Class: Caboose::ApplicationController

Inherits:

ActionController::Base

• Object
• ActionController::Base
• Caboose::ApplicationController

Defined in:

app/controllers/caboose/application_controller.rb

Direct Known Subclasses

ApplicationController, AbOptionsController, AbVariantsController, AdminController, BlockTypeCategoriesController, BlockTypeSourcesController, BlockTypeStoreController, BlockTypesController, BlocksController, CalendarsController, EventGroupsController, EventsController, ImagesController, LoginController, LogoutController, MediaCategoriesController, ModalController, PagePermissionsController, PagesController, PermissionsController, PostsController, RedirectsController, RegisterController, RolesController, SettingsController, SitesController, StationController, UsersController

Instance Method Summary

• #before_action ⇒ Object

  To be overridden by the child controllers.

• #before_before_action ⇒ Object
• #logged_in? ⇒ Boolean

  Returns whether or not a user is logged in.

• #logged_in_user ⇒ Object

  Returns the currently logged in user.

• #login_user(user, remember = false) ⇒ Object

  Logs in a user.

• #logout_user ⇒ Object

  Logs a user out.

• #parse_url_params ⇒ Object

  Parses any parameters in the URL and adds them to the params.

• #reject_param(url, param) ⇒ Object

  Removes a given parameter from a URL querystring.

• #user_is_allowed(resource, action) ⇒ Object

  DEPRECATED: Use user_is_allowed_to(action, resource).

• #user_is_allowed_to(action, resource) ⇒ Object

  Checks to see if a user has permission to perform action on resource.

• #validate_cookie ⇒ Object

  Checks to see if a remember me cookie value is present.

• #validate_token ⇒ Object

  Checks to see if a token is given.

• #var(name) ⇒ Object

  def auth_or_error(message) if (!logged_in?) redirect_to “/login?return_url=#requestrequest.request_uri” and return false end redirect_to “/error?message=#message” end.

• #verify_logged_in ⇒ Object

  Redirects to login if not logged in.

Instance Method Details

#before_action ⇒ Object

To be overridden by the child controllers

# File 'app/controllers/caboose/application_controller.rb', line 70

def before_action      
end

#before_before_action ⇒ Object

# File 'app/controllers/caboose/application_controller.rb', line 10

def before_before_action
  
  # Modify the built-in params array with URL params if necessary
  parse_url_params if Caboose.use_url_params
  
  # Get the site we're working with      
  domain = Domain.where(:domain => request.host_with_port).first
  @site = domain ? domain.site : nil
    
  # Make sure someone is logged in
  if !logged_in?      
    elo = User.find(User::LOGGED_OUT_USER_ID)        
    login_user(elo)
  end
  
  session['use_redirect_urls'] = true if session['use_redirect_urls'].nil?
  
  # Initialize AB Testing
  AbTesting.init(request.session_options[:id]) if Caboose.use_ab_testing            
  
  # Try to find the page 
  @page = Page.new
  @crumbtrail = Crumbtrail.new      
  @subnav       = {}
  @actions      = {}
  @tasks        = {}
  @page_tasks   = {}
  @is_real_page = false
  
  #if @find_page
    @page = Page.page_with_uri(request.host_with_port, request.fullpath)
    @crumb_trail  = Caboose::Page.crumb_trail(@page)		    
  #end
  
  # Sets an instance variable of the logged in user
  @logged_in_user = logged_in_user      
  
  before_action
end

#logged_in? ⇒ Boolean

Returns whether or not a user is logged in

Returns:

• (Boolean)

# File 'app/controllers/caboose/application_controller.rb', line 87

def logged_in?
  validate_token
  validate_cookie
  return true if !session["app_user"].nil? && session["app_user"] != false && session["app_user"].id != -1 && session["app_user"].id != User::LOGGED_OUT_USER_ID     
  return false
end

#logged_in_user ⇒ Object

Returns the currently logged in user

# File 'app/controllers/caboose/application_controller.rb', line 118

def logged_in_user
  if (!logged_in?)
    return User.logged_out_user
  end
  #return nil if !logged_in?
  return session["app_user"]
end

#login_user(user, remember = false) ⇒ Object

Logs in a user

# File 'app/controllers/caboose/application_controller.rb', line 81

def login_user(user, remember = false)
  session["app_user"] = user
  cookies.permanent[:caboose_user_id] = user.id if remember
end

