Module: Shibbolite::Filters

Extended by:

ActiveSupport::Concern

Includes:

Helpers

Defined in:

app/concerns/shibbolite/filters.rb

Instance Method Summary

• #authenticate_request ⇒ Object

  redirects the user to (re)authenticate with the Idp or a 403 forbidden page.

• #require_attribute(attr, value) ⇒ Object
• #require_group(*groups) ⇒ Object
• #require_group_or_attribute(*groups, attr, value) ⇒ Object
• #require_group_or_id(*groups, id) ⇒ Object
• #require_id(id) ⇒ Object
• #require_login ⇒ Object
• #require_registered ⇒ Object
• #use_attributes_if_available ⇒ Object

Methods included from Helpers

#anonymous_user?, #current_user, #guest_user?, #logged_in?, #registered_user?, #user_has_id?, #user_has_matching_attribute?, #user_in_group?

Instance Method Details

#authenticate_request ⇒ Object

redirects the user to (re)authenticate with the Idp or a 403 forbidden page

# File 'app/concerns/shibbolite/filters.rb', line 50

def authenticate_request
  session[:requested_url] = request.fullpath

  url = logged_in? ? shibbolite.access_denied_url : shibbolite.login_url

  # redirect to the selected url
  respond_to do |format|
    format.html { redirect_to url }
    format.js   { render js: "window.location.assign('#{url}');"}
  end
end

#require_attribute(attr, value) ⇒ Object

# File 'app/concerns/shibbolite/filters.rb', line 32

def require_attribute(attr, value)
  authenticate_request unless user_has_matching_attribute?(attr, value)
end

#require_group(*groups) ⇒ Object

# File 'app/concerns/shibbolite/filters.rb', line 16

def require_group(*groups)
  in_group = false
  groups.flatten.each { |group| in_group ||= user_in_group?(group) }
  authenticate_request unless in_group
end

#require_group_or_attribute(*groups, attr, value) ⇒ Object

# File 'app/concerns/shibbolite/filters.rb', line 36

def require_group_or_attribute(*groups, attr, value)
  unless user_has_matching_attribute?(attr, value)
    require_group(groups)
  end
end

#require_group_or_id(*groups, id) ⇒ Object

# File 'app/concerns/shibbolite/filters.rb', line 26

def require_group_or_id(*groups, id)
  unless user_has_id?(id)
    require_group(groups)
  end
end

#require_id(id) ⇒ Object

# File 'app/concerns/shibbolite/filters.rb', line 22

def require_id(id)
  authenticate_request unless user_has_id?(id)
end

#require_login ⇒ Object

# File 'app/concerns/shibbolite/filters.rb', line 8

def require_login
  authenticate_request unless logged_in?
end

#require_registered ⇒ Object

# File 'app/concerns/shibbolite/filters.rb', line 12

def require_registered
  authenticate_request unless registered_user?
end

#use_attributes_if_available ⇒ Object

# File 'app/concerns/shibbolite/filters.rb', line 42

def use_attributes_if_available
  if request.env[Shibbolite.pid.to_s] and not logged_in?
    authenticate_request
  end
end