diff options
author | Stefan Wintermeyer <stefan.wintermeyer@amooma.de> | 2013-01-31 11:39:25 +0100 |
---|---|---|
committer | Stefan Wintermeyer <stefan.wintermeyer@amooma.de> | 2013-01-31 11:39:25 +0100 |
commit | 8da882cf3ec53f9057b17bd8dd39c2eadb2a88c2 (patch) | |
tree | 9ffca1c369768dac2b43e18a5993da3db3eb3a50 /app/controllers | |
parent | 83120928fc2dabe225215668943452065d8bc52f (diff) |
Fixed single sign on. #145
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/application_controller.rb | 61 | ||||
-rw-r--r-- | app/controllers/gemeinschaft_setups_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/page_controller.rb | 14 |
3 files changed, 30 insertions, 49 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 2aadf19..d1d918e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,26 +2,21 @@ class ApplicationController < ActionController::Base protect_from_forgery - before_filter :set_locale + before_filter :start_setup_if_new_installation - before_filter :go_to_setup_if_new_installation - before_filter :home_breadcrumb - + before_filter :set_locale helper_method :current_user - + helper_method :guess_local_ip_address helper_method :guess_local_host - + + before_filter :home_breadcrumb + helper_method :'have_https?' + helper_method :'single_sign_on_system?' helper_method :random_pin - - #TODO Add check_authorization. See - # https://github.com/ryanb/cancan - # https://github.com/ryanb/cancan/wiki/Ensure-Authorization - # and Gemeinschaft 4 - # Generate a new name for an Object # def generate_a_new_name(parent, child = nil) @@ -56,6 +51,8 @@ class ApplicationController < ActionController::Base def random_pin if GsParameter.get('MINIMUM_PIN_LENGTH') > 0 (1..GsParameter.get('MINIMUM_PIN_LENGTH')).map{|i| (0 .. 9).to_a.sample}.join + else + (1..8).map{|i| (0 .. 9).to_a.sample}.join end end @@ -109,40 +106,38 @@ class ApplicationController < ActionController::Base if current_user redirect_to root_url, :alert => 'Access denied! Please ask your admin to grant you the necessary rights.' else - if Tenant.count == 0 && User.count == 0 - # This is a brand new system. We need to run a setup first. - redirect_to wizards_new_initial_setup_path - else - # You need to login first. - redirect_to log_in_path, :alert => 'Access denied! You need to login first.' - end + # You need to login first. + redirect_to log_in_path, :alert => 'Access denied! You need to login first.' end end private def current_user - if session[:user_id] || GsParameter.get('SingleSignOnEnvUserNameKey').blank? + if session[:user_id].nil? && single_sign_on_system? + auth_user = User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).first + else if session[:user_id] && User.where(:id => session[:user_id]).any? - return User.where(:id => session[:user_id]).first + auth_user = User.where(:id => session[:user_id]).first else - session[:user_id] = nil - return nil + auth_user = nil end + end + session[:user_id] = auth_user.try(:id) + return auth_user + end + + def single_sign_on_system? + if GsParameter.get('SingleSignOnEnvUserNameKey').blank? + false else - if User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).any? - auth_user = User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).first - session[:user_id] = auth_user.id - return auth_user - else - return nil - end + true end - end + end - def go_to_setup_if_new_installation + def start_setup_if_new_installation if Rails.env != 'test' - if GemeinschaftSetup.all.count == 0 + if GemeinschaftSetup.count == 0 redirect_to new_gemeinschaft_setup_path end end diff --git a/app/controllers/gemeinschaft_setups_controller.rb b/app/controllers/gemeinschaft_setups_controller.rb index 4f4a72a..cff652d 100644 --- a/app/controllers/gemeinschaft_setups_controller.rb +++ b/app/controllers/gemeinschaft_setups_controller.rb @@ -4,9 +4,9 @@ class GemeinschaftSetupsController < ApplicationController # caches_page :new, :gzip => :best_compression - load_and_authorize_resource :gemeinschaft_setup + skip_before_filter :start_setup_if_new_installation - skip_before_filter :go_to_setup_if_new_installation + load_and_authorize_resource :gemeinschaft_setup def new @user = @gemeinschaft_setup.build_user( diff --git a/app/controllers/page_controller.rb b/app/controllers/page_controller.rb index 8f4fa88..ed48e3c 100644 --- a/app/controllers/page_controller.rb +++ b/app/controllers/page_controller.rb @@ -2,7 +2,6 @@ class PageController < ApplicationController # load_and_authorize_resource :class => false # CanCan doesn't work here really good because Page is not a resource. - before_filter :if_fresh_system_then_go_to_wizard skip_before_filter :home_breadcrumb, :only => [:index] def index @@ -14,18 +13,5 @@ class PageController < ApplicationController def help end - - private - def if_fresh_system_then_go_to_wizard - if Tenant.count == 0 && User.count == 0 - # This is a brand new system. We need to run a setup first. - redirect_to wizards_new_initial_setup_path - else - if current_user.nil? - # You need to login first. - redirect_to log_in_path, :alert => I18n.t('pages.controller.access_denied_login_first') - end - end - end end |