cafe-grader-web Commit - r284:e64cd998f824

cafe-grader-web

Commit `r284:e64cd998f824` public

parent | child

Description:

fixed admin authorization bug in single user mode

Commit status:

[Not Reviewed]

References:

default

Diff options:

| | | |

Comments:

0 Commit comments 0 Inline Comments

Unresolved TODOs:

There are no unresolved TODOs

Add another comment

r284:e64cd998f824 - Sat, 06 Mar 2010 15:21:48 - 1 file changed: 1 inserted, 1 deleted

app/controllers/application_controller.rb ¶ +1 -1

                 end
                 def authorization_by_roles(allowed_roles)
                   return false unless authenticate
                   user = User.find(session[:user_id])
                   unless user.roles.detect { |role| allowed_roles.member?(role.name) }
                     flash[:notice] = 'You are not authorized to view the page you requested'
                     redirect_to :controller => 'main', :action => 'login'
                     return false
                   end
                 end
                 protected
                 def authenticate
                   unless session[:user_id]
                     redirect_to :controller => 'main', :action => 'login'
                     return false
                   end
                   #Configuration.reload
                   # check if run in single user mode
                   if (Configuration[SINGLE_USER_MODE_CONF_KEY])
                     user = User.find(session[:user_id])
-            -       if user==nil or user.login != 'root'
+            +       if user==nil or (not user.admin?)
                       redirect_to :controller => 'main', :action => 'login'
                       return false
                     end
                   end
                   return true
                 end
                 def authorization
                   return false unless authenticate
                   user = User.find(session[:user_id])
                   unless user.roles.detect { |role|
               	role.rights.detect{ |right|
               	  right.controller == self.class.controller_name and
                         (right.action == 'all' or right.action == action_name)
               	}
                     }
                     flash[:notice] = 'You are not authorized to view the page you requested'
                     #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')
                     redirect_to :controller => 'main', :action => 'login'
                     return false
                   end
                 end

Write
Preview

You need to be logged in to leave comments. Login now

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository permissions settings

Sign in to your account

Author

r284:e64cd998f824 - Sat, 06 Mar 2010 15:21:48 - 1 file changed: 1 inserted, 1 deleted

Sign in to your account

Commit r284:e64cd998f824 public

Author

r284:e64cd998f824 - Sat, 06 Mar 2010 15:21:48 - 1 file changed: 1 inserted, 1 deleted

Commit `r284:e64cd998f824` public