summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
authorStefan Wintermeyer <stefan.wintermeyer@amooma.de>2013-01-31 11:39:25 +0100
committerStefan Wintermeyer <stefan.wintermeyer@amooma.de>2013-01-31 11:39:25 +0100
commit8da882cf3ec53f9057b17bd8dd39c2eadb2a88c2 (patch)
tree9ffca1c369768dac2b43e18a5993da3db3eb3a50 /app/controllers
parent83120928fc2dabe225215668943452065d8bc52f (diff)
Fixed single sign on. #145
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/application_controller.rb61
-rw-r--r--app/controllers/gemeinschaft_setups_controller.rb4
-rw-r--r--app/controllers/page_controller.rb14
3 files changed, 30 insertions, 49 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2aadf19..d1d918e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -2,26 +2,21 @@ class ApplicationController < ActionController::Base
protect_from_forgery
- before_filter :set_locale
+ before_filter :start_setup_if_new_installation
- before_filter :go_to_setup_if_new_installation
- before_filter :home_breadcrumb
-
+ before_filter :set_locale
helper_method :current_user
-
+
helper_method :guess_local_ip_address
helper_method :guess_local_host
-
+
+ before_filter :home_breadcrumb
+
helper_method :'have_https?'
+ helper_method :'single_sign_on_system?'
helper_method :random_pin
-
- #TODO Add check_authorization. See
- # https://github.com/ryanb/cancan
- # https://github.com/ryanb/cancan/wiki/Ensure-Authorization
- # and Gemeinschaft 4
-
# Generate a new name for an Object
#
def generate_a_new_name(parent, child = nil)
@@ -56,6 +51,8 @@ class ApplicationController < ActionController::Base
def random_pin
if GsParameter.get('MINIMUM_PIN_LENGTH') > 0
(1..GsParameter.get('MINIMUM_PIN_LENGTH')).map{|i| (0 .. 9).to_a.sample}.join
+ else
+ (1..8).map{|i| (0 .. 9).to_a.sample}.join
end
end
@@ -109,40 +106,38 @@ class ApplicationController < ActionController::Base
if current_user
redirect_to root_url, :alert => 'Access denied! Please ask your admin to grant you the necessary rights.'
else
- if Tenant.count == 0 && User.count == 0
- # This is a brand new system. We need to run a setup first.
- redirect_to wizards_new_initial_setup_path
- else
- # You need to login first.
- redirect_to log_in_path, :alert => 'Access denied! You need to login first.'
- end
+ # You need to login first.
+ redirect_to log_in_path, :alert => 'Access denied! You need to login first.'
end
end
private
def current_user
- if session[:user_id] || GsParameter.get('SingleSignOnEnvUserNameKey').blank?
+ if session[:user_id].nil? && single_sign_on_system?
+ auth_user = User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).first
+ else
if session[:user_id] && User.where(:id => session[:user_id]).any?
- return User.where(:id => session[:user_id]).first
+ auth_user = User.where(:id => session[:user_id]).first
else
- session[:user_id] = nil
- return nil
+ auth_user = nil
end
+ end
+ session[:user_id] = auth_user.try(:id)
+ return auth_user
+ end
+
+ def single_sign_on_system?
+ if GsParameter.get('SingleSignOnEnvUserNameKey').blank?
+ false
else
- if User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).any?
- auth_user = User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).first
- session[:user_id] = auth_user.id
- return auth_user
- else
- return nil
- end
+ true
end
- end
+ end
- def go_to_setup_if_new_installation
+ def start_setup_if_new_installation
if Rails.env != 'test'
- if GemeinschaftSetup.all.count == 0
+ if GemeinschaftSetup.count == 0
redirect_to new_gemeinschaft_setup_path
end
end
diff --git a/app/controllers/gemeinschaft_setups_controller.rb b/app/controllers/gemeinschaft_setups_controller.rb
index 4f4a72a..cff652d 100644
--- a/app/controllers/gemeinschaft_setups_controller.rb
+++ b/app/controllers/gemeinschaft_setups_controller.rb
@@ -4,9 +4,9 @@ class GemeinschaftSetupsController < ApplicationController
#
caches_page :new, :gzip => :best_compression
- load_and_authorize_resource :gemeinschaft_setup
+ skip_before_filter :start_setup_if_new_installation
- skip_before_filter :go_to_setup_if_new_installation
+ load_and_authorize_resource :gemeinschaft_setup
def new
@user = @gemeinschaft_setup.build_user(
diff --git a/app/controllers/page_controller.rb b/app/controllers/page_controller.rb
index 8f4fa88..ed48e3c 100644
--- a/app/controllers/page_controller.rb
+++ b/app/controllers/page_controller.rb
@@ -2,7 +2,6 @@ class PageController < ApplicationController
# load_and_authorize_resource :class => false
# CanCan doesn't work here really good because Page is not a resource.
- before_filter :if_fresh_system_then_go_to_wizard
skip_before_filter :home_breadcrumb, :only => [:index]
def index
@@ -14,18 +13,5 @@ class PageController < ApplicationController
def help
end
-
- private
- def if_fresh_system_then_go_to_wizard
- if Tenant.count == 0 && User.count == 0
- # This is a brand new system. We need to run a setup first.
- redirect_to wizards_new_initial_setup_path
- else
- if current_user.nil?
- # You need to login first.
- redirect_to log_in_path, :alert => I18n.t('pages.controller.access_denied_login_first')
- end
- end
- end
end