module Typus module Authentication module Session protected include Base def authenticate if session[:typus_user_id] current_user else back_to = request.env['PATH_INFO'] unless [admin_dashboard_path, admin_path].include?(request.env['PATH_INFO']) redirect_to new_admin_session_path(:back_to => back_to) end end #-- # Return the current user. If role does not longer exist on the # system current_user will be signed out from Typus. #++ def current_user @current_user ||= Typus.user_class.find(session[:typus_user_id]) unless Typus::Configuration.roles.has_key?(@current_user.role) raise _t("Role does no longer exists.") end unless @current_user.status back_to = (request.env['REQUEST_URI'] == admin_dashboard_path) ? nil : request.env['REQUEST_URI'] raise _t("Typus user has been disabled.") end I18n.locale = @current_user.preferences[:locale] return @current_user rescue Exception => error session[:typus_user_id] = nil redirect_to new_admin_session_path(:back_to => back_to), :notice => error.message end #-- # Action is available on: edit, update, toggle and destroy #++ def check_if_user_can_perform_action_on_user return unless @item.kind_of?(Typus.user_class) message = case params[:action] when 'edit' # Only admin and owner of Typus User can edit. if current_user.is_not_root? && (current_user != @item) _t("As you're not the admin or the owner of this record you cannot edit it.") end when 'update' # current_user cannot change her role. if current_user && !(@item.role == params[@object_name][:role]) _t("You can't change your role.") end when 'toggle' # Only admin can toggle typus user status, but not herself. if current_user.is_root? && (current_user == @item) _t("You can't toggle your status.") elsif current_user.is_not_root? _t("You're not allowed to toggle status.") end when 'destroy' # Admin can remove anything except herself. if current_user.is_root? && (current_user == @item) _t("You can't remove yourself.") elsif current_user.is_not_root? _t("You're not allowed to remove Typus Users.") end end redirect_to set_path, :notice => message if message end #-- # This method checks if the user can perform the requested action. # It works on models, so its available on the `resources_controller`. #++ def check_if_user_can_perform_action_on_resources message = case params[:action] when 'index', 'show' "%{current_user_role} can't display items." when 'destroy' "%{current_user_role} can't delete this item." else "%{current_user_role} can't perform action. (%{action})" end message = _t(message, :current_user_role => current_user.role.capitalize, :action => params[:action]) unless current_user.can?(params[:action], @resource) redirect_to set_path, :notice => message end end #-- # This method checks if the user can perform the requested action. # It works on a resource: git, memcached, syslog ... #++ def check_if_user_can_perform_action_on_resource controller = params[:controller].remove_prefix action = params[:action] unless current_user.can?(action, controller.camelize, { :special => true }) render :text => "Not allowed!", :status => :unprocessable_entity end end #-- # If item is owned by another user, we only can perform a # show action on the item. Updated item is also blocked. # # before_filter :check_resource_ownership, :only => [ :edit, :update, :destroy, # :toggle, :position, # :relate, :unrelate ] #++ def check_resource_ownership # By-pass if current_user is root. return if current_user.is_root? condition_typus_users = @item.respond_to?(Typus.relationship) && !@item.send(Typus.relationship).include?(current_user) condition_typus_user_id = @item.respond_to?(Typus.user_fk) && !@item.owned_by?(current_user) if condition_typus_users || condition_typus_user_id alert = _t("You don't have permission to access this item.") redirect_to set_path, :alert => alert end end def check_resource_ownerships # By-pass if current_user is root. return if current_user.is_root? # Show only related items it @resource has a foreign_key (Typus.user_fk) # related to the logged user. if @resource.typus_user_id? condition = { Typus.user_fk => current_user } @conditions = @resource.merge_conditions(@conditions, condition) end end def check_ownership_of_referal_item return unless params[:resource] && params[:resource_id] klass = params[:resource].classify.constantize return if !klass.typus_user_id? item = klass.find(params[:resource_id]) raise "You're not owner of this record." unless item.owned_by?(current_user) || current_user.is_root? end def set_attributes_on_create if @resource.typus_user_id? @item.attributes = { Typus.user_fk => current_user.id } end end def set_attributes_on_update if @resource.typus_user_id? && current_user.is_not_root? @item.update_attributes(Typus.user_fk => current_user.id) end end #-- # Reload current_user when updating to see flash message in the # correct locale. #++ def reload_locales if @resource.eql?(Typus.user_class) I18n.locale = current_user.reload.preferences[:locale] end end end end end