summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/controllers/controller_extension/errors.rb11
-rw-r--r--app/controllers/controller_extension/fetch_user.rb20
-rw-r--r--app/models/account.rb8
-rw-r--r--app/models/anonymous_user.rb2
-rw-r--r--app/models/api_user.rb4
-rw-r--r--app/models/temporary_user.rb23
-rw-r--r--app/models/user.rb2
7 files changed, 50 insertions, 20 deletions
diff --git a/app/controllers/controller_extension/errors.rb b/app/controllers/controller_extension/errors.rb
index 8f8edde..2b68955 100644
--- a/app/controllers/controller_extension/errors.rb
+++ b/app/controllers/controller_extension/errors.rb
@@ -4,21 +4,22 @@ module ControllerExtension::Errors
protected
def access_denied
- respond_to_error :not_authorized, :forbidden, home_url
+ render_error :not_authorized, :forbidden, home_url
end
def login_required
# Warden will intercept the 401 response and call
# SessionController#unauthenticated instead.
- respond_to_error :not_authorized_login, :unauthorized, login_url
+ render_error :not_authorized_login, :unauthorized, login_url
end
- def not_found
- respond_to_error :not_found, :not_found, home_url
+ def not_found(msg=nil, url=nil)
+ render_error(msg || :not_found, :not_found, url || home_url)
end
+ private
- def respond_to_error(message, status=nil, redirect=nil)
+ def render_error(message, status=nil, redirect=nil)
error = message
message = t(message) if message.is_a?(Symbol)
respond_to do |format|
diff --git a/app/controllers/controller_extension/fetch_user.rb b/app/controllers/controller_extension/fetch_user.rb
index 695d723..97f92fa 100644
--- a/app/controllers/controller_extension/fetch_user.rb
+++ b/app/controllers/controller_extension/fetch_user.rb
@@ -8,11 +8,25 @@ module ControllerExtension::FetchUser
protected
+ #
+ # fetch @user from params, but enforce permissions:
+ #
+ # * admins may fetch any user
+ # * monitors may fetch test users
+ # * users may fetch themselves
+ #
+ # these permissions matter, it is what protects
+ # users from being updated or deleted by other users.
+ #
def fetch_user
@user = User.find(params[:user_id] || params[:id])
- if !@user && admin?
- redirect_to users_url, :alert => t(:no_such_thing, :thing => 'user')
- elsif !admin? && @user != current_user
+ if current_user.is_admin? || current_user.is_monitor?
+ if @user.nil?
+ not_found(t(:no_such_thing, :thing => 'user'), users_url)
+ elsif current_user.is_monitor?
+ access_denied unless @user.is_test?
+ end
+ elsif @user != current_user
access_denied
end
end
diff --git a/app/models/account.rb b/app/models/account.rb
index abde89d..a85e56c 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -21,7 +21,7 @@ class Account
user = User.new(attrs)
user.save
- if !user.tmp? && user.persisted?
+ if !user.is_tmp? && user.persisted?
identity = user.identity
identity.user_id = user.id
identity.save
@@ -59,7 +59,7 @@ class Account
def destroy(destroy_identity=false)
return unless @user
- if !@user.tmp?
+ if !@user.is_tmp?
if destroy_identity == false
@user.identities.each do |id|
id.orphan!
@@ -77,7 +77,7 @@ class Account
# in place, but the user should not be able to send email or
# create new authentication certificates.
def disable
- if @user && !@user.tmp?
+ if @user && !@user.is_tmp?
@user.enabled = false
@user.save
@user.identities.each do |id|
@@ -119,7 +119,7 @@ class Account
def self.creation_problem?(user, identity)
return true if user.nil? || !user.persisted? || user.errors.any?
- if !user.tmp?
+ if !user.is_tmp?
return true if identity.nil? || !identity.persisted? || identity.errors.any?
end
return false
diff --git a/app/models/anonymous_user.rb b/app/models/anonymous_user.rb
index e1f7a0e..79a5f32 100644
--- a/app/models/anonymous_user.rb
+++ b/app/models/anonymous_user.rb
@@ -9,7 +9,7 @@ class AnonymousUser < Object
false
end
- def is_test?
+ def is_monitor?
false
end
diff --git a/app/models/api_user.rb b/app/models/api_user.rb
index d80a4d1..2efe1cb 100644
--- a/app/models/api_user.rb
+++ b/app/models/api_user.rb
@@ -7,8 +7,8 @@ end
# for running monitor tests against a live production
# installation.
#
-class ApiTestUser < ApiUser
- def is_test?
+class ApiMonitorUser < ApiUser
+ def is_monitor?
true
end
end
diff --git a/app/models/temporary_user.rb b/app/models/temporary_user.rb
index 87800ed..2afae15 100644
--- a/app/models/temporary_user.rb
+++ b/app/models/temporary_user.rb
@@ -16,7 +16,8 @@ module TemporaryUser
USER_DB = 'users'
TMP_USER_DB = 'tmp_users'
- TMP_LOGIN = 'test_user'
+ TMP_LOGIN = 'tmp_user' # created and deleted frequently
+ TEST_LOGIN = 'test_user' # created, rarely deleted
included do
use_database_method :db_name
@@ -26,7 +27,7 @@ module TemporaryUser
# override it.
instance_eval <<-EOS, __FILE__, __LINE__ + 1
def find_by_login(*args)
- if args.grep(/#{TMP_LOGIN}/).any?
+ if args.grep(/^#{TMP_LOGIN}/).any?
by_login.database(tmp_database).key(*args).first()
else
by_login.key(*args).first()
@@ -60,6 +61,14 @@ module TemporaryUser
def create_tmp_database!
design_doc.sync!(tmp_database.tap{|db|db.create!})
end
+
+ def is_tmp?(login)
+ !login.nil? && login =~ /^#{TMP_LOGIN}/
+ end
+
+ def is_test?(login)
+ !login.nil? && (login =~ /^#{TMP_LOGIN}/ || login =~ /^#{TEST_LOGIN}/)
+ end
end
#
@@ -71,8 +80,14 @@ module TemporaryUser
end
# returns true if this User instance is stored in tmp db.
- def tmp?
- !login.nil? && login.include?(TMP_LOGIN)
+ def is_tmp?
+ self.class.is_tmp?(self.login)
+ end
+
+ # returns true if this user is used for testing purposes
+ # (either a temporary or long lived)
+ def is_test?
+ self.class.is_test?(self.login)
end
end
diff --git a/app/models/user.rb b/app/models/user.rb
index 1aeea1c..1c54f0c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -107,7 +107,7 @@ class User < CouchRest::Model::Base
false
end
- def is_test?
+ def is_monitor?
false
end