Module: GDS::SSO::ControllerMethods
Defined Under Namespace
Classes: PermissionDeniedException
Class Method Summary
collapse
Instance Method Summary
collapse
Class Method Details
.included(base) ⇒ Object
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
# File 'lib/gds-sso/controller_methods.rb', line 7
def self.included(base)
base.rescue_from PermissionDeniedException do |e|
if GDS::SSO::Config.api_only?
render json: { message: e.message }, status: :forbidden
else
render "authorisations/unauthorised", layout: "unauthorised", status: :forbidden, locals: { message: e.message }
end
end
unless GDS::SSO::Config.api_only?
base.helper_method :user_signed_in?
base.helper_method :current_user
end
end
|
Instance Method Details
#authenticate_user! ⇒ Object
53
54
55
|
# File 'lib/gds-sso/controller_methods.rb', line 53
def authenticate_user!
warden.authenticate!
end
|
#authorise_user!(permissions) ⇒ Object
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
# File 'lib/gds-sso/controller_methods.rb', line 23
def authorise_user!(permissions)
authenticate_user!
case permissions
when String
unless current_user.has_permission?(permissions)
raise PermissionDeniedException, "Sorry, you don't seem to have the #{permissions} permission for this app."
end
when Hash
raise ArgumentError, "Must be either `any_of` or `all_of`" unless permissions.keys.size == 1
if permissions[:any_of]
authorise_user_with_at_least_one_of_permissions!(permissions[:any_of])
elsif permissions[:all_of]
authorise_user_with_all_permissions!(permissions[:all_of])
else
raise ArgumentError, "Must be either `any_of` or `all_of`"
end
end
end
|
#current_user ⇒ Object
65
66
67
|
# File 'lib/gds-sso/controller_methods.rb', line 65
def current_user
warden.user if user_signed_in?
end
|
#logout ⇒ Object
69
70
71
|
# File 'lib/gds-sso/controller_methods.rb', line 69
def logout
warden.logout
end
|
#require_signin_permission! ⇒ Object
46
47
48
49
50
51
|
# File 'lib/gds-sso/controller_methods.rb', line 46
def require_signin_permission!
ActiveSupport::Deprecation.warn("require_signin_permission! is deprecated and will be removed in a future version. The signon application checks for signin permission during oauth and it is no longer optional. Note that your application will still need to call authorise_user! if it doesn't already.", caller)
authorise_user!('signin')
rescue PermissionDeniedException
render "authorisations/cant_signin", layout: "unauthorised", status: :forbidden
end
|
#user_remotely_signed_out? ⇒ Boolean
57
58
59
|
# File 'lib/gds-sso/controller_methods.rb', line 57
def user_remotely_signed_out?
warden && warden.authenticated? && warden.user.remotely_signed_out?
end
|
#user_signed_in? ⇒ Boolean
61
62
63
|
# File 'lib/gds-sso/controller_methods.rb', line 61
def user_signed_in?
warden && warden.authenticated? && ! warden.user.remotely_signed_out?
end
|
#warden ⇒ Object
73
74
75
|
# File 'lib/gds-sso/controller_methods.rb', line 73
def warden
request.env['warden']
end
|