Module: Lesli::Interfaces::Application::Authorization
- Included in:
- ApplicationLesliController
- Defined in:
- app/controllers/lesli/interfaces/application/authorization.rb
Instance Method Summary collapse
-
#authorize_privilege ⇒ Object
Check if current_user has privileges to complete this request allowed core methods: [:index, :create, :update, :destroy, :new, :show, :edit, :options, :search, :resources].
-
#authorize_request ⇒ Object
Validate user authentication and session status.
Instance Method Details
#authorize_privilege ⇒ Object
Check if current_user has privileges to complete this request allowed core methods:
[:index, :create, :update, :destroy, :new, :show, :edit, :options, :search, :resources]
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
# File 'app/controllers/lesli/interfaces/application/authorization.rb', line 71 def # check if user has access to the requested controller # this search is over all the privileges for all the roles of the user granted = current_user.has_privileges_for?(params[:controller], params[:action]) # get the path to which the user is limited to limited_path = current_user.has_role_limited_to_path? # to redirect to the limited path we must check: # limited_path must not to be nil or empty string ("") # limited_path must not to be equal to the current path (to avoid a loop) # request must not to be AJAX # request must be for show or index views if !limited_path.blank? and !(limited_path == request.original_fullpath) and !(request[:format] == "json") and ["show", "index"].include?(params[:action]) return redirect_to(limited_path) end # privilege for object not found if granted.blank? current_user.logs.create({ title: "privilege_not_found", description: request.path }) return ({ controller: params[:controller], privilege: params[:action] }) end unless granted current_user.logs.create({ title: "privilege_not_granted", description: request.path }) return ({ controller: params[:controller], privilege: params[:action] }) end end |
#authorize_request ⇒ Object
Validate user authentication and session status
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'app/controllers/lesli/interfaces/application/authorization.rb', line 8 def # this version Lesli requires to be mounted as root "/" # engine_path = Lesli::Engine.routes.find_script_name({}) engine_path = nil # check if the users is logged into the system unless user_signed_in?() = "Please Login to view that page!" # check if requested url is valid if (request.get? && && !request.xhr? && !request.fullpath.blank?) # redirect only if the path worth it if request.fullpath != "/" # redirect with requested url, so user will be redirected after login redirect_to("#{engine_path}/login?r=#{request.fullpath}", notice: ) and return end end # redirect to root route redirect_to("#{engine_path}/login", notice: ) and return end # run aditinal validations only for html requests return true unless request.format.html? # # get the current user session # current_session = current_user.sessions.find_by(id: session[:user_session_id]) # # check if user has an active session # if current_session.equal? nil or !current_session.active? # current_user.logs.create({ title: "system_session_logout", description: "session finished by the system"}) # sign_out current_user # redirect_to "#{engine_path}/logout" and return # end # if !current_session.expiration_at.blank? && current_session.expiration_at < Time.current # current_user.logs.create({ title: "system_session_logout", description: "session expired by the system"}) # sign_out current_user # redirect_to "#{engine_path}/logout" and return # end # # check password expiration date # if current_user.has_expired_password? # unless controller_name == "profiles" # current_user.logs.create({ description: "redirect_due_to_expired_password" }) # redirect_to "/administration/profile#force-password-reset", notice: I18n.t("core.users/sessions.messages_danger_password_expired") # return # end # end end |