Description:
removed deprecated session_key from ApplicationController
git-svn-id: http://theory.cpe.ku.ac.th/grader/web/trunk@380 6386c4cd-e34a-4fa8-8920-d93eb39b512e
Commit status:
[Not Reviewed]
References:
Diff options:
Comments:
0 Commit comments
0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Author
jittat
-
r178:f002bd602fc3 - - 1 file changed: 0 inserted, 2 deleted
| @@ -1,76 +1,74 | |||||
|
|
1 | # Filters added to this controller apply to all controllers in the application. |
|
1 | # Filters added to this controller apply to all controllers in the application. |
|
|
2 | # Likewise, all the methods added will be available for all controllers. |
|
2 | # Likewise, all the methods added will be available for all controllers. |
|
|
3 |
|
3 | ||
|
|
4 | class ApplicationController < ActionController::Base |
|
4 | class ApplicationController < ActionController::Base |
|
|
5 | - # Pick a unique cookie name to distinguish our session data from others' |
|
||
|
|
6 | - session :session_key => '_grader_session_id' |
|
||
|
|
7 |
|
5 | ||
|
|
8 | SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode' |
|
6 | SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode' |
|
|
9 |
|
7 | ||
|
|
10 | def admin_authorization |
|
8 | def admin_authorization |
|
|
11 | return false unless authenticate |
|
9 | return false unless authenticate |
|
|
12 | user = User.find(session[:user_id], :include => ['roles']) |
|
10 | user = User.find(session[:user_id], :include => ['roles']) |
|
|
13 | redirect_to :controller => 'main', :action => 'login' unless user.admin? |
|
11 | redirect_to :controller => 'main', :action => 'login' unless user.admin? |
|
|
14 | end |
|
12 | end |
|
|
15 |
|
13 | ||
|
|
16 | def authorization_by_roles(allowed_roles) |
|
14 | def authorization_by_roles(allowed_roles) |
|
|
17 | return false unless authenticate |
|
15 | return false unless authenticate |
|
|
18 | user = User.find(session[:user_id]) |
|
16 | user = User.find(session[:user_id]) |
|
|
19 | unless user.roles.detect { |role| allowed_roles.member?(role.name) } |
|
17 | unless user.roles.detect { |role| allowed_roles.member?(role.name) } |
|
|
20 | flash[:notice] = 'You are not authorized to view the page you requested' |
|
18 | flash[:notice] = 'You are not authorized to view the page you requested' |
|
|
21 | redirect_to :controller => 'main', :action => 'login' |
|
19 | redirect_to :controller => 'main', :action => 'login' |
|
|
22 | return false |
|
20 | return false |
|
|
23 | end |
|
21 | end |
|
|
24 | end |
|
22 | end |
|
|
25 |
|
23 | ||
|
|
26 | protected |
|
24 | protected |
|
|
27 |
|
25 | ||
|
|
28 | def authenticate |
|
26 | def authenticate |
|
|
29 | unless session[:user_id] |
|
27 | unless session[:user_id] |
|
|
30 | redirect_to :controller => 'main', :action => 'login' |
|
28 | redirect_to :controller => 'main', :action => 'login' |
|
|
31 | return false |
|
29 | return false |
|
|
32 | end |
|
30 | end |
|
|
33 |
|
31 | ||
|
|
34 | #Configuration.reload |
|
32 | #Configuration.reload |
|
|
35 | # check if run in single user mode |
|
33 | # check if run in single user mode |
|
|
36 | if (Configuration[SINGLE_USER_MODE_CONF_KEY]) |
|
34 | if (Configuration[SINGLE_USER_MODE_CONF_KEY]) |
|
|
37 | user = User.find(session[:user_id]) |
|
35 | user = User.find(session[:user_id]) |
|
|
38 | if user==nil or user.login != 'root' |
|
36 | if user==nil or user.login != 'root' |
|
|
39 | redirect_to :controller => 'main', :action => 'login' |
|
37 | redirect_to :controller => 'main', :action => 'login' |
|
|
40 | return false |
|
38 | return false |
|
|
41 | end |
|
39 | end |
|
|
42 | end |
|
40 | end |
|
|
43 |
|
41 | ||
|
|
44 | return true |
|
42 | return true |
|
|
45 | end |
|
43 | end |
|
|
46 |
|
44 | ||
|
|
47 | def authorization |
|
45 | def authorization |
|
|
48 | return false unless authenticate |
|
46 | return false unless authenticate |
|
|
49 | user = User.find(session[:user_id]) |
|
47 | user = User.find(session[:user_id]) |
|
|
50 | unless user.roles.detect { |role| |
|
48 | unless user.roles.detect { |role| |
|
|
51 | role.rights.detect{ |right| |
|
49 | role.rights.detect{ |right| |
|
|
52 | right.controller == self.class.controller_name and |
|
50 | right.controller == self.class.controller_name and |
|
|
53 | (right.action == 'all' or right.action == action_name) |
|
51 | (right.action == 'all' or right.action == action_name) |
|
|
54 | } |
|
52 | } |
|
|
55 | } |
|
53 | } |
|
|
56 | flash[:notice] = 'You are not authorized to view the page you requested' |
|
54 | flash[:notice] = 'You are not authorized to view the page you requested' |
|
|
57 | #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login') |
|
55 | #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login') |
|
|
58 | redirect_to :controller => 'main', :action => 'login' |
|
56 | redirect_to :controller => 'main', :action => 'login' |
|
|
59 | return false |
|
57 | return false |
|
|
60 | end |
|
58 | end |
|
|
61 | end |
|
59 | end |
|
|
62 |
|
60 | ||
|
|
63 | def verify_time_limit |
|
61 | def verify_time_limit |
|
|
64 | return true if session[:user_id]==nil |
|
62 | return true if session[:user_id]==nil |
|
|
65 | user = User.find(session[:user_id], :include => :site) |
|
63 | user = User.find(session[:user_id], :include => :site) |
|
|
66 | return true if user==nil or user.site == nil |
|
64 | return true if user==nil or user.site == nil |
|
|
67 | if user.site.finished? |
|
65 | if user.site.finished? |
|
|
68 | flash[:notice] = 'Error: the contest on your site is over.' |
|
66 | flash[:notice] = 'Error: the contest on your site is over.' |
|
|
69 | redirect_to :back |
|
67 | redirect_to :back |
|
|
70 | return false |
|
68 | return false |
|
|
71 | end |
|
69 | end |
|
|
72 | return true |
|
70 | return true |
|
|
73 | end |
|
71 | end |
|
|
74 |
|
72 | ||
|
|
75 | end |
|
73 | end |
|
|
76 |
|
74 | ||
You need to be logged in to leave comments.
Login now