This repository has been archived by the owner on Apr 30, 2024. It is now read-only.
forked from radiant/radiant
-
Notifications
You must be signed in to change notification settings - Fork 2
/
login_system.rb
131 lines (115 loc) · 3.45 KB
/
login_system.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
module LoginSystem
def self.included(base)
base.extend ClassMethods
base.class_eval do
prepend_before_filter :authenticate, :authorize
helper_method :current_user
end
end
protected
def current_user
@current_user ||= (login_from_session || login_from_cookie || login_from_http)
end
def current_user=(value=nil)
if value && value.is_a?(User)
@current_user = value
session['user_id'] = value.id
else
@current_user = nil
session['user_id'] = nil
end
@current_user
end
def authenticate
action = params['action'].to_s.intern
if current_user
session['user_id'] = current_user.id
true
else
session[:return_to] = request.request_uri
respond_to do |format|
format.html { redirect_to login_url }
format.any(:xml,:json) { request_http_basic_authentication }
end
false
end
end
def authorize
action = action_name.to_s.intern
if user_has_access_to_action?(action)
true
else
permissions = self.class.controller_permissions[action]
flash[:error] = permissions[:denied_message] || 'Access denied.'
respond_to do |format|
format.html { redirect_to(permissions[:denied_url] || { :action => :index }) }
format.any(:xml, :json) { head :forbidden }
end
false
end
end
def user_has_role?(role)
current_user.send("#{role}?")
end
def user_has_access_to_action?(action)
permissions = self.class.controller_permissions[action.to_s.intern]
case
when allowed_roles = permissions[:when]
allowed_roles = [allowed_roles].flatten
allowed_roles.each do |role|
return true if user_has_role?(role)
end
false
when condition_method = permissions[:if]
send(condition_method)
else
true
end
end
def login_from_session
User.find(session['user_id']) rescue nil
end
def login_from_cookie
if !cookies[:session_token].blank? && user = User.find_by_session_token(cookies[:session_token]) # don't find by empty value
user.remember_me
set_session_cookie(user)
user
end
end
def login_from_http
if [Mime::XML, Mime::JSON].include?(request.format)
authenticate_with_http_basic do |user_name, password|
User.authenticate(user_name, password)
end
end
end
def set_session_cookie(user = current_user)
cookies[:session_token] = { :value => user.session_token , :expires => Radiant::Config['session_timeout'].to_i.from_now.utc }
end
module ClassMethods
def no_login_required
skip_before_filter :authenticate
skip_before_filter :authorize
end
def login_required?
filter_chain.any? {|f| f.method == :authenticate || f.method == :authorize }
end
def login_required
unless login_required?
prepend_before_filter :authenticate, :authorize
end
end
def only_allow_access_to(*args)
options = {}
options = args.pop.dup if args.last.kind_of?(Hash)
options.symbolize_keys!
actions = args.map { |a| a.to_s.intern }
actions.each do |action|
controller_permissions[action] = options
end
end
def controller_permissions
@controller_permissions ||= Hash.new { |h,k| h[k.to_s.intern] = Hash.new }
end
end
end