Description:
fixed admin authorization bug in single user mode
Commit status:
[Not Reviewed]
References:
Diff options:
Comments:
0 Commit comments
0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Author
Jittat Fakcharoenphol
-
r284:e64cd998f824 - - 1 file changed: 1 inserted, 1 deleted
| @@ -12,49 +12,49 | |||||
|
|
12 | end |
|
12 | end |
|
|
13 |
|
13 | ||
|
|
14 | def authorization_by_roles(allowed_roles) |
|
14 | def authorization_by_roles(allowed_roles) |
|
|
15 | return false unless authenticate |
|
15 | return false unless authenticate |
|
|
16 | user = User.find(session[:user_id]) |
|
16 | user = User.find(session[:user_id]) |
|
|
17 | unless user.roles.detect { |role| allowed_roles.member?(role.name) } |
|
17 | unless user.roles.detect { |role| allowed_roles.member?(role.name) } |
|
|
18 | flash[:notice] = 'You are not authorized to view the page you requested' |
|
18 | flash[:notice] = 'You are not authorized to view the page you requested' |
|
|
19 | redirect_to :controller => 'main', :action => 'login' |
|
19 | redirect_to :controller => 'main', :action => 'login' |
|
|
20 | return false |
|
20 | return false |
|
|
21 | end |
|
21 | end |
|
|
22 | end |
|
22 | end |
|
|
23 |
|
23 | ||
|
|
24 | protected |
|
24 | protected |
|
|
25 |
|
25 | ||
|
|
26 | def authenticate |
|
26 | def authenticate |
|
|
27 | unless session[:user_id] |
|
27 | unless session[:user_id] |
|
|
28 | redirect_to :controller => 'main', :action => 'login' |
|
28 | redirect_to :controller => 'main', :action => 'login' |
|
|
29 | return false |
|
29 | return false |
|
|
30 | end |
|
30 | end |
|
|
31 |
|
31 | ||
|
|
32 | #Configuration.reload |
|
32 | #Configuration.reload |
|
|
33 | # check if run in single user mode |
|
33 | # check if run in single user mode |
|
|
34 | if (Configuration[SINGLE_USER_MODE_CONF_KEY]) |
|
34 | if (Configuration[SINGLE_USER_MODE_CONF_KEY]) |
|
|
35 | user = User.find(session[:user_id]) |
|
35 | user = User.find(session[:user_id]) |
|
|
36 |
- if user==nil or user. |
|
36 | + if user==nil or (not user.admin?) |
|
|
37 | redirect_to :controller => 'main', :action => 'login' |
|
37 | redirect_to :controller => 'main', :action => 'login' |
|
|
38 | return false |
|
38 | return false |
|
|
39 | end |
|
39 | end |
|
|
40 | end |
|
40 | end |
|
|
41 |
|
41 | ||
|
|
42 | return true |
|
42 | return true |
|
|
43 | end |
|
43 | end |
|
|
44 |
|
44 | ||
|
|
45 | def authorization |
|
45 | def authorization |
|
|
46 | return false unless authenticate |
|
46 | return false unless authenticate |
|
|
47 | user = User.find(session[:user_id]) |
|
47 | user = User.find(session[:user_id]) |
|
|
48 | unless user.roles.detect { |role| |
|
48 | unless user.roles.detect { |role| |
|
|
49 | role.rights.detect{ |right| |
|
49 | role.rights.detect{ |right| |
|
|
50 | right.controller == self.class.controller_name and |
|
50 | right.controller == self.class.controller_name and |
|
|
51 | (right.action == 'all' or right.action == action_name) |
|
51 | (right.action == 'all' or right.action == action_name) |
|
|
52 | } |
|
52 | } |
|
|
53 | } |
|
53 | } |
|
|
54 | flash[:notice] = 'You are not authorized to view the page you requested' |
|
54 | flash[:notice] = 'You are not authorized to view the page you requested' |
|
|
55 | #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login') |
|
55 | #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login') |
|
|
56 | redirect_to :controller => 'main', :action => 'login' |
|
56 | redirect_to :controller => 'main', :action => 'login' |
|
|
57 | return false |
|
57 | return false |
|
|
58 | end |
|
58 | end |
|
|
59 | end |
|
59 | end |
|
|
60 |
|
60 | ||
You need to be logged in to leave comments.
Login now