From 6c60b179a09030da985462d15dbdf076367b5ea4 Mon Sep 17 00:00:00 2001
From: jessib <jessib@riseup.net>
Date: Wed, 31 Oct 2012 12:10:07 -0700
Subject: Code to check administration (and ugly test display.) This includes
 example config file.

---
 .gitignore                                          |  3 +++
 README.md                                           |  3 +++
 config/config.yml.example                           |  8 ++++++++
 .../controller_extension/authentication.rb          | 21 +++++++++++++++++++--
 users/app/models/user.rb                            |  3 ++-
 users/app/views/sessions/_nav.html.haml             |  5 ++++-
 6 files changed, 39 insertions(+), 4 deletions(-)
 create mode 100644 config/config.yml.example

diff --git a/.gitignore b/.gitignore
index 93547cd..d447b54 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,6 @@
 */Gemfile.lock
 test/dummy/log/*
 test/dummy/tmp/*
+
+# Ignore configuration file.
+config/config.yml
\ No newline at end of file
diff --git a/README.md b/README.md
index 3ea47bb..fee4e60 100644
--- a/README.md
+++ b/README.md
@@ -53,6 +53,9 @@ The webapp can hand out certs for the EIP client. These certs are either picked
 
 We also ship provider information through the webapp. For now please add your eip-service.json to the public/config directory.
 
+Copy the example configuration file and customize as appropriate:
+     cp config/config.yml.example config/config.yml
+
 Running
 -----------------------------
 
diff --git a/config/config.yml.example b/config/config.yml.example
new file mode 100644
index 0000000..e3a0112
--- /dev/null
+++ b/config/config.yml.example
@@ -0,0 +1,8 @@
+development:
+  admins: [admin, admin2]
+
+test:
+  admins: [admin, admin2]
+
+production
+  admins: []
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index 507b62f..c3342f3 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -4,14 +4,31 @@ module ControllerExtension::Authentication
   private
 
   included do
-    helper_method :current_user
+    helper_method :current_user, :logged_in?, :admin?
   end
 
   def current_user
     @current_user ||= User.find(session[:user_id]) if session[:user_id]
   end
 
+  def logged_in?
+    !!current_user
+  end
+
   def authorize
-    redirect_to login_url, :alert => "Not authorized" if current_user.nil?
+    access_denied unless logged_in?
   end
+
+  def access_denied
+    redirect_to login_url, :alert => "Not authorized"
+  end
+
+  def admin?
+    current_user && current_user.is_admin?
+  end
+
+  def authorize_admin
+    access_denied unless admin?
+  end
+
 end
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 2b8ead7..0f5d650 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -66,8 +66,9 @@ class User < CouchRest::Model::Base
     login
   end
 
+  # Since we are storing admins by login, we cannot allow admins to change their login.
   def is_admin?
-    APP_CONFIG['admins'].include? self.id
+    APP_CONFIG['admins'].include? self.login
   end
 
 end
diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml
index a5397bd..204ba88 100644
--- a/users/app/views/sessions/_nav.html.haml
+++ b/users/app/views/sessions/_nav.html.haml
@@ -1,6 +1,9 @@
-- if current_user
+- if logged_in?
   %li
+    = 'logged in as ' + current_user.login
     = link_to t(:logout), logout_path
+    - if admin?
+      = 'ADMIN' # obviously not like this
 - else
   %li
     = link_to t(:login), login_path
-- 
cgit v1.2.3