#logout_user ⇒ Object

Logs a user out

# File 'app/controllers/caboose/application_controller.rb', line 74

def logout_user
  cookies.delete(:caboose_user_id)
  session["app_user"] = nil
  reset_session
end

#parse_url_params ⇒ Object

Parses any parameters in the URL and adds them to the params

# File 'app/controllers/caboose/application_controller.rb', line 51

def parse_url_params      
  return if !Caboose.use_url_params      
  url = "#{request.fullpath}"
  url[0] = "" if url.starts_with?('/')      
  url = url.split('?')[0] if url.include?('?')      
  arr = url.split('/')      
  i = arr.count - 1
  while i >= 1 do
    k = arr[i-1]
    v = arr[i]    
    if v && v.length > 0
      v = v.gsub('%20', ' ')
      params[k] = v
    end
    i = i-2
  end      
end

#reject_param(url, param) ⇒ Object

Removes a given parameter from a URL querystring

# File 'app/controllers/caboose/application_controller.rb', line 184

def reject_param(url, param)
  arr = url.split('?')
  return url if (arr.count == 1)
  qs = arr[1].split('&').reject { |pair| pair.split(/[=;]/).first == param }
  url2 = arr[0]
  url2 += "?" + qs.join('&') if qs.count > 0 
  return url2
end

#user_is_allowed(resource, action) ⇒ Object

DEPRECATED: Use user_is_allowed_to(action, resource)

Checks to see if a user has permission to perform the given action on the given resource. Redirects to login if not logged in. Redirects to error page with message if not allowed.

# File 'app/controllers/caboose/application_controller.rb', line 132

def user_is_allowed(resource, action)
  if (!logged_in?)
    redirect_to "/login?return_url=" + URI.encode(request.fullpath)
    return false
  end
  
  @user = logged_in_user
  if (!@user.is_allowed(resource, action))
    @error = "You don't have permission to " + action + " " + resource
    @return_url = request.fullpath
    render :template => "caboose/extras/error"
    return false
  end
  
  return true    
end

#user_is_allowed_to(action, resource) ⇒ Object

Checks to see if a user has permission to perform action on resource

Redirects to login if not logged in Redirects to error page with message if not allowed

useful for creating super-readable code, for example:

> return unless user_is_allowed_to 'edit', 'pages'

Even your mom could read that code.

# File 'app/controllers/caboose/application_controller.rb', line 158

def user_is_allowed_to(action, resource)
  unless logged_in?
    redirect_to "/login?return_url=" + URI.encode(request.fullpath)
    return false
  end

  @user = logged_in_user
  unless @user.is_allowed(resource, action)
    @error = "You don't have permission to #{action} #{resource}"
    @return_url = request.fullpath
    render :template => "caboose/extras/error"
    return false
  end
  return true
end

#validate_cookie ⇒ Object

Checks to see if a remember me cookie value is present.

# File 'app/controllers/caboose/application_controller.rb', line 108

def validate_cookie
  if cookies[:caboose_user_id] && User.exists?(cookies[:caboose_user_id])
    user = User.find(cookies[:caboose_user_id])
    login_user(user)
    return true
  end
  return false
end

#validate_token ⇒ Object

Checks to see if a token is given. If so, it tries to validate the token and log the user in.

# File 'app/controllers/caboose/application_controller.rb', line 96

def validate_token
  token = params[:token]
  return false if token.nil?
  
  user = User.validate_token(token)
  return false if user.nil?
 
  login_user(user)
  return true
end

#var(name) ⇒ Object

def auth_or_error(message)

if (!logged_in?)
  redirect_to "/login?return_url=#{request.request_uri}" and return false
end
redirect_to "/error?message=#{message}"

end

# File 'app/controllers/caboose/application_controller.rb', line 200

def var(name)
  s = Setting.where(:name => name).first
  return "" if s.nil?    
  return s.value
end

#verify_logged_in ⇒ Object

Redirects to login if not logged in.

# File 'app/controllers/caboose/application_controller.rb', line 175

def verify_logged_in
  if !logged_in?
    redirect_to "/modal/login?return_url=" + URI.encode(request.fullpath)
    return false
  end      
  return true    
end