
%div
|
59
|
+
%h1 The page you were looking for requires priviligies you do not have.
|
60
|
+
%p If you think you should be allowed to view this page, please contact somebody.
|
61
|
+
%p You are missing scope #{missing_scope}
|
data/shopapp.gemspec
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'shopapp'
|
3
|
-
s.version = '0.0.
|
4
|
-
s.date = '2018-
|
3
|
+
s.version = '0.0.12'
|
4
|
+
s.date = '2018-05-15'
|
5
5
|
s.summary = 'Do a shoplift.'
|
6
6
|
s.description = 'Ha! Art thou Bedlam? Dost thou thirst base Trojan, to have me fold up Parca\'s fatal web? Hence!\
|
7
7
|
I am qualmish at the smell of leek.'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: shopapp
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.12
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Zeljko
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-05-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: railties
|
@@ -162,6 +162,7 @@ files:
|
|
162
162
|
- app/controllers/user_authenticated_controller.rb
|
163
163
|
- app/controllers/user_authenticated_or_api_controller.rb
|
164
164
|
- app/views/layouts/_header_menu.html.haml
|
165
|
+
- app/views/shopapp/403.html.haml
|
165
166
|
- app/views/shopapp/_shopapp.html.haml
|
166
167
|
- config/initializers/active_settings.rb
|
167
168
|
- lib/shopapp.rb
|