Module: Lockdown::Controller::Rails::InstanceMethods

Defined in:
lib/lockdown/controller.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(base) ⇒ Object 



149
150
151
152
153
154
 
# File 'lib/lockdown/controller.rb', line 149

def self.included(base)
  base.class_eval do
    alias :send_to  :redirect_to
  end
  base.send :include, Lockdown::Controller::Core
end

Instance Method Details

#access_denied(e) ⇒ Object 



188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
 
# File 'lib/lockdown/controller.rb', line 188

def access_denied(e)
					if Lockdown::System[:logout_on_access_violation]
						reset_session
					end
  respond_to do |accepts|
    accepts.html do
      store_location
      send_to Lockdown::System[:access_denied_path]
    end
    accepts.xml do
      headers["Status"] = "Unauthorized"
      headers["WWW-Authenticate"] = %(Basic realm="Web Password")
      render :text => e.message, :status => "401 Unauthorized"
    end
  end
  false
end

#authorized?(options) ⇒ Boolean

Returns:

  • (Boolean) 


160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
 
# File 'lib/lockdown/controller.rb', line 160

def authorized?(options)
  return true if current_user_is_admin?

  url_parts = URI::split url_for(options)

  path = url_parts[5]

  # See if path is known
  return true if path_allowed?(path)

  if options.is_a?(String)
    # Test for a named routed
    begin
      hsh = ActionController::Routing::Routes.recognize_path(options)
      return true if path_allowed?(path_from_hash(hsh)) unless hsh.nil?
    rescue Exception => e
      # continue on
    end
  end
  
  # Test to see if using a get method (show)
  path += "/show" if path.split("/").last.to_i > 0

  return true if path_allowed?(path)

  return false
end

#path_from_hash(hsh) ⇒ Object 



206
207
208
 
# File 'lib/lockdown/controller.rb', line 206

def path_from_hash(hsh)
  hsh[:controller].to_s + "/" + hsh[:action].to_s
end

#sent_from_uriObject 



156
157
158
 
# File 'lib/lockdown/controller.rb', line 156

def sent_from_uri
  request.request_uri
end