6 files changed, 36 insertions, 57 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2aadf19..d1d918e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -2,26 +2,21 @@ class ApplicationController < ActionController::Base
   
   protect_from_forgery
 
-  before_filter :set_locale
+  before_filter :start_setup_if_new_installation
 
-  before_filter :go_to_setup_if_new_installation
-  before_filter :home_breadcrumb
-  
+  before_filter :set_locale
   helper_method :current_user
-  
+
   helper_method :guess_local_ip_address
   helper_method :guess_local_host
-  
+
+  before_filter :home_breadcrumb
+
   helper_method :'have_https?'
+  helper_method :'single_sign_on_system?'
 
   helper_method :random_pin
   
-  
-  #TODO Add check_authorization. See
-  # https://github.com/ryanb/cancan
-  # https://github.com/ryanb/cancan/wiki/Ensure-Authorization
-  # and Gemeinschaft 4
-  
   # Generate a new name for an Object
   #
   def generate_a_new_name(parent, child = nil)
@@ -56,6 +51,8 @@ class ApplicationController < ActionController::Base
   def random_pin
     if GsParameter.get('MINIMUM_PIN_LENGTH') > 0
       (1..GsParameter.get('MINIMUM_PIN_LENGTH')).map{|i| (0 .. 9).to_a.sample}.join
+    else
+      (1..8).map{|i| (0 .. 9).to_a.sample}.join
     end
   end
   
@@ -109,40 +106,38 @@ class ApplicationController < ActionController::Base
     if current_user
       redirect_to root_url, :alert => 'Access denied! Please ask your admin to grant you the necessary rights.'
     else
-      if Tenant.count == 0 && User.count == 0
-        # This is a brand new system. We need to run a setup first.
-        redirect_to wizards_new_initial_setup_path
-      else
-        # You need to login first.
-        redirect_to log_in_path, :alert => 'Access denied! You need to login first.'
-      end
+      # You need to login first.
+      redirect_to log_in_path, :alert => 'Access denied! You need to login first.'
     end
   end
   
   private  
   
   def current_user
-    if session[:user_id] || GsParameter.get('SingleSignOnEnvUserNameKey').blank?
+    if session[:user_id].nil? && single_sign_on_system?
+      auth_user = User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).first
+    else
       if session[:user_id] && User.where(:id => session[:user_id]).any?
-        return User.where(:id => session[:user_id]).first
+        auth_user = User.where(:id => session[:user_id]).first
       else
-        session[:user_id] = nil
-        return nil
+        auth_user = nil
       end
+    end
+    session[:user_id] = auth_user.try(:id)
+    return auth_user
+  end
+
+  def single_sign_on_system?
+    if GsParameter.get('SingleSignOnEnvUserNameKey').blank?
+      false
     else
-      if User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).any?
-        auth_user = User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).first
-        session[:user_id] = auth_user.id
-        return auth_user
-      else
-        return nil
-      end
+      true
     end
-  end  
+  end
   
-  def go_to_setup_if_new_installation
+  def start_setup_if_new_installation
     if Rails.env != 'test'
-      if GemeinschaftSetup.all.count == 0
+      if GemeinschaftSetup.count == 0
         redirect_to new_gemeinschaft_setup_path
       end
     end
diff --git a/app/controllers/gemeinschaft_setups_controller.rb b/app/controllers/gemeinschaft_setups_controller.rb
index 4f4a72a..cff652d 100644
--- a/app/controllers/gemeinschaft_setups_controller.rb
+++ b/app/controllers/gemeinschaft_setups_controller.rb
@@ -4,9 +4,9 @@ class GemeinschaftSetupsController < ApplicationController
   #
   caches_page :new, :gzip => :best_compression
 
-  load_and_authorize_resource :gemeinschaft_setup
+  skip_before_filter :start_setup_if_new_installation
 
-  skip_before_filter :go_to_setup_if_new_installation
+  load_and_authorize_resource :gemeinschaft_setup
 
   def new
     @user = @gemeinschaft_setup.build_user(
diff --git a/app/controllers/page_controller.rb b/app/controllers/page_controller.rb
index 8f4fa88..ed48e3c 100644
--- a/app/controllers/page_controller.rb
+++ b/app/controllers/page_controller.rb
@@ -2,7 +2,6 @@ class PageController < ApplicationController
   # load_and_authorize_resource :class => false  
   # CanCan doesn't work here really good because Page is not a resource.
 
-  before_filter :if_fresh_system_then_go_to_wizard
   skip_before_filter :home_breadcrumb, :only => [:index]
   
   def index
@@ -14,18 +13,5 @@ class PageController < ApplicationController
   def help
 
   end
-  
-  private
-  def if_fresh_system_then_go_to_wizard
-    if Tenant.count == 0 && User.count == 0
-      # This is a brand new system. We need to run a setup first.
-      redirect_to wizards_new_initial_setup_path
-    else
-      if current_user.nil?
-        # You need to login first.
-        redirect_to log_in_path, :alert => I18n.t('pages.controller.access_denied_login_first')
-      end
-    end
-  end
 
 end
diff --git a/app/views/layouts/_navbar.html.haml b/app/views/layouts/_navbar.html.haml
index c2d9946..9350de0 100644
--- a/app/views/layouts/_navbar.html.haml
+++ b/app/views/layouts/_navbar.html.haml
@@ -48,7 +48,8 @@
               %a.navbar-link{:href => tenant_user_path(current_user.current_tenant, current_user)} 
                 = current_user
 
-          %li
-            %a.navbar-link{:href => log_out_path} 
-              %i.icon-off.icon-white
+          - if single_sign_on_system? == false
+            %li
+              %a.navbar-link{:href => log_out_path} 
+                %i.icon-off.icon-white
             
diff --git a/config/routes.rb b/config/routes.rb
index 9d47efc..a0ac93a 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -112,7 +112,7 @@ Gemeinschaft42c::Application.routes.draw do
   end
 
   resources :gemeinschaft_setups, :only => [:new, :create]
-  
+
   resources :phone_number_ranges, :only => [] do
     resources :phone_numbers do
       member do
@@ -228,9 +228,6 @@ Gemeinschaft42c::Application.routes.draw do
   
   root :to => "page#index"
   
-  get  "wizards/new_initial_setup"
-  post "wizards/create_initial_setup"
-  
   resources :users do
     # Display all phone books that the current user owns:
     resources :phone_books
diff --git a/db/schema.rb b/db/schema.rb
index e1bed77..31d4063 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20130129154700) do
+ActiveRecord::Schema.define(:version => 20130130185300) do
 
   create_table "access_authorizations", :force => true do |t|
     t.string   "access_authorizationable_type"