OpenIrekia v4.0.0
Copyright 2009-2013 eFaber, S.L. Copyright 2009-2013 Ejie, S.A. Copyrigth 2009-2013 Dirección de Gobierno Abierto y Comunicación en Internet;
Gobernu Irekirako eta Interneteko Komunikaziorako Zuzendaritza; Lehendakaritza. Gobierno Vasco – Eusko Jaurlaritza
Licencia con arreglo a la EUPL, Versión 1.1 o –en cuanto sean aprobadas por la Comisión Europea– versiones posteriores de la EUPL (la Licencia); Solo podrá usarse esta obra si se respeta la Licencia. Puede obtenerse una copia de la Licencia en: ec.europa.eu/idabc/eupl Salvo cuando lo exija la legislación aplicable o se acuerde por escrito, el programa distribuido con arreglo a la Licencia se distribuye TAL CUAL, SIN GARANTÍAS NI CONDICIONES DE NINGÚN TIPO, ni expresas ni implícitas. Véase la Licencia en el idioma concreto que rige los permisos y limitaciones que establece la Licencia
http://open.irekia.net, openirekia@efaber.net
Inclusion hook to make current_user and logged_in? available as ActionView helper methods.
# File lib/authenticated_system.rb, line 140 def self.included(base) base.send :helper_method, :current_user, :logged_in?, :is_admin? #, :can_edit_info?, :can_create_info? end
Redirect as appropriate when an access request fails.
The default action is to redirect to the login screen.
Override this method in your controllers if you want to have special behavior in case the user is not authorized to access the requested action. For example, a popup window might simply close itself.
# File lib/authenticated_system.rb, line 84 def access_denied # respond_to do |format| # format.html do # store_location # redirect_to new_session_path # end # format.any do # request_http_basic_authentication 'Web Password' # end # end # HTTP_ACCEPT header IE7 sends is anything but HTML, so it propts the http basic authentication # instead of redirect to login. This is a temporary hack store_location respond_to do |format| # format.js do # render :update do |page| # page.redirect_to new_session_path # end # end format.html {redirect_to new_session_path} format.iphone {redirect_to new_session_path(:format => :iphone)} format.json { render :json => {:error_message => I18n.t('floki.login_required'), :needs_auth => true}.to_json } format.floki { render :json => {:error_message => I18n.t('floki.login_required'), :needs_auth => true}.to_json } format.any {redirect_to new_session_path} end end
# File lib/authenticated_system.rb, line 171 def admin_required unless (logged_in? && is_admin?) flash[:notice] = t('no_tienes_permiso') access_denied end end
Accesses the current user from the session. Set it to :false if login fails so that future calls do not hit the database.
# File lib/authenticated_system.rb, line 32 def current_user @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie || :false) end
Store the given user id in the session.
# File lib/authenticated_system.rb, line 37 def current_user=(new_user) session[:user_id] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id @current_user = new_user || :false end
Esti
# File lib/authenticated_system.rb, line 167 def is_admin? logged_in? && current_user.is_admin? end
Returns true or false if the user is logged in. Preloads @current_user with the user model if they’re logged in.
# File lib/authenticated_system.rb, line 26 def logged_in? current_user != :false end
Called from current_user. Now, attempt to login by basic authentication information.
# File lib/authenticated_system.rb, line 150 def login_from_basic_auth authenticate_with_http_basic do |username, password| self.current_user = User.authenticate(username, password) end end
Called from current_user. First attempt to login by the user id stored in the session.
# File lib/authenticated_system.rb, line 145 def login_from_session self.current_user = User.find(session[:user_id]) if session[:user_id] end
Filter method to enforce a login requirement.
To require logins for all actions, use this in your controllers:
before_filter :login_required
To require logins for specific actions, use this in your controllers:
before_filter :login_required, :only => [ :edit, :update ]
To skip this in a subclassed controller:
skip_before_filter :login_required
# File lib/authenticated_system.rb, line 72 def login_required authorized? || access_denied end
Redirect to the URI stored by the most recent #store_location call or to the passed default.
# File lib/authenticated_system.rb, line 133 def redirect_back_or_default(default) redirect_to(params[:return_to]|| session[:return_to] || default) session[:return_to] = nil end
Store the URI of the current request in the session.
We can return to this location by calling redirect_back_or_default.
# File lib/authenticated_system.rb, line 114 def store_location # if request.request_uri.match(/(update_nota_bloque|update_nota_item|update_nota_padres_item|update_obs_bloque|update_obs_padres_bloque)/) # # Si se intenta ir a estas acciones directamente despues del login da error # # porque no pasa los parametros, pero el usuario no se da cuenta porque es XHR, por eso # # guardamos en la session la pantalla anterior # session[:return_to] = request.env['HTTP_REFERER'] # else session[:return_to] = request.request_uri # end end
Esti
# File lib/authenticated_system.rb, line 126 def store_previous_location session[:return_to] = request.env['HTTP_REFERER'] end