Contents

module LsOmniauth::OmniauthHelper
  def require_authentication
    when_not_in_dev_mode {
      sessions = LsOmniauth::AuthSessions.new(session)
      if sessions.auth.get.blank?
        sessions.origin.set("#{request.protocol}#{request.host_with_port}#{request.fullpath}")
        redirect_to ls_omniauth.sign_in_url and return false
      end
      true
    }
  end

  def require_authorization(options = {})
    when_not_in_dev_mode {
      return unless require_authentication

      sessions = LsOmniauth::AuthSessions.new(session)
      email = sessions.auth.get


      options.symbolize_keys!
      if options[:domains].respond_to? :include?
        email_domain = email.match(/[\w]+\.com/)[0]
        unless options[:domains].map(&:upcase).include? email_domain.upcase
          render_access_denied and return
        end
      end

      if options.has_key? :group
        if !email_in_group(email, options[:group])
          render_access_denied and return
        end
      end
    }
  end

  def current_user_in_group(group)
    email_in_group(email_for_current_user, group)
  end

  def when_not_in_dev_mode(&block)
    if !running_in_dev_mode?
      yield
    end
  end

  module_function

  def running_in_dev_mode?
    LS_OMNIAUTH.config.running_in_dev_mode?
  end

  def authorized_users
    @authorized_users ||= (LS_OMNIAUTH.config[:authorized_users] || {})
  end

  def authorized_group_users(group)
    authorized_users[group] || []
  end

  def email_for_current_user
    LsOmniauth::AuthSessions.new(session).auth.get
  end

  def email_in_group(email, group)
    authorized_group_users(group).map(&:upcase).include?(email.to_s.upcase)
  end

  def render_access_denied
    render :text => "<div class='notification error'>You are not authorized to view this resource.  Sorry!</div>", :status => 401
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
ls-omniauth-3.0.3	app/helpers/ls_omniauth/omniauth_helper.rb