Class: StartKitController

Inherits:
ActionController::Base
  • Object
show all
Defined in:
app/controllers/start_kit_controller.rb

Direct Known Subclasses

ApplicationController

Instance Method Summary collapse

Instance Method Details

#access_level_controlObject

уровень доступа



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'app/controllers/start_kit_controller.rb', line 13

def access_level_control
  current_user

  if CONFIG[:access_levels][controller_name.to_sym].present?
    access_node = CONFIG[:access_levels][controller_name.to_sym].select{|level, actions| actions.include?(action_name)} # концентрация мозга и волшебство Ruby, это прекрасно
    if access_node.any?
      access_granted = @current_user_card && CONFIG[:access_aliases][@access_level] >= CONFIG[:access_aliases][access_node.keys.first] # сюда вложено многое при Идеальной структуре конфигурационнного YAML!
      unless check_access_level(:admin)
        if access_granted && /edit/ =~ action_name # доп проверка на случай лайфхакеров желающих заняться редактированием не своих объектов, допускается редактирование всеми начиная с редактора
          # с проверкой на friendly id
          object = ActiveRecord::Base.connection.column_exists?(controller_name, :slug) ? controller_name.classify.constantize.friendly.find(params[:id]) : controller_name.classify.constantize.find(params[:id])
          access_granted = edit_checkout object
        end
      end

      redirect_to "/401.html" unless access_granted
    end
  end
end

#charge_session_managerObject 



7
8
9
10
 
# File 'app/controllers/start_kit_controller.rb', line 7

def charge_session_manager
  $session_manager.set_session session
  $session_manager.set_cookies cookies
end

#check_access_level(_alias) ⇒ Object

запрос достиг ли юзер уровня доступа алиаса



80
81
82
 
# File 'app/controllers/start_kit_controller.rb', line 80

def check_access_level _alias
  @current_user_card && CONFIG[:access_aliases][@access_level] >= CONFIG[:access_aliases][_alias] # сюда вложено многое при Идеальной структуре конфигурационнного YAML!
end

#current_userObject 



33
34
35
36
37
38
39
40
41
42
43
 
# File 'app/controllers/start_kit_controller.rb', line 33

def current_user
  unless session[:uid].nil?
    @current_user_card = UserCard.find_by(id: session[:uid])
    @access_level = @current_user_card.access_level.to_sym
  else
    @current_user_card = nil
  end

  @current_user = @current_user_card.nil? ? nil : @current_user_card.userable
  @active_card = @current_user_card.my_active_card unless @current_user.nil?
end

#edit_checkout(object) ⇒ Object

def cookie_authorize

user = UserCard.find_by(id: cookies[:uid])
if user.present? && cookies[:chk] == Digest::MD5.new.update("#{user.id}#{'pussy'}#{user.password_digest}")
  user.authenticate(user.password)
  session[:uid] = user.id
  user
else
  nil
end

end



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'app/controllers/start_kit_controller.rb', line 59

def edit_checkout object
  begin
    master = object.my_master
  rescue
    master = nil
  end

  if (check_access_level CONFIG[:access_edit_bottom].to_sym)
    access_granted = true
  else
    if master && @current_user
      access_granted = (master.id == @current_user.id)
    end
  end

  access_granted
end