forked from radiant/radiant
-
Notifications
You must be signed in to change notification settings - Fork 1
/
login_system.rb
112 lines (97 loc) · 3.01 KB
/
login_system.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
module LoginSystem
def self.included(base)
base.class_eval %{
before_filter :authenticate
cattr_reader :controller_permissions
@@controller_permissions = Hash.new { |h, k| h[k] = Hash.new { |h, k| h[k] = Hash.new } }
helper_method :current_user
}
base.extend ClassMethods
super
end
protected
def current_user
@current_user ||= User.find(session['user_id']) rescue nil
end
def current_user=(value=nil)
if value && value.is_a?(User)
@current_user = value
session['user_id'] = value.id
else
@current_user = nil
session['user_id'] = nil
end
@current_user
end
def authenticate
action = params['action'].to_s.intern
login_from_cookie
if !current_user && params[:format] == 'xml'
authenticate_or_request_with_http_basic do |user_name, password|
self.current_user = User.authenticate(user_name, password)
end
return false if self.current_user.nil?
end
if current_user and user_has_access_to_action?(action)
true
else
if current_user
permissions = self.class.controller_permissions[self.class][action]
flash[:error] = permissions[:denied_message] || 'Access denied.'
redirect_to permissions[:denied_url] || { :action => :index }
else
session[:return_to] = request.request_uri
redirect_to login_url
end
false
end
end
def user_has_role?(role)
current_user.send("#{role}?")
end
def user_has_access_to_action?(action)
permissions = self.class.controller_permissions[self.class][action]
case
when allowed_roles = permissions[:when]
allowed_roles = [allowed_roles].flatten
allowed_roles.each do |role|
return true if user_has_role?(role)
end
false
when condition_method = permissions[:if]
send(condition_method)
else
true
end
end
def login_from_cookie
if !cookies[:session_token].blank? && user = User.find_by_session_token(cookies[:session_token]) # don't find by empty value
user.remember_me
self.current_user = user
set_session_cookie
end
end
def set_session_cookie
cookies[:session_token] = { :value => current_user.session_token , :expires => Radiant::Config['session_timeout'].to_i.from_now.utc }
end
module ClassMethods
def no_login_required
skip_before_filter :authenticate
end
def login_required?
filter_chain.any? {|f| f.method == :authenticate }
end
def login_required
before_filter :authenticate
end
def only_allow_access_to(*args)
options = {}
options = args.pop.dup if args.last.kind_of?(Hash)
options.symbolize_keys!
actions = args.map { |a| a.to_s.intern }
actions.each do |action|
controller_permissions[self][action] = options
end
end
end
end