Module: AeUsers::ControllerExtensions::RequirePermission
- Defined in:
- lib/ae_users.rb
Defined Under Namespace
Modules: ClassMethods
Class Method Summary collapse
Instance Method Summary collapse
- #access_denied(msg = nil, options = {}) ⇒ Object
- #attempt_login(login) ⇒ Object
- #attempt_login_from_params ⇒ Object
- #attempt_ticket_login(secret) ⇒ Object
- #create_account_and_person ⇒ Object
- #do_permission_check(obj, perm_name, fail_msg) ⇒ Object
- #logged_in? ⇒ Boolean
- #logged_in_person ⇒ Object
Class Method Details
.included(base) ⇒ Object
278 279 280 |
# File 'lib/ae_users.rb', line 278 def self.included(base) base.extend ClassMethods end |
Instance Method Details
#access_denied(msg = nil, options = {}) ⇒ Object
282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 |
# File 'lib/ae_users.rb', line 282 def access_denied(msg=nil, ={}) = { :layout => active_layout }.update() msg ||= "Sorry, you don't have access to view that page." if logged_in? body = "If you feel you've been denied access in error, please contact the administrator of this web site." respond_to do |format| format.html { render .update({:inline => "<h1>#{msg}</h1>\n\n<div id=\"login\"><p><b>#{body}</b></p></div>"}) } format.xml { render :xml => { :error => msg }.to_xml, :status => :forbidden } format.js { render :json => msg, :status => :forbidden } format.json { render :json => msg, :status => :forbidden } end else flash[:error_messages] = msg redirect_to :controller => 'auth', :action => 'login' end end |
#attempt_login(login) ⇒ Object
328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 |
# File 'lib/ae_users.rb', line 328 def attempt_login(login) @account = Account.find_by_email_address(login.email) if not @account.nil? and not @account.active redirect_to :controller => 'auth', :action => :needs_activation, :account => @account, :email => login.email, :return_to => login.return_to return false elsif not @account.nil? and @account.check_password login.password if (not AeUsers.profile_class.nil? and not @account.person.nil? and AeUsers.profile_class.find_by_person_id(@account.person.id).nil?) session[:provisional_person] = @account.person.id redirect_to :controller => 'auth', :action => :needs_profile, :return_to => login.return_to return false else session[:person] = @account.person.id return true end else flash[:error_messages] = ['Invalid email address or password.'] return false end end |
#attempt_login_from_params ⇒ Object
362 363 364 365 366 367 368 369 370 |
# File 'lib/ae_users.rb', line 362 def attempt_login_from_params return_to = request.request_uri if not params[:ae_email].blank? and not params[:ae_password].blank? login = Login.new(:email => params[:ae_email], :password => params[:ae_password], :return_to => return_to) attempt_login(login) elsif not params[:ae_ticket].blank? attempt_ticket_login(params[:ae_ticket]) end end |
#attempt_ticket_login(secret) ⇒ Object
350 351 352 353 354 355 356 357 358 359 360 |
# File 'lib/ae_users.rb', line 350 def attempt_ticket_login(secret) t = AuthTicket.find_ticket(secret) if t.nil? flash[:error_messages] = ["Ticket not found"] return false else session[:person] = t.person t.destroy return session[:person] end end |
#create_account_and_person ⇒ Object
380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 |
# File 'lib/ae_users.rb', line 380 def create_account_and_person() account = Account.new(:password => params[:password1]) person = Person.new(params[:person]) addr = EmailAddress.new :address => params[:email], :person => person, :primary => true person.account = account if not AeUsers.profile_class.nil? app_profile = AeUsers.profile_class.send(:new, :person => person) app_profile.attributes = params[:app_profile] end if request.post? error_fields = [] = [] if Person.find_by_email_address(params[:email]) error_fields.push "email" .push "An account at that email address already exists!" end if params[:password1] != params[:password2] error_fields += ["password1", "password2"] .push "Passwords do not match." elsif params[:password1].length == 0 error_fields += ["password1", "password2"] .push "You must enter a password." end ["firstname", "lastname", "email", "gender"].each do |field| if (not params[field] or params[field].length == 0) and (not params[:person][field] or params[:person][field].length == 0) error_fields.push field .push "You must enter a value for #{field}." end end if error_fields.size > 0 or .size > 0 flash[:error_fields] = error_fields flash[:error_messages] = else account.save addr.save person.save if app_profile app_profile.save end @account = account @addr = addr @person = person @app_profile = app_profile begin ActionMailer::Base.[:host] = request.host account.generate_activation rescue account.activation_key = nil account.active = true account.save return :no_activation end return :success end end end |
#do_permission_check(obj, perm_name, fail_msg) ⇒ Object
372 373 374 375 376 377 378 |
# File 'lib/ae_users.rb', line 372 def (obj, perm_name, fail_msg) attempt_login_from_params p = logged_in_person if not (p and p.permitted?(obj, perm_name)) access_denied fail_msg end end |
#logged_in? ⇒ Boolean
301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 |
# File 'lib/ae_users.rb', line 301 def logged_in? if @logged_in_person return @logged_in_person end if session[:person] begin @logged_in_person = Person.find(session[:person]) rescue ActiveRecord::RecordNotFound end elsif session[:account] begin acct = Account.find(session[:account]) session[:person] = acct.person.id @logged_in_person = acct.person rescue ActiveRecord::RecordNotFound end elsif attempt_login_from_params return logged_in? else return @logged_in_person end end |
#logged_in_person ⇒ Object
324 325 326 |
# File 'lib/ae_users.rb', line 324 def logged_in_person return logged_in? end |