cafe-grader-web

Commit r178:f002bd602fc3 public

parent | child
Description:
removed deprecated session_key from ApplicationController git-svn-id: http://theory.cpe.ku.ac.th/grader/web/trunk@380 6386c4cd-e34a-4fa8-8920-d93eb39b512e
Commit status:
[Not Reviewed]
References:
default
Diff options:
Raw Diff | Patch Diff | Download Diff | Show whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r178:f002bd602fc3 - - 1 file changed: 0 inserted, 2 deleted

Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,54 +1,52
1 # Filters added to this controller apply to all controllers in the application.
1 # Filters added to this controller apply to all controllers in the application.
2 # Likewise, all the methods added will be available for all controllers.
2 # Likewise, all the methods added will be available for all controllers.
3
3
4 class ApplicationController < ActionController::Base
4 class ApplicationController < ActionController::Base
5 - # Pick a unique cookie name to distinguish our session data from others'
6 - session :session_key => '_grader_session_id'
7
5
8 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
6 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
9
7
10 def admin_authorization
8 def admin_authorization
11 return false unless authenticate
9 return false unless authenticate
12 user = User.find(session[:user_id], :include => ['roles'])
10 user = User.find(session[:user_id], :include => ['roles'])
13 redirect_to :controller => 'main', :action => 'login' unless user.admin?
11 redirect_to :controller => 'main', :action => 'login' unless user.admin?
14 end
12 end
15
13
16 def authorization_by_roles(allowed_roles)
14 def authorization_by_roles(allowed_roles)
17 return false unless authenticate
15 return false unless authenticate
18 user = User.find(session[:user_id])
16 user = User.find(session[:user_id])
19 unless user.roles.detect { |role| allowed_roles.member?(role.name) }
17 unless user.roles.detect { |role| allowed_roles.member?(role.name) }
20 flash[:notice] = 'You are not authorized to view the page you requested'
18 flash[:notice] = 'You are not authorized to view the page you requested'
21 redirect_to :controller => 'main', :action => 'login'
19 redirect_to :controller => 'main', :action => 'login'
22 return false
20 return false
23 end
21 end
24 end
22 end
25
23
26 protected
24 protected
27
25
28 def authenticate
26 def authenticate
29 unless session[:user_id]
27 unless session[:user_id]
30 redirect_to :controller => 'main', :action => 'login'
28 redirect_to :controller => 'main', :action => 'login'
31 return false
29 return false
32 end
30 end
33
31
34 #Configuration.reload
32 #Configuration.reload
35 # check if run in single user mode
33 # check if run in single user mode
36 if (Configuration[SINGLE_USER_MODE_CONF_KEY])
34 if (Configuration[SINGLE_USER_MODE_CONF_KEY])
37 user = User.find(session[:user_id])
35 user = User.find(session[:user_id])
38 if user==nil or user.login != 'root'
36 if user==nil or user.login != 'root'
39 redirect_to :controller => 'main', :action => 'login'
37 redirect_to :controller => 'main', :action => 'login'
40 return false
38 return false
41 end
39 end
42 end
40 end
43
41
44 return true
42 return true
45 end
43 end
46
44
47 def authorization
45 def authorization
48 return false unless authenticate
46 return false unless authenticate
49 user = User.find(session[:user_id])
47 user = User.find(session[:user_id])
50 unless user.roles.detect { |role|
48 unless user.roles.detect { |role|
51 role.rights.detect{ |right|
49 role.rights.detect{ |right|
52 right.controller == self.class.controller_name and
50 right.controller == self.class.controller_name and
53 (right.action == 'all' or right.action == action_name)
51 (right.action == 'all' or right.action == action_name)
54 }
52 }
You need to be logged in to leave comments. Login now