Module: Redmine::SudoMode::Controller

Extended by:
ActiveSupport::Concern
Included in:
ApplicationController
Defined in:
lib/redmine/sudo_mode.rb

Defined Under Namespace

Modules: ClassMethods Classes: SudoRequestFilter

Instance Method Summary collapse

Instance Method Details

#process_sudo_formObject

handle sudo password form submit



134
135
136
137
138
139
140
141
142
143
# File 'lib/redmine/sudo_mode.rb', line 134

def process_sudo_form
  if params[:sudo_password]
    @sudo_form = SudoMode::Form.new(params[:sudo_password])
    if @sudo_form.valid?
      SudoMode.active!
    else
      flash.now[:error] = l(:notice_account_wrong_password)
    end
  end
end

#render_sudo_form(param_names) ⇒ Object

display the sudo password form



122
123
124
125
126
127
128
129
130
131
# File 'lib/redmine/sudo_mode.rb', line 122

def render_sudo_form(param_names)
  @sudo_form ||= SudoMode::Form.new
  @sudo_form.original_fields = params.slice(*param_names)
  # a simple 'render "sudo_mode/new"' works when used directly inside an
  # action, but not when called from a before_action:
  respond_to do |format|
    format.html {render 'sudo_mode/new'}
    format.js   {render 'sudo_mode/new'}
  end
end

#require_sudo_mode(*param_names) ⇒ Object

This renders the sudo mode form / handles sudo form submission.

Call this method in controller actions if sudo permissions are required for processing this request. This approach is good in cases where the action needs to be protected in any case or where the check is simple.

In cases where this decision depends on complex conditions in the model, consider the declarative approach using the require_sudo_mode class method and a corresponding declaration in the model that causes it to throw a SudoRequired Error when necessary.

All parameter names given are included as hidden fields to be resubmitted along with the password.

Returns true when processing the action should continue, false otherwise. If false is returned, render has already been called for display of the password form.

if @user.mail_changed?

require_sudo_mode :user or return

end



104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# File 'lib/redmine/sudo_mode.rb', line 104

def require_sudo_mode(*param_names)
  return true if SudoMode.active?

  if param_names.blank?
    param_names = params.keys - %w(id action controller sudo_password _method authenticity_token utf8)
  end

  process_sudo_form

  if SudoMode.active?
    true
  else
    render_sudo_form param_names
    false
  end
end

#sudo_modeObject

Sudo mode Around Filter

Checks the ‘last used’ timestamp from session and sets the SudoMode::active? flag accordingly.

After the request refreshes the timestamp if sudo mode was used during this request.



74
75
76
77
78
79
80
# File 'lib/redmine/sudo_mode.rb', line 74

def sudo_mode
  if sudo_timestamp_valid?
    SudoMode.active!
  end
  yield
  update_sudo_timestamp! if SudoMode.was_used?
end

#sudo_timestamp_valid?Boolean

Returns:

  • (Boolean)


145
146
147
# File 'lib/redmine/sudo_mode.rb', line 145

def sudo_timestamp_valid?
  session[:sudo_timestamp].to_i > SudoMode.timeout.ago.to_i
end

#update_sudo_timestamp!(new_value = Time.now.to_i) ⇒ Object



149
150
151
# File 'lib/redmine/sudo_mode.rb', line 149

def update_sudo_timestamp!(new_value = Time.now.to_i)
  session[:sudo_timestamp] = new_value
end