Module: Auth::Concerns::TokenConcern

Extended by:

ActiveSupport::Concern

Included in:

AdminCreateUsersController, AuthenticatedController, ProfilesController, RegistrationsController, SearchController, Shopping::BarCodesController, Shopping::CartItemsController, Shopping::CartsController, Shopping::DiscountsController, Shopping::PaymentsController, Shopping::PersonalitiesController, Shopping::PlacesController, Shopping::ProductsController, Work::CommunicationsController, Work::InstructionsController

Defined in:

app/controllers/auth/concerns/token_concern.rb

Instance Method Summary

• #add_owner_and_signed_in_resource(obj, options = {}) ⇒ Object

  @param obj: the object whose owner is to be defined.

• #add_owner_resource(obj, options = {}) ⇒ Object

  only adds the owner resource if its not already present, implying that once the owner resource is set, it should never change.

• #add_signed_in_resource(obj, options = {}) ⇒ Object

  convenience method to add the current signed in resource to the model instance.

• #current_signed_in_resource ⇒ Object

  the current signed in resource.

• #is_admin_user ⇒ Object

  this is used as a before_filter.

• #lookup_resource ⇒ Object
• #set_resource ⇒ Object

  iterates all the authentication resources in the config.

Instance Method Details

#add_owner_and_signed_in_resource(obj, options = {}) ⇒ Object

@param obj: the object whose owner is to be defined. @param options: possible options include: :owner_is_current_resource => if this option exists, the resource_id and resource_class is set to the current resource

# File 'app/controllers/auth/concerns/token_concern.rb', line 184

def add_owner_and_signed_in_resource(obj,options={})
  obj = add_owner_resource(obj,options)
  obj = add_signed_in_resource(obj,options)
  obj
end

#add_owner_resource(obj, options = {}) ⇒ Object

only adds the owner resource if its not already present, implying that once the owner resource is set, it should never change.

# File 'app/controllers/auth/concerns/token_concern.rb', line 168

def add_owner_resource(obj,options={})
    if (obj.respond_to? :resource_id) && (obj.respond_to? :resource_class)
      if options[:owner_is_current_resource]
        obj.resource_id = current_signed_in_resource.id.to_s if obj.resource_id.nil?
        obj.resource_class = current_signed_in_resource.class.name.to_s if obj.resource_class.nil?
      else
        obj.resource_id = lookup_resource.id.to_s if obj.resource_id.nil?
        obj.resource_class = lookup_resource.class.name.to_s if obj.resource_class.nil?
      end
    end
    return obj
end

#add_signed_in_resource(obj, options = {}) ⇒ Object

convenience method to add the current signed in resource to the model instance. the object instance passed in MUST implement the owner concern @param : instance of any object that implements the OwnerConcern.

Returns:

• : the object passed in.

# File 'app/controllers/auth/concerns/token_concern.rb', line 160

def add_signed_in_resource(obj,options={})
      if obj.respond_to? :signed_in_resource
        obj.signed_in_resource = current_signed_in_resource
      end
      return obj
end

#current_signed_in_resource ⇒ Object

the current signed in resource.

# File 'app/controllers/auth/concerns/token_concern.rb', line 151

def current_signed_in_resource
  @resource
end

#is_admin_user ⇒ Object

this is used as a before_filter.

# File 'app/controllers/auth/concerns/token_concern.rb', line 191

def is_admin_user
  not_found("not authorized") unless current_signed_in_resource
  not_found("You don't have sufficient privileges to complete that action") if !current_signed_in_resource.is_admin?
end

#lookup_resource ⇒ Object

# File 'app/controllers/auth/concerns/token_concern.rb', line 119

def lookup_resource 
  puts "came to lookup resource."
  ## if the current signed in resource si not an admin, just return it, because the concept of proxy arises only if the current_signed in resource is an admin.
  #puts "current signed in resource : #{current_signed_in_resource}"
  return current_signed_in_resource unless current_signed_in_resource.is_admin?
  #puts "crossed resource."
  ## else.
  
  ## first check the session or the params for a proxy resource.
  proxy_resource_id = params[:proxy_resource_id] || session[:proxy_resource_id]
  proxy_resource_class = params[:proxy_resource_class] || session[:proxy_resource_class]
  
  
  proxy_resource_id = current_signed_in_resource.id.to_s if (current_signed_in_resource.is_admin? && proxy_resource_id.nil?)

  proxy_resource_class = current_signed_in_resource.class.to_s if (current_signed_in_resource.is_admin? && proxy_resource_class.nil?)

  ## now return nil if the proxy resource is still nil.
  return nil unless (proxy_resource_class && proxy_resource_id)
  return nil unless (Auth.configuration.auth_resources.include? proxy_resource_class.capitalize)

  proxy_resource_class = proxy_resource_class.capitalize.constantize
  begin
    proxy_resource = proxy_resource_class.find(proxy_resource_id)
    proxy_resource
  rescue Mongoid::Errors::DocumentNotFound => error
    nil
  end
  
end

#set_resource ⇒ Object

iterates all the authentication resources in the config. tries to see if we have a current_resource for any of them if yes, sets the resource to the first encoutered such key and breaks the iteration basically a convenience method to set @resource variable, since when we have more than one model that is being authenticated with Devise, there is no way to know which one to call.

# File 'app/controllers/auth/concerns/token_concern.rb', line 100

def set_resource

  puts "--------------------came to set resource."

  Auth.configuration.auth_resources.keys.each do |resource|
    break if @resource = self.send("current_#{resource.downcase}") 
  end

  ## devise in registrations_controller#destroy assumes the existence of an 'resource' variable, so we set that here.
  if devise_controller?
    self.resource = @resource
  end

  #puts "resource is: #{@resource.to_s}"
  
end