summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Wintermeyer <stefan.wintermeyer@amooma.de>2013-01-31 11:39:25 +0100
committerStefan Wintermeyer <stefan.wintermeyer@amooma.de>2013-01-31 11:39:25 +0100
commit8da882cf3ec53f9057b17bd8dd39c2eadb2a88c2 (patch)
tree9ffca1c369768dac2b43e18a5993da3db3eb3a50
parent83120928fc2dabe225215668943452065d8bc52f (diff)
Fixed single sign on. #145
-rw-r--r--app/controllers/application_controller.rb61
-rw-r--r--app/controllers/gemeinschaft_setups_controller.rb4
-rw-r--r--app/controllers/page_controller.rb14
-rw-r--r--app/views/layouts/_navbar.html.haml7
-rw-r--r--config/routes.rb5
-rw-r--r--db/schema.rb2
6 files changed, 36 insertions, 57 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2aadf19..d1d918e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -2,26 +2,21 @@ class ApplicationController < ActionController::Base
protect_from_forgery
- before_filter :set_locale
+ before_filter :start_setup_if_new_installation
- before_filter :go_to_setup_if_new_installation
- before_filter :home_breadcrumb
-
+ before_filter :set_locale
helper_method :current_user
-
+
helper_method :guess_local_ip_address
helper_method :guess_local_host
-
+
+ before_filter :home_breadcrumb
+
helper_method :'have_https?'
+ helper_method :'single_sign_on_system?'
helper_method :random_pin
-
- #TODO Add check_authorization. See
- # https://github.com/ryanb/cancan
- # https://github.com/ryanb/cancan/wiki/Ensure-Authorization
- # and Gemeinschaft 4
-
# Generate a new name for an Object
#
def generate_a_new_name(parent, child = nil)
@@ -56,6 +51,8 @@ class ApplicationController < ActionController::Base
def random_pin
if GsParameter.get('MINIMUM_PIN_LENGTH') > 0
(1..GsParameter.get('MINIMUM_PIN_LENGTH')).map{|i| (0 .. 9).to_a.sample}.join
+ else
+ (1..8).map{|i| (0 .. 9).to_a.sample}.join
end
end
@@ -109,40 +106,38 @@ class ApplicationController < ActionController::Base
if current_user
redirect_to root_url, :alert => 'Access denied! Please ask your admin to grant you the necessary rights.'
else
- if Tenant.count == 0 && User.count == 0
- # This is a brand new system. We need to run a setup first.
- redirect_to wizards_new_initial_setup_path
- else
- # You need to login first.
- redirect_to log_in_path, :alert => 'Access denied! You need to login first.'
- end
+ # You need to login first.
+ redirect_to log_in_path, :alert => 'Access denied! You need to login first.'
end
end
private
def current_user
- if session[:user_id] || GsParameter.get('SingleSignOnEnvUserNameKey').blank?
+ if session[:user_id].nil? && single_sign_on_system?
+ auth_user = User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).first
+ else
if session[:user_id] && User.where(:id => session[:user_id]).any?
- return User.where(:id => session[:user_id]).first
+ auth_user = User.where(:id => session[:user_id]).first
else
- session[:user_id] = nil
- return nil
+ auth_user = nil
end
+ end
+ session[:user_id] = auth_user.try(:id)
+ return auth_user
+ end
+
+ def single_sign_on_system?
+ if GsParameter.get('SingleSignOnEnvUserNameKey').blank?
+ false
else
- if User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).any?
- auth_user = User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).first
- session[:user_id] = auth_user.id
- return auth_user
- else
- return nil
- end
+ true
end
- end
+ end
- def go_to_setup_if_new_installation
+ def start_setup_if_new_installation
if Rails.env != 'test'
- if GemeinschaftSetup.all.count == 0
+ if GemeinschaftSetup.count == 0
redirect_to new_gemeinschaft_setup_path
end
end
diff --git a/app/controllers/gemeinschaft_setups_controller.rb b/app/controllers/gemeinschaft_setups_controller.rb
index 4f4a72a..cff652d 100644
--- a/app/controllers/gemeinschaft_setups_controller.rb
+++ b/app/controllers/gemeinschaft_setups_controller.rb
@@ -4,9 +4,9 @@ class GemeinschaftSetupsController < ApplicationController
#
caches_page :new, :gzip => :best_compression
- load_and_authorize_resource :gemeinschaft_setup
+ skip_before_filter :start_setup_if_new_installation
- skip_before_filter :go_to_setup_if_new_installation
+ load_and_authorize_resource :gemeinschaft_setup
def new
@user = @gemeinschaft_setup.build_user(
diff --git a/app/controllers/page_controller.rb b/app/controllers/page_controller.rb
index 8f4fa88..ed48e3c 100644
--- a/app/controllers/page_controller.rb
+++ b/app/controllers/page_controller.rb
@@ -2,7 +2,6 @@ class PageController < ApplicationController
# load_and_authorize_resource :class => false
# CanCan doesn't work here really good because Page is not a resource.
- before_filter :if_fresh_system_then_go_to_wizard
skip_before_filter :home_breadcrumb, :only => [:index]
def index
@@ -14,18 +13,5 @@ class PageController < ApplicationController
def help
end
-
- private
- def if_fresh_system_then_go_to_wizard
- if Tenant.count == 0 && User.count == 0
- # This is a brand new system. We need to run a setup first.
- redirect_to wizards_new_initial_setup_path
- else
- if current_user.nil?
- # You need to login first.
- redirect_to log_in_path, :alert => I18n.t('pages.controller.access_denied_login_first')
- end
- end
- end
end
diff --git a/app/views/layouts/_navbar.html.haml b/app/views/layouts/_navbar.html.haml
index c2d9946..9350de0 100644
--- a/app/views/layouts/_navbar.html.haml
+++ b/app/views/layouts/_navbar.html.haml
@@ -48,7 +48,8 @@
%a.navbar-link{:href => tenant_user_path(current_user.current_tenant, current_user)}
= current_user
- %li
- %a.navbar-link{:href => log_out_path}
- %i.icon-off.icon-white
+ - if single_sign_on_system? == false
+ %li
+ %a.navbar-link{:href => log_out_path}
+ %i.icon-off.icon-white
diff --git a/config/routes.rb b/config/routes.rb
index 9d47efc..a0ac93a 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -112,7 +112,7 @@ Gemeinschaft42c::Application.routes.draw do
end
resources :gemeinschaft_setups, :only => [:new, :create]
-
+
resources :phone_number_ranges, :only => [] do
resources :phone_numbers do
member do
@@ -228,9 +228,6 @@ Gemeinschaft42c::Application.routes.draw do
root :to => "page#index"
- get "wizards/new_initial_setup"
- post "wizards/create_initial_setup"
-
resources :users do
# Display all phone books that the current user owns:
resources :phone_books
diff --git a/db/schema.rb b/db/schema.rb
index e1bed77..31d4063 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
#
# It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20130129154700) do
+ActiveRecord::Schema.define(:version => 20130130185300) do
create_table "access_authorizations", :force => true do |t|
t.string "access_authorizationable_type"