Class: Caboose::ApplicationController

Inherits:

ActionController::Base

• Object
• ActionController::Base
• Caboose::ApplicationController

Defined in:

app/controllers/caboose/application_controller.rb

Direct Known Subclasses

ApplicationController, AbOptionsController, AbVariantsController, AdminController, BlockTypeCategoriesController, BlockTypeSourcesController, BlockTypesController, BlocksController, LoginController, LogoutController, ModalController, PagePermissionsController, PagesController, PermissionsController, PostsController, RegisterController, RolesController, SettingsController, StationController, UsersController

Instance Method Summary

• #before_action ⇒ Object

  To be overridden by the child controllers.

• #before_before_action ⇒ Object
• #logged_in? ⇒ Boolean

  Returns whether or not a user is logged in.

• #logged_in_user ⇒ Object

  Returns the currently logged in user.

• #login_user(user, remember = false) ⇒ Object

  Logs in a user.

• #logout_user ⇒ Object

  Logs a user out.

• #parse_url_params ⇒ Object

  Parses any parameters in the URL and adds them to the params.

• #reject_param(url, param) ⇒ Object

  Removes a given parameter from a URL querystring.

• #user_is_allowed(resource, action) ⇒ Object

  DEPRECATED: Use user_is_allowed_to(action, resource).

• #user_is_allowed_to(action, resource) ⇒ Object

  Checks to see if a user has permission to perform action on resource.

• #validate_cookie ⇒ Object

  Checks to see if a remember me cookie value is present.

• #validate_token ⇒ Object

  Checks to see if a token is given.

• #var(name) ⇒ Object

  def auth_or_error(message) if (!logged_in?) redirect_to “/login?return_url=#requestrequest.request_uri” and return false end redirect_to “/error?message=#message” end.

• #verify_logged_in ⇒ Object

  Redirects to login if not logged in.

Instance Method Details

#before_action ⇒ Object

To be overridden by the child controllers

# File 'app/controllers/caboose/application_controller.rb', line 66

def before_action      
end

#before_before_action ⇒ Object

# File 'app/controllers/caboose/application_controller.rb', line 10

def before_before_action
  
  # Modify the built-in params array with URL params if necessary
  parse_url_params if Caboose.use_url_params
  
  # Make sure someone is logged in
  if !logged_in?      
    elo = User.find(User::LOGGED_OUT_USER_ID)        
    login_user(elo)
  end
  
  session['use_redirect_urls'] = true if session['use_redirect_urls'].nil?
  
  # Initialize AB Testing
  AbTesting.init(request.session_options[:id]) if Caboose.use_ab_testing      
  
  # Try to find the page 
  @page = Page.new
  @crumb_trail  = []
  @subnav       = {}
  @actions      = {}
  @tasks        = {}
  @page_tasks   = {}
  @is_real_page = false
  
  #if @find_page
    @page = Page.page_with_uri(request.fullpath)
    @crumb_trail  = Caboose::Page.crumb_trail(@page)		    
  #end
  
  # Sets an instance variable of the logged in user
  @logged_in_user = logged_in_user      
  
  before_action
end

#logged_in? ⇒ Boolean

Returns whether or not a user is logged in

Returns:

• (Boolean)

# File 'app/controllers/caboose/application_controller.rb', line 83

def logged_in?
  validate_token
  validate_cookie
  return true if !session["app_user"].nil? && session["app_user"] != false && session["app_user"].id != -1 && session["app_user"].id != User::LOGGED_OUT_USER_ID     
  return false
end

#logged_in_user ⇒ Object

Returns the currently logged in user

# File 'app/controllers/caboose/application_controller.rb', line 114

def logged_in_user
  if (!logged_in?)
    return User.logged_out_user
  end
  #return nil if !logged_in?
  return session["app_user"]
end

#login_user(user, remember = false) ⇒ Object

Logs in a user

# File 'app/controllers/caboose/application_controller.rb', line 77

def login_user(user, remember = false)
  session["app_user"] = user
  cookies.permanent[:caboose_user_id] = user.id if remember
end

