Module: GDS::SSO::ControllerMethods

Included in:

Api::UserController, AuthenticationsController

Defined in:

lib/gds-sso/controller_methods.rb

Defined Under Namespace

Classes: PermissionDeniedException

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #authenticate_user! ⇒ Object
• #authorise_user!(permission) ⇒ Object
• #current_user ⇒ Object
• #logout ⇒ Object
• #require_signin_permission! ⇒ Object
• #user_remotely_signed_out? ⇒ Boolean
• #user_signed_in? ⇒ Boolean
• #warden ⇒ Object

Class Method Details

.included(base) ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 7

def self.included(base)
  base.rescue_from PermissionDeniedException do |e|
    render "authorisations/unauthorised", layout: "unauthorised", status: :forbidden, locals: { message: e.message }
  end
  base.helper_method :user_signed_in?
  base.helper_method :current_user
end

Instance Method Details

#authenticate_user! ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 32

def authenticate_user!
  warden.authenticate!
end

#authorise_user!(permission) ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 16

def authorise_user!(permission)
  # Ensure that we're authenticated (and by extension that current_user is set).
  # Otherwise current_user might be nil, and we'd error out
  authenticate_user!

  if not current_user.has_permission?(permission)
    raise PermissionDeniedException, "Sorry, you don't seem to have the #{permission} permission for this app."
  end
end

#current_user ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 44

def current_user
  warden.user if user_signed_in?
end

#logout ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 48

def logout
  warden.logout
end

#require_signin_permission! ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 26

def require_signin_permission!
  authorise_user!('signin')
rescue PermissionDeniedException
  render "authorisations/cant_signin", layout: "unauthorised", status: :forbidden
end

#user_remotely_signed_out? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gds-sso/controller_methods.rb', line 36

def user_remotely_signed_out?
  warden && warden.authenticated? && warden.user.remotely_signed_out?
end

#user_signed_in? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gds-sso/controller_methods.rb', line 40

def user_signed_in?
  warden && warden.authenticated? && ! warden.user.remotely_signed_out?
end

#warden ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 52

def warden
  request.env['warden']
end