Merge pull request #176 from azul/feature/api-authenticated-configs

API: Authenticated access to config settings
author: azul <azul@leap.se> 2014-07-17 12:16:07 +0200
committer: azul <azul@leap.se> 2014-07-17 12:16:07 +0200
commit: ade74d8a9091ae607586d7b287a0579a2ee7af8e (patch)
tree: 74273b8ba7e35d0fb3c96aa79e63c93086d15146 /app/controllers/controller_extension
parent: 952bc18e8333ca5c3e6e16f8059f84a1414d5f6f (diff)
parent: e86cccb4b89540f3bd403110d051b2723be781b9 (diff)
5 files changed, 81 insertions, 17 deletions
diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb
index 1f73f38..e2b24f0 100644
--- a/app/controllers/controller_extension/authentication.rb
+++ b/app/controllers/controller_extension/authentication.rb
@@ -16,7 +16,7 @@ module ControllerExtension::Authentication
   end
 
   def require_login
-    access_denied unless logged_in?
+    login_required unless logged_in?
   end
 
   # some actions only make sense if you are not logged in yet.
@@ -26,21 +26,6 @@ module ControllerExtension::Authentication
     redirect_to home_url if logged_in?
   end
 
-  def access_denied
-    respond_to do |format|
-      format.html do
-        if logged_in?
-          redirect_to home_url, :alert => t(:not_authorized)
-        else
-          redirect_to login_url, :alert => t(:not_authorized_login)
-        end
-      end
-      format.json do
-        render :json => {'error' => t(:not_authorized)}, status: :unprocessable_entity
-      end
-    end
-  end
-
   def admin?
     current_user.is_admin?
   end
diff --git a/app/controllers/controller_extension/errors.rb b/app/controllers/controller_extension/errors.rb
new file mode 100644
index 0000000..8f8edde
--- /dev/null
+++ b/app/controllers/controller_extension/errors.rb
@@ -0,0 +1,34 @@
+module ControllerExtension::Errors
+  extend ActiveSupport::Concern
+
+  protected
+
+  def access_denied
+    respond_to_error :not_authorized, :forbidden, home_url
+  end
+
+  def login_required
+    # Warden will intercept the 401 response and call
+    # SessionController#unauthenticated instead.
+    respond_to_error :not_authorized_login, :unauthorized, login_url
+  end
+
+  def not_found
+    respond_to_error :not_found, :not_found, home_url
+  end
+
+
+  def respond_to_error(message, status=nil, redirect=nil)
+    error = message
+    message = t(message) if message.is_a?(Symbol)
+    respond_to do |format|
+      format.html do
+        redirect_to redirect, alert: message
+      end
+      format.json do
+        status ||= :unprocessable_entity
+        render json: {error: error, message: message}, status: status
+      end
+    end
+  end
+end
diff --git a/app/controllers/controller_extension/fetch_user.rb b/app/controllers/controller_extension/fetch_user.rb
new file mode 100644
index 0000000..695d723
--- /dev/null
+++ b/app/controllers/controller_extension/fetch_user.rb
@@ -0,0 +1,20 @@
+#
+# fetch the user taking into account permissions.
+# While normal users can only change settings for themselves
+# admins can change things for all users.
+#
+module ControllerExtension::FetchUser
+  extend ActiveSupport::Concern
+
+  protected
+
+  def fetch_user
+    @user = User.find(params[:user_id] || params[:id])
+    if !@user && admin?
+      redirect_to users_url, :alert => t(:no_such_thing, :thing => 'user')
+    elsif !admin? && @user != current_user
+      access_denied
+    end
+  end
+
+end
diff --git a/app/controllers/controller_extension/json_file.rb b/app/controllers/controller_extension/json_file.rb
new file mode 100644
index 0000000..6be919a
--- /dev/null
+++ b/app/controllers/controller_extension/json_file.rb
@@ -0,0 +1,23 @@
+module ControllerExtension::JsonFile
+  extend ActiveSupport::Concern
+  include ControllerExtension::Errors
+
+  protected
+
+  def send_file
+    if stale?(:last_modified => @file.mtime)
+      response.content_type = 'application/json'
+      render :text => @file.read
+    end
+  end
+
+  def fetch_file
+    if File.exists?(@filename)
+      @file = File.new(@filename)
+    else
+      not_found
+    end
+  end
+
+end
+
diff --git a/app/controllers/controller_extension/token_authentication.rb b/app/controllers/controller_extension/token_authentication.rb
index b0ed624..4ad1977 100644
--- a/app/controllers/controller_extension/token_authentication.rb
+++ b/app/controllers/controller_extension/token_authentication.rb
@@ -1,6 +1,8 @@
 module ControllerExtension::TokenAuthentication
   extend ActiveSupport::Concern
 
+  protected
+
   def token
     @token ||= authenticate_with_http_token do |token, options|
       Token.find_by_token(token)
@@ -12,7 +14,7 @@ module ControllerExtension::TokenAuthentication
   end
 
   def require_token
-    access_denied unless token_authenticate
+    login_required unless token_authenticate
   end
 
   def logout
author	azul <azul@leap.se>	2014-07-17 12:16:07 +0200
committer	azul <azul@leap.se>	2014-07-17 12:16:07 +0200
commit	ade74d8a9091ae607586d7b287a0579a2ee7af8e (patch)
tree	74273b8ba7e35d0fb3c96aa79e63c93086d15146 /app/controllers/controller_extension
parent	952bc18e8333ca5c3e6e16f8059f84a1414d5f6f (diff)
parent	e86cccb4b89540f3bd403110d051b2723be781b9 (diff)