Module: LsOmniauth::OmniauthHelper

Defined in:

app/helpers/ls_omniauth/omniauth_helper.rb

Class Method Summary

• .authorized_group_users(group) ⇒ Object
• .authorized_users ⇒ Object
• .email_for_current_user ⇒ Object
• .email_in_group(email, group) ⇒ Object
• .render_access_denied ⇒ Object
• .running_in_dev_mode? ⇒ Boolean

Instance Method Summary

• #current_user_in_group(group) ⇒ Object
• #require_authentication ⇒ Object
• #require_authorization(options = {}) ⇒ Object
• #when_not_in_dev_mode(&block) ⇒ Object

Class Method Details

.authorized_group_users(group) ⇒ Object

# File 'app/helpers/ls_omniauth/omniauth_helper.rb', line 57

def authorized_group_users(group)
  authorized_users[group] || []
end

.authorized_users ⇒ Object

# File 'app/helpers/ls_omniauth/omniauth_helper.rb', line 53

def authorized_users
  @authorized_users ||= (LS_OMNIAUTH.config[:authorized_users] || {})
end

.email_for_current_user ⇒ Object

# File 'app/helpers/ls_omniauth/omniauth_helper.rb', line 61

def email_for_current_user
  LsOmniauth::AuthSessions.new(session).auth.get
end

.email_in_group(email, group) ⇒ Object

# File 'app/helpers/ls_omniauth/omniauth_helper.rb', line 65

def email_in_group(email, group)
  authorized_group_users(group).map(&:upcase).include?(email.to_s.upcase)
end

.render_access_denied ⇒ Object

# File 'app/helpers/ls_omniauth/omniauth_helper.rb', line 69

def render_access_denied
  render :text => "<div class='notification error'>You are not authorized to view this resource.  Sorry!</div>", :status => 401
end

.running_in_dev_mode? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/helpers/ls_omniauth/omniauth_helper.rb', line 49

def running_in_dev_mode?
  LS_OMNIAUTH.config.running_in_dev_mode?
end

Instance Method Details

#current_user_in_group(group) ⇒ Object

# File 'app/helpers/ls_omniauth/omniauth_helper.rb', line 37

def current_user_in_group(group)
  email_in_group(email_for_current_user, group)
end

#require_authentication ⇒ Object

# File 'app/helpers/ls_omniauth/omniauth_helper.rb', line 2

def require_authentication
  when_not_in_dev_mode {
    sessions = LsOmniauth::AuthSessions.new(session)
    if sessions.auth.get.blank?
      sessions.origin.set("#{request.protocol}#{request.host_with_port}#{request.fullpath}")
      redirect_to ls_omniauth.sign_in_url and return false
    end
    true
  }
end

#require_authorization(options = {}) ⇒ Object

# File 'app/helpers/ls_omniauth/omniauth_helper.rb', line 13

def require_authorization(options = {})
  when_not_in_dev_mode {
    return unless require_authentication

    sessions = LsOmniauth::AuthSessions.new(session)
    email = sessions.auth.get


    options.symbolize_keys!
    if options[:domains].respond_to? :include?
      email_domain = email.match(/[\w]+\.com/)[0]
      unless options[:domains].map(&:upcase).include? email_domain.upcase
        render_access_denied and return
      end
    end

    if options.has_key? :group
      if !email_in_group(email, options[:group])
        render_access_denied and return
      end
    end
  }
end

#when_not_in_dev_mode(&block) ⇒ Object

# File 'app/helpers/ls_omniauth/omniauth_helper.rb', line 41

def when_not_in_dev_mode(&block)
  if !running_in_dev_mode?
    yield
  end
end