diff options
| -rw-r--r-- | .gitignore | 3 | ||||
| -rw-r--r-- | README.md | 3 | ||||
| -rw-r--r-- | config/config.yml.example | 8 | ||||
| -rw-r--r-- | users/app/controllers/controller_extension/authentication.rb | 21 | ||||
| -rw-r--r-- | users/app/models/user.rb | 3 | ||||
| -rw-r--r-- | users/app/views/sessions/_nav.html.haml | 5 |
6 files changed, 39 insertions, 4 deletions
@@ -20,3 +20,6 @@ */Gemfile.lock test/dummy/log/* test/dummy/tmp/* + +# Ignore configuration file. +config/config.yml
\ No newline at end of file @@ -53,6 +53,9 @@ The webapp can hand out certs for the EIP client. These certs are either picked We also ship provider information through the webapp. For now please add your eip-service.json to the public/config directory. +Copy the example configuration file and customize as appropriate: + cp config/config.yml.example config/config.yml + Running ----------------------------- diff --git a/config/config.yml.example b/config/config.yml.example new file mode 100644 index 0000000..e3a0112 --- /dev/null +++ b/config/config.yml.example @@ -0,0 +1,8 @@ +development: + admins: [admin, admin2] + +test: + admins: [admin, admin2] + +production + admins: [] diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index 507b62f..c3342f3 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -4,14 +4,31 @@ module ControllerExtension::Authentication private included do - helper_method :current_user + helper_method :current_user, :logged_in?, :admin? end def current_user @current_user ||= User.find(session[:user_id]) if session[:user_id] end + def logged_in? + !!current_user + end + def authorize - redirect_to login_url, :alert => "Not authorized" if current_user.nil? + access_denied unless logged_in? end + + def access_denied + redirect_to login_url, :alert => "Not authorized" + end + + def admin? + current_user && current_user.is_admin? + end + + def authorize_admin + access_denied unless admin? + end + end diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 2b8ead7..0f5d650 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -66,8 +66,9 @@ class User < CouchRest::Model::Base login end + # Since we are storing admins by login, we cannot allow admins to change their login. def is_admin? - APP_CONFIG['admins'].include? self.id + APP_CONFIG['admins'].include? self.login end end diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml index a5397bd..204ba88 100644 --- a/users/app/views/sessions/_nav.html.haml +++ b/users/app/views/sessions/_nav.html.haml @@ -1,6 +1,9 @@ -- if current_user +- if logged_in? %li + = 'logged in as ' + current_user.login = link_to t(:logout), logout_path + - if admin? + = 'ADMIN' # obviously not like this - else %li = link_to t(:login), login_path |