Description:
fixed admin authorization bug in single user mode
Commit status:
[Not Reviewed]
References:
Diff options:
Comments:
0 Commit comments
0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Author
Jittat Fakcharoenphol
-
r284:e64cd998f824 - - 1 file changed: 1 inserted, 1 deleted
| @@ -1,74 +1,74 | |||
|
|
1 | 1 | # Filters added to this controller apply to all controllers in the application. |
|
|
2 | 2 | # Likewise, all the methods added will be available for all controllers. |
|
|
3 | 3 | |
|
|
4 | 4 | class ApplicationController < ActionController::Base |
|
|
5 | 5 | |
|
|
6 | 6 | SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode' |
|
|
7 | 7 | |
|
|
8 | 8 | def admin_authorization |
|
|
9 | 9 | return false unless authenticate |
|
|
10 | 10 | user = User.find(session[:user_id], :include => ['roles']) |
|
|
11 | 11 | redirect_to :controller => 'main', :action => 'login' unless user.admin? |
|
|
12 | 12 | end |
|
|
13 | 13 | |
|
|
14 | 14 | def authorization_by_roles(allowed_roles) |
|
|
15 | 15 | return false unless authenticate |
|
|
16 | 16 | user = User.find(session[:user_id]) |
|
|
17 | 17 | unless user.roles.detect { |role| allowed_roles.member?(role.name) } |
|
|
18 | 18 | flash[:notice] = 'You are not authorized to view the page you requested' |
|
|
19 | 19 | redirect_to :controller => 'main', :action => 'login' |
|
|
20 | 20 | return false |
|
|
21 | 21 | end |
|
|
22 | 22 | end |
|
|
23 | 23 | |
|
|
24 | 24 | protected |
|
|
25 | 25 | |
|
|
26 | 26 | def authenticate |
|
|
27 | 27 | unless session[:user_id] |
|
|
28 | 28 | redirect_to :controller => 'main', :action => 'login' |
|
|
29 | 29 | return false |
|
|
30 | 30 | end |
|
|
31 | 31 | |
|
|
32 | 32 | #Configuration.reload |
|
|
33 | 33 | # check if run in single user mode |
|
|
34 | 34 | if (Configuration[SINGLE_USER_MODE_CONF_KEY]) |
|
|
35 | 35 | user = User.find(session[:user_id]) |
|
|
36 |
- if user==nil or user. |
|
|
|
36 | + if user==nil or (not user.admin?) | |
|
|
37 | 37 | redirect_to :controller => 'main', :action => 'login' |
|
|
38 | 38 | return false |
|
|
39 | 39 | end |
|
|
40 | 40 | end |
|
|
41 | 41 | |
|
|
42 | 42 | return true |
|
|
43 | 43 | end |
|
|
44 | 44 | |
|
|
45 | 45 | def authorization |
|
|
46 | 46 | return false unless authenticate |
|
|
47 | 47 | user = User.find(session[:user_id]) |
|
|
48 | 48 | unless user.roles.detect { |role| |
|
|
49 | 49 | role.rights.detect{ |right| |
|
|
50 | 50 | right.controller == self.class.controller_name and |
|
|
51 | 51 | (right.action == 'all' or right.action == action_name) |
|
|
52 | 52 | } |
|
|
53 | 53 | } |
|
|
54 | 54 | flash[:notice] = 'You are not authorized to view the page you requested' |
|
|
55 | 55 | #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login') |
|
|
56 | 56 | redirect_to :controller => 'main', :action => 'login' |
|
|
57 | 57 | return false |
|
|
58 | 58 | end |
|
|
59 | 59 | end |
|
|
60 | 60 | |
|
|
61 | 61 | def verify_time_limit |
|
|
62 | 62 | return true if session[:user_id]==nil |
|
|
63 | 63 | user = User.find(session[:user_id], :include => :site) |
|
|
64 | 64 | return true if user==nil or user.site == nil |
|
|
65 | 65 | if user.contest_finished? |
|
|
66 | 66 | flash[:notice] = 'Error: the contest you are participating is over.' |
|
|
67 | 67 | redirect_to :back |
|
|
68 | 68 | return false |
|
|
69 | 69 | end |
|
|
70 | 70 | return true |
|
|
71 | 71 | end |
|
|
72 | 72 | |
|
|
73 | 73 | end |
|
|
74 | 74 | |
You need to be logged in to leave comments.
Login now