#logout_user ⇒ Object

Logs a user out

# File 'app/controllers/caboose/application_controller.rb', line 70

def logout_user
  cookies.delete(:caboose_user_id)
  session["app_user"] = nil
  reset_session
end

#parse_url_params ⇒ Object

Parses any parameters in the URL and adds them to the params

# File 'app/controllers/caboose/application_controller.rb', line 47

def parse_url_params      
  return if !Caboose.use_url_params      
  url = "#{request.fullpath}"
  url[0] = "" if url.starts_with?('/')      
  url = url.split('?')[0] if url.include?('?')      
  arr = url.split('/')      
  i = arr.count - 1
  while i >= 1 do
    k = arr[i-1]
    v = arr[i]    
    if v && v.length > 0
      v = v.gsub('%20', ' ')
      params[k] = v
    end
    i = i-2
  end      
end

#reject_param(url, param) ⇒ Object

Removes a given parameter from a URL querystring

# File 'app/controllers/caboose/application_controller.rb', line 180

def reject_param(url, param)
  arr = url.split('?')
  return url if (arr.count == 1)
  qs = arr[1].split('&').reject { |pair| pair.split(/[=;]/).first == param }
  url2 = arr[0]
  url2 += "?" + qs.join('&') if qs.count > 0 
  return url2
end

#user_is_allowed(resource, action) ⇒ Object

DEPRECATED: Use user_is_allowed_to(action, resource)

Checks to see if a user has permission to perform the given action on the given resource. Redirects to login if not logged in. Redirects to error page with message if not allowed.

# File 'app/controllers/caboose/application_controller.rb', line 128

def user_is_allowed(resource, action)
  if (!logged_in?)
    redirect_to "/login?return_url=" + URI.encode(request.fullpath)
    return false
  end
  
  @user = logged_in_user
  if (!@user.is_allowed(resource, action))
    @error = "You don't have permission to " + action + " " + resource
    @return_url = request.fullpath
    render :template => "caboose/extras/error"
    return false
  end
  
  return true    
end

#user_is_allowed_to(action, resource) ⇒ Object

Checks to see if a user has permission to perform action on resource

Redirects to login if not logged in Redirects to error page with message if not allowed

useful for creating super-readable code, for example:

> return unless user_is_allowed_to 'edit', 'pages'

Even your mom could read that code.

# File 'app/controllers/caboose/application_controller.rb', line 154

def user_is_allowed_to(action, resource)
  unless logged_in?
    redirect_to "/login?return_url=" + URI.encode(request.fullpath)
    return false
  end

  @user = logged_in_user
  unless @user.is_allowed(resource, action)
    @error = "You don't have permission to #{action} #{resource}"
    @return_url = request.fullpath
    render :template => "caboose/extras/error"
    return false
  end
  return true
end

#validate_cookie ⇒ Object

Checks to see if a remember me cookie value is present.

# File 'app/controllers/caboose/application_controller.rb', line 104

def validate_cookie
  if cookies[:caboose_user_id] && User.exists?(cookies[:caboose_user_id])
    user = User.find(cookies[:caboose_user_id])
    login_user(user)
    return true
  end
  return false
end

#validate_token ⇒ Object

Checks to see if a token is given. If so, it tries to validate the token and log the user in.

# File 'app/controllers/caboose/application_controller.rb', line 92

def validate_token
  token = params[:token]
  return false if token.nil?
  
  user = User.validate_token(token)
  return false if user.nil?
 
  login_user(user)
  return true
end

#var(name) ⇒ Object

def auth_or_error(message)

if (!logged_in?)
  redirect_to "/login?return_url=#{request.request_uri}" and return false
end
redirect_to "/error?message=#{message}"

end

# File 'app/controllers/caboose/application_controller.rb', line 196

def var(name)
  s = Setting.where(:name => name).first
  return "" if s.nil?    
  return s.value
end

#verify_logged_in ⇒ Object

Redirects to login if not logged in.

# File 'app/controllers/caboose/application_controller.rb', line 171

def verify_logged_in
  if !logged_in?
    redirect_to "/modal/login?return_url=" + URI.encode(request.fullpath)
    return false
  end      
  return true    
end