cafe-grader-web Files · app/controllers/application

cafe-grader-web

Location: cafe-grader-web/app/controllers/application_controller.rb - annotation

Commit Description:

fixed admin authorization bug in single user mode

Commit Description:

fixed admin authorization bug in single user mode

References:

r284:e64cd998f824 default

File last commit:

r284:e64cd998f824 default

Show/Diff file:

Action:

            
                    app/controllers/application_controller.rb
                
             | 74 lines
             | 2.2 KiB
             | text/x-ruby 
             | RubyLexer
             | 
      
            History
        
           Show Full History
         |
          Source
         | Raw
         |
              
              Download
              
     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
      # Filters added to this controller apply to all controllers in the application.

      # Likewise, all the methods added will be available for all controllers.

      class ApplicationController < ActionController::Base

        SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'

        def admin_authorization

          return false unless authenticate

          user = User.find(session[:user_id], :include => ['roles'])

          redirect_to :controller => 'main', :action => 'login' unless user.admin?

        end

        def authorization_by_roles(allowed_roles)

          return false unless authenticate

          user = User.find(session[:user_id])

          unless user.roles.detect { |role| allowed_roles.member?(role.name) }

            flash[:notice] = 'You are not authorized to view the page you requested'

            redirect_to :controller => 'main', :action => 'login'

            return false

          end

        end

        protected

        def authenticate

          unless session[:user_id]

            redirect_to :controller => 'main', :action => 'login'

            return false

          end

          #Configuration.reload

          # check if run in single user mode

          if (Configuration[SINGLE_USER_MODE_CONF_KEY])

            user = User.find(session[:user_id])

     Jittat Fakcharoenphol
  
fixed admin authorization bug in single user mode

              r284
            
            if user==nil or (not user.admin?)

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
              redirect_to :controller => 'main', :action => 'login'

              return false

            end

          end

          return true

        end

        def authorization

          return false unless authenticate

          user = User.find(session[:user_id])

          unless user.roles.detect { |role|

      	role.rights.detect{ |right|

      	  right.controller == self.class.controller_name and

                (right.action == 'all' or right.action == action_name)

      	}

            }

            flash[:notice] = 'You are not authorized to view the page you requested'

            #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')

            redirect_to :controller => 'main', :action => 'login'

            return false

          end

        end

        def verify_time_limit

          return true if session[:user_id]==nil

          user = User.find(session[:user_id], :include => :site)

          return true if user==nil or user.site == nil

     Jittat Fakcharoenphol
  
added individual contest mode

              r217
            
          if user.contest_finished?

            flash[:notice] = 'Error: the contest you are participating is over.'

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
            redirect_to :back

            return false

          end

          return true

        end

      end

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository permissions settings

Sign in to your account

Last Author

jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	# Filters added to this controller apply to all controllers in the application.
		# Likewise, all the methods added will be available for all controllers.

		class ApplicationController < ActionController::Base

		SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'

		def admin_authorization
		return false unless authenticate
		user = User.find(session[:user_id], :include => ['roles'])
		redirect_to :controller => 'main', :action => 'login' unless user.admin?
		end

		def authorization_by_roles(allowed_roles)
		return false unless authenticate
		user = User.find(session[:user_id])
		unless user.roles.detect { \|role\| allowed_roles.member?(role.name) }
		flash[:notice] = 'You are not authorized to view the page you requested'
		redirect_to :controller => 'main', :action => 'login'
		return false
		end
		end

		protected

		def authenticate
		unless session[:user_id]
		redirect_to :controller => 'main', :action => 'login'
		return false
		end

		#Configuration.reload
		# check if run in single user mode
		if (Configuration[SINGLE_USER_MODE_CONF_KEY])
		user = User.find(session[:user_id])
Jittat Fakcharoenphol fixed admin authorization bug in single user mode	r284	if user==nil or (not user.admin?)
jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	redirect_to :controller => 'main', :action => 'login'
		return false
		end
		end

		return true
		end

		def authorization
		return false unless authenticate
		user = User.find(session[:user_id])
		unless user.roles.detect { \|role\|
		role.rights.detect{ \|right\|
		right.controller == self.class.controller_name and
		(right.action == 'all' or right.action == action_name)
		}
		}
		flash[:notice] = 'You are not authorized to view the page you requested'
		#request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')
		redirect_to :controller => 'main', :action => 'login'
		return false
		end
		end

		def verify_time_limit
		return true if session[:user_id]==nil
		user = User.find(session[:user_id], :include => :site)
		return true if user==nil or user.site == nil
Jittat Fakcharoenphol added individual contest mode	r217	if user.contest_finished?
		flash[:notice] = 'Error: the contest you are participating is over.'
jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	redirect_to :back
		return false
		end
		return true
		end

		end