app/helpers/usman/authentication_helper.rb in usman-0.3.9 vs app/helpers/usman/authentication_helper.rb in usman-0.3.10
- old
+ new
@@ -1,34 +1,50 @@
module Usman
module AuthenticationHelper
private
-
- def current_user
- # Return if @current_user is already initialized else check if the user exists with the auth token present in request header
- @current_user ||= authenticate_with_http_token { |token, options| User.find_by(auth_token: token)}
+
+ # --------------
+ # Common Methods
+ # --------------
+
+ def set_params_hsh
+ @params_hsh = {}
+ @params_hsh[:client_app] = params[:client_app] if params[:client_app]
+ @params_hsh[:redirect_back_url] = params[:redirect_back_url] if params[:redirect_back_url]
+ @params_hsh[:requested_url] = request.original_url if request.get?
end
+ def permission_denied
+ render :file => "layouts/kuppayam/401", layout: 'layouts/kuppayam/blank_with_nav', :status => :unauthorized
+ end
+
# Returns the default URL to which the system should redirect the user after successful authentication
def default_redirect_url_after_sign_in
main_app.user_landing_url
end
# Returns the default URL to which the system should redirect the user after an unsuccessful attempt to authorise a resource/page
def default_sign_in_url
usman.sign_in_url
end
+ # -----------------
+ # Redirect Methods
+ # -----------------
+
# Method to handle the redirection after unsuccesful authentication
# This method should also handle the redirection if it has come through a client appliction for authentication
# In that case, it should persist the params passed by the client application
- def redirect_after_unsuccessful_authentication
- @params_hsh = {}
- @params_hsh[:client_app] = params[:client_app] if params[:client_app]
- @params_hsh[:redirect_back_url] = params[:redirect_back_url] if params[:redirect_back_url]
- @params_hsh[:requested_url] = request.original_url if request.get?
- redirect_to add_query_params(default_sign_in_url, @params_hsh)
+ def redirect_after_unsuccessful_authentication(redirect_to_last_page=true)
+ if redirect_to_last_page
+ set_params_hsh
+ redirect_to add_query_params(default_sign_in_url, @params_hsh)
+ else
+ redirect_to default_sign_in_url
+ end
+
return
end
# Method to redirect after successful authentication
# This method should also handle the requests forwarded by the client for authentication
@@ -54,29 +70,25 @@
render(:partial => 'usman/sessions/sign_in.js.erb', :handlers => [:erb], :formats => [:js])
}
end
end
- def redirect_or_popup_to_default_sign_in_page
+ def redirect_or_popup_to_default_sign_in_page(redirect_to_last_page=true)
respond_to do |format|
format.html {
- redirect_after_unsuccessful_authentication
+ redirect_after_unsuccessful_authentication(redirect_to_last_page)
}
format.js {
- @params_hsh = {}
- @params_hsh[:client_app] = params[:client_app] if params[:client_app]
- @params_hsh[:redirect_back_url] = params[:redirect_back_url] if params[:redirect_back_url]
- @params_hsh[:requested_url] = request.original_url if request.get?
-
+ set_params_hsh if redirect_to_last_page
render(:partial => 'usman/sessions/sign_in.js.erb', :handlers => [:erb], :formats => [:js])
}
end
end
- def permission_denied
- render :file => "layouts/kuppayam/401", layout: 'layouts/kuppayam/blank_with_nav', :status => :unauthorized
- end
+ # -------------------
+ # Permission Helpers
+ # -------------------
# This method is widely used to create the @current_user object from the session
# This method will return @current_user if it already exists which will save queries when called multiple times
def current_user
# Check if the user exists with the auth token present in session
@@ -88,46 +100,102 @@
def require_user
current_user
unless @current_user
text = "#{I18n.t("authentication.login_required.heading")}"
set_flash_message(text, :error, false) if defined?(flash) && flash
-
redirect_or_popup_to_default_sign_in_page
return
end
end
# This method is usually used as a before filter from admin controllers to ensure that the logged in user is a super admin
def require_super_admin
unless @current_user.super_admin?
text = "#{I18n.t("authentication.permission_denied.heading")}: #{I18n.t("authentication.permission_denied.message")}"
set_flash_message(text, :error, false) if defined?(flash) && flash
-
- redirect_or_popup_to_default_sign_in_page
+ redirect_or_popup_to_default_sign_in_page(false)
end
end
def require_site_admin
return true if @current_user && @current_user.super_admin?
unless @current_user && @current_user.has_role?("Site Admin")
respond_to do |format|
- format.html {
- #text = "#{I18n.t("authentication.permission_denied.heading")}: #{I18n.t("authentication.permission_denied.message")}"
- #set_flash_message(text, :error, false) if defined?(flash) && flash
- #redirect_after_unsuccessful_authentication
- permission_denied
- }
+ format.html { permission_denied }
format.js {
- @params_hsh = {}
- @params_hsh[:client_app] = params[:client_app] if params[:client_app]
- @params_hsh[:redirect_back_url] = params[:redirect_back_url] if params[:redirect_back_url]
- @params_hsh[:requested_url] = request.original_url if request.get?
-
+ set_params_hsh
render(:partial => 'usman/sessions/sign_in.js.erb', :handlers => [:erb], :formats => [:js])
}
end
end
end
+
+ def require_read_permission
+ return true if @current_user && @current_user.super_admin?
+ current_permission
+ unless (@current_permission && @current_permission.can_read?)
+ respond_to do |format|
+ format.html { permission_denied }
+ format.js {
+ set_params_hsh
+ render(:partial => 'usman/sessions/permission_denied.js.erb', :handlers => [:erb], :formats => [:js])
+ }
+ end
+ end
+ end
+
+ def require_create_permission
+ return true if @current_user && @current_user.super_admin?
+ current_permission
+ unless (@current_permission && @current_permission.can_create?)
+ respond_to do |format|
+ format.html { permission_denied }
+ format.js {
+ set_params_hsh
+ render(:partial => 'usman/sessions/permission_denied.js.erb', :handlers => [:erb], :formats => [:js])
+ }
+ end
+ end
+ end
+
+ def require_update_permission
+ return true if @current_user && @current_user.super_admin?
+ current_permission
+ unless (@current_permission && @current_permission.can_update?)
+ respond_to do |format|
+ format.html { permission_denied }
+ format.js {
+ set_params_hsh
+ render(:partial => 'usman/sessions/permission_denied.js.erb', :handlers => [:erb], :formats => [:js])
+ }
+ end
+ end
+ end
+
+ def require_delete_permission
+ return true if @current_user && @current_user.super_admin?
+ current_permission
+ unless (@current_permission && @current_permission.can_delete?)
+ respond_to do |format|
+ format.html { permission_denied }
+ format.js {
+ set_params_hsh
+ render(:partial => 'usman/sessions/permission_denied.js.erb', :handlers => [:erb], :formats => [:js])
+ }
+ end
+ end
+ end
+
+ def current_permission
+ feature_class = @resource_options[:feature_class] || @resource_options[:class]
+ @current_feature = Feature.published.find_by_name(feature_class)
+ feature_id = @current_feature ? @current_feature.id : -1
+ @current_permission = @current_user.permissions.where("feature_id = ?", feature_id).first
+ end
+
+ # -------------------
+ # Masquerade Helpers
+ # -------------------
# This method is only used for masquerading. When admin masquerade as user A and then as B, when he logs out as B he should be logged in back as A
# This is accomplished by storing the last user id in session and activating it when user is logged off
def restore_last_user
return @last_user if @last_user