Module: GDS::SSO::ControllerMethods

Included in:

Api::UserController, AuthenticationsController

Defined in:

lib/gds-sso/controller_methods.rb

Defined Under Namespace

Classes: PermissionDeniedException

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #authenticate_user! ⇒ Object
• #authorise_user!(permissions) ⇒ Object
• #current_user ⇒ Object
• #logout ⇒ Object
• #user_remotely_signed_out? ⇒ Boolean
• #user_signed_in? ⇒ Boolean
• #warden ⇒ Object

Class Method Details

.included(base) ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 7

def self.included(base)
  base.rescue_from PermissionDeniedException do |e|
    if GDS::SSO::Config.api_only
      render json: { message: e.message }, status: :forbidden
    else
      render "authorisations/unauthorised", layout: "unauthorised", status: :forbidden, locals: { message: e.message }
    end
  end

  unless GDS::SSO::Config.api_only
    base.helper_method :user_signed_in?
    base.helper_method :current_user
  end
end

Instance Method Details

#authenticate_user! ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 45

def authenticate_user!
  warden.authenticate!
end

#authorise_user!(permissions) ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 22

def authorise_user!(permissions)
  # Ensure that we're authenticated (and by extension that current_user is set).
  # Otherwise current_user might be nil, and we'd error out
  authenticate_user!

  case permissions
  when String
    unless current_user.has_permission?(permissions)
      raise PermissionDeniedException, "Sorry, you don't seem to have the #{permissions} permission for this app."
    end
  when Hash
    raise ArgumentError, "Must be either `any_of` or `all_of`" unless permissions.keys.size == 1

    if permissions[:any_of]
      authorise_user_with_at_least_one_of_permissions!(permissions[:any_of])
    elsif permissions[:all_of]
      authorise_user_with_all_permissions!(permissions[:all_of])
    else
      raise ArgumentError, "Must be either `any_of` or `all_of`"
    end
  end
end

#current_user ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 57

def current_user
  warden.user if user_signed_in?
end

#logout ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 61

def logout
  warden.logout
end

#user_remotely_signed_out? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gds-sso/controller_methods.rb', line 49

def user_remotely_signed_out?
  warden && warden.authenticated? && warden.user.remotely_signed_out?
end

#user_signed_in? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gds-sso/controller_methods.rb', line 53

def user_signed_in?
  warden && warden.authenticated? && !warden.user.remotely_signed_out?
end

#warden ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 65

def warden
  request.env["warden"]
end