1 files changed, 34 insertions, 29 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e4165f3..d1d918e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -2,26 +2,21 @@ class ApplicationController < ActionController::Base
   
   protect_from_forgery
 
-  before_filter :set_locale
+  before_filter :start_setup_if_new_installation
 
-  before_filter :go_to_setup_if_new_installation
-  before_filter :home_breadcrumb
-  
+  before_filter :set_locale
   helper_method :current_user
-  
+
   helper_method :guess_local_ip_address
   helper_method :guess_local_host
-  
+
+  before_filter :home_breadcrumb
+
   helper_method :'have_https?'
+  helper_method :'single_sign_on_system?'
 
   helper_method :random_pin
   
-  
-  #TODO Add check_authorization. See
-  # https://github.com/ryanb/cancan
-  # https://github.com/ryanb/cancan/wiki/Ensure-Authorization
-  # and Gemeinschaft 4
-  
   # Generate a new name for an Object
   #
   def generate_a_new_name(parent, child = nil)
@@ -56,6 +51,8 @@ class ApplicationController < ActionController::Base
   def random_pin
     if GsParameter.get('MINIMUM_PIN_LENGTH') > 0
       (1..GsParameter.get('MINIMUM_PIN_LENGTH')).map{|i| (0 .. 9).to_a.sample}.join
+    else
+      (1..8).map{|i| (0 .. 9).to_a.sample}.join
     end
   end
   
@@ -106,33 +103,41 @@ class ApplicationController < ActionController::Base
   end
   
   rescue_from CanCan::AccessDenied do |exception|
-    if @current_user
+    if current_user
       redirect_to root_url, :alert => 'Access denied! Please ask your admin to grant you the necessary rights.'
     else
-      if Tenant.count == 0 && User.count == 0
-        # This is a brand new system. We need to run a setup first.
-        redirect_to wizards_new_initial_setup_path
-      else
-        # You need to login first.
-        redirect_to log_in_path, :alert => 'Access denied! You need to login first.'
-      end
+      # You need to login first.
+      redirect_to log_in_path, :alert => 'Access denied! You need to login first.'
     end
   end
   
   private  
   
-  def current_user  
-    begin
-      @current_user ||= User.find(session[:user_id]) if session[:user_id]
-    rescue ActiveRecord::RecordNotFound
-      session[:user_id] = nil
+  def current_user
+    if session[:user_id].nil? && single_sign_on_system?
+      auth_user = User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).first
+    else
+      if session[:user_id] && User.where(:id => session[:user_id]).any?
+        auth_user = User.where(:id => session[:user_id]).first
+      else
+        auth_user = nil
+      end
+    end
+    session[:user_id] = auth_user.try(:id)
+    return auth_user
+  end
+
+  def single_sign_on_system?
+    if GsParameter.get('SingleSignOnEnvUserNameKey').blank?
+      false
+    else
+      true
     end
-    @current_user
-  end  
+  end
   
-  def go_to_setup_if_new_installation
+  def start_setup_if_new_installation
     if Rails.env != 'test'
-      if GemeinschaftSetup.all.count == 0
+      if GemeinschaftSetup.count == 0
         redirect_to new_gemeinschaft_setup_path
       end
     end