Show More
Commit Description:
NEED TESTING...
Commit Description:
NEED TESTING
move to stronger parameter for xxx.new(params[
References:
File last commit:
Show/Diff file:
Action:
app/controllers/application_controller.rb
| 142 lines
| 4.2 KiB
| text/x-ruby
| RubyLexer
|
jittat
|
r162 | class ApplicationController < ActionController::Base | ||
Jittat Fakcharoenphol
|
r318 | protect_from_forgery | ||
|
jittat
|
r162 | |||
| r627 | before_filter :current_user | |||
| r554 | ||||
|
jittat
|
r162 | SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode' | ||
| r525 | MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login' | |||
|
jittat
|
r162 | |||
| r593 | #report and redirect for unauthorized activities | |||
| def unauthorized_redirect | ||||
| flash[:notice] = 'You are not authorized to view the page you requested' | ||||
| redirect_to :controller => 'main', :action => 'login' | ||||
| end | ||||
| r554 | # Returns the current logged-in user (if any). | |||
| def current_user | ||||
| r556 | return nil unless session[:user_id] | |||
| r554 | @current_user ||= User.find(session[:user_id]) | |||
| end | ||||
|
jittat
|
r162 | def admin_authorization | ||
| return false unless authenticate | ||||
| r619 | user = User.includes(:roles).find(session[:user_id]) | |||
| r425 | unless user.admin? | |||
| r593 | unauthorized_redirect | |||
| r425 | return false | |||
| end | ||||
| return true | ||||
|
jittat
|
r162 | end | ||
| def authorization_by_roles(allowed_roles) | ||||
| return false unless authenticate | ||||
| user = User.find(session[:user_id]) | ||||
| unless user.roles.detect { |role| allowed_roles.member?(role.name) } | ||||
| r593 | unauthorized_redirect | |||
|
jittat
|
r162 | return false | ||
| end | ||||
| end | ||||
| r625 | def testcase_authorization | |||
| #admin always has privileged | ||||
| r632 | puts "haha" | |||
| r625 | if @current_user.admin? | |||
| return true | ||||
| end | ||||
| r632 | puts "hehe" | |||
| puts GraderConfiguration["right.view_testcase"] | ||||
| unauthorized_redirect unless GraderConfiguration["right.view_testcase"] | ||||
| r625 | end | |||
|
jittat
|
r162 | protected | ||
| def authenticate | ||||
| unless session[:user_id] | ||||
| r424 | flash[:notice] = 'You need to login' | |||
| if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] | ||||
| flash[:notice] = 'You need to login but you cannot log in at this time' | ||||
| end | ||||
|
jittat
|
r162 | redirect_to :controller => 'main', :action => 'login' | ||
| return false | ||||
| end | ||||
| # check if run in single user mode | ||||
|
Jittat Fakcharoenphol
|
r320 | if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] | ||
| r562 | user = User.find_by_id(session[:user_id]) | |||
|
Jittat Fakcharoenphol
|
r284 | if user==nil or (not user.admin?) | ||
|
Jittat Fakcharoenphol
|
r301 | flash[:notice] = 'You cannot log in at this time' | ||
|
jittat
|
r162 | redirect_to :controller => 'main', :action => 'login' | ||
| return false | ||||
| end | ||||
| r562 | unless user.enabled? | |||
| flash[:notice] = 'Your account is disabled' | ||||
| redirect_to :controller => 'main', :action => 'login' | ||||
| return false | ||||
| end | ||||
|
Jittat Fakcharoenphol
|
r295 | return true | ||
|
jittat
|
r162 | end | ||
|
Jittat Fakcharoenphol
|
r320 | if GraderConfiguration.multicontests? | ||
|
Jittat Fakcharoenphol
|
r295 | user = User.find(session[:user_id]) | ||
|
Jittat Fakcharoenphol
|
r296 | return true if user.admin? | ||
|
Jittat Fakcharoenphol
|
r295 | begin | ||
| if user.contest_stat(true).forced_logout | ||||
| flash[:notice] = 'You have been automatically logged out.' | ||||
| redirect_to :controller => 'main', :action => 'index' | ||||
| end | ||||
| rescue | ||||
| end | ||||
| end | ||||
|
jittat
|
r162 | return true | ||
| end | ||||
| r525 | def authenticate_by_ip_address | |||
| #this assume that we have already authenticate normally | ||||
| unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY] | ||||
| user = User.find(session[:user_id]) | ||||
| if (not user.admin? and user.last_ip and user.last_ip != request.remote_ip) | ||||
| flash[:notice] = "You cannot use the system from #{request.remote_ip}. Your last ip is #{user.last_ip}" | ||||
| redirect_to :controller => 'main', :action => 'login' | ||||
| r539 | puts "CHEAT: user #{user.login} tried to login from '#{request.remote_ip}' while last ip is '#{user.last_ip}' at #{Time.zone.now}" | |||
| r525 | return false | |||
| end | ||||
| unless user.last_ip | ||||
| user.last_ip = request.remote_ip | ||||
| user.save | ||||
| end | ||||
| end | ||||
| return true | ||||
| end | ||||
|
jittat
|
r162 | def authorization | ||
| return false unless authenticate | ||||
| r632 | puts "haha 1" | |||
|
jittat
|
r162 | user = User.find(session[:user_id]) | ||
| unless user.roles.detect { |role| | ||||
| r632 | role.rights.detect{ |right| | |||
| right.controller == self.class.controller_name and | ||||
| (right.action == 'all' or right.action == action_name) | ||||
| } | ||||
|
jittat
|
r162 | } | ||
| r632 | puts "haha 2" | |||
|
jittat
|
r162 | flash[:notice] = 'You are not authorized to view the page you requested' | ||
| #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login') | ||||
| redirect_to :controller => 'main', :action => 'login' | ||||
| return false | ||||
| end | ||||
| end | ||||
| def verify_time_limit | ||||
| return true if session[:user_id]==nil | ||||
| user = User.find(session[:user_id], :include => :site) | ||||
| return true if user==nil or user.site == nil | ||||
|
Jittat Fakcharoenphol
|
r217 | if user.contest_finished? | ||
| flash[:notice] = 'Error: the contest you are participating is over.' | ||||
|
jittat
|
r162 | redirect_to :back | ||
| return false | ||||
| end | ||||
| return true | ||||
| end | ||||
| end | ||||