From cf71d4ef08d88ee85763b258b2738fc26e3ed3eb Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 8 Jul 2014 10:24:24 +0200 Subject: separate login_required from access denied response They are very different. Let's handle them in different methods. --- .../controller_extension/authentication.rb | 24 +++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) (limited to 'app/controllers/controller_extension') diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb index 1f73f38..fae5145 100644 --- a/app/controllers/controller_extension/authentication.rb +++ b/app/controllers/controller_extension/authentication.rb @@ -16,7 +16,7 @@ module ControllerExtension::Authentication end def require_login - access_denied unless logged_in? + login_required unless logged_in? end # some actions only make sense if you are not logged in yet. @@ -29,14 +29,24 @@ module ControllerExtension::Authentication def access_denied respond_to do |format| format.html do - if logged_in? - redirect_to home_url, :alert => t(:not_authorized) - else - redirect_to login_url, :alert => t(:not_authorized_login) - end + redirect_to home_url, :alert => t(:not_authorized) end format.json do - render :json => {'error' => t(:not_authorized)}, status: :unprocessable_entity + render :json => {'error' => t(:not_authorized)}, status: :forbidden + end + end + end + + def login_required + respond_to do |format| + format.html do + redirect_to login_url, alert: t(:not_authorized_login) + end + format.json do + # Warden will intercept the 401 response and call + # SessionController#unauthenticated instead. + render json: {error: t(:not_authorized_login)}, + status: :unauthorized end end end -- cgit v1.2.3 From 60052d15ca02b1c40ed265bed6515880d2851b8f Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 10 Jul 2014 12:13:30 +0200 Subject: clean up and simplify error responses and test code --- .../controller_extension/authentication.rb | 24 ++++++++++------------ .../controller_extension/token_authentication.rb | 2 +- 2 files changed, 12 insertions(+), 14 deletions(-) (limited to 'app/controllers/controller_extension') diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb index fae5145..687bc6e 100644 --- a/app/controllers/controller_extension/authentication.rb +++ b/app/controllers/controller_extension/authentication.rb @@ -27,26 +27,24 @@ module ControllerExtension::Authentication end def access_denied - respond_to do |format| - format.html do - redirect_to home_url, :alert => t(:not_authorized) - end - format.json do - render :json => {'error' => t(:not_authorized)}, status: :forbidden - end - end + respond_to_error :not_authorized, :forbidden, home_url end def login_required + # Warden will intercept the 401 response and call + # SessionController#unauthenticated instead. + respond_to_error :not_authorized_login, :unauthorized, login_url + end + + def respond_to_error(message, status=nil, redirect=nil) + message = t(message) if message.is_a?(Symbol) respond_to do |format| format.html do - redirect_to login_url, alert: t(:not_authorized_login) + redirect_to redirect, alert: message end format.json do - # Warden will intercept the 401 response and call - # SessionController#unauthenticated instead. - render json: {error: t(:not_authorized_login)}, - status: :unauthorized + status ||= :unprocessable_entity + render json: {error: message}, status: status end end end diff --git a/app/controllers/controller_extension/token_authentication.rb b/app/controllers/controller_extension/token_authentication.rb index b0ed624..1cb6ffa 100644 --- a/app/controllers/controller_extension/token_authentication.rb +++ b/app/controllers/controller_extension/token_authentication.rb @@ -12,7 +12,7 @@ module ControllerExtension::TokenAuthentication end def require_token - access_denied unless token_authenticate + login_required unless token_authenticate end def logout -- cgit v1.2.3 From f07c952c870bfb8634ef0d80737b67a1eec760f6 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 14 Jul 2014 13:04:30 +0200 Subject: send config files from ConfigsController --- app/controllers/controller_extension/json_file.rb | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 app/controllers/controller_extension/json_file.rb (limited to 'app/controllers/controller_extension') diff --git a/app/controllers/controller_extension/json_file.rb b/app/controllers/controller_extension/json_file.rb new file mode 100644 index 0000000..0cb4b6d --- /dev/null +++ b/app/controllers/controller_extension/json_file.rb @@ -0,0 +1,22 @@ +module ControllerExtension::JsonFile + extend ActiveSupport::Concern + + protected + + def send_file + if stale?(:last_modified => @file.mtime) + response.content_type = 'application/json' + render :text => @file.read + end + end + + def fetch_file + if File.exists?(@filename) + @file = File.new(@filename) + else + not_found + end + end + +end + -- cgit v1.2.3 From 67f70b31bd16b05759e1f8393f077ee17f2c34be Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 14 Jul 2014 15:49:31 +0200 Subject: move fetch_user into module so it can be mixed in We have an ApiController that wants to call #fetch_user. Since we can only inherit from one class i moved fetch_user into an extension. --- app/controllers/controller_extension/fetch_user.rb | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 app/controllers/controller_extension/fetch_user.rb (limited to 'app/controllers/controller_extension') diff --git a/app/controllers/controller_extension/fetch_user.rb b/app/controllers/controller_extension/fetch_user.rb new file mode 100644 index 0000000..695d723 --- /dev/null +++ b/app/controllers/controller_extension/fetch_user.rb @@ -0,0 +1,20 @@ +# +# fetch the user taking into account permissions. +# While normal users can only change settings for themselves +# admins can change things for all users. +# +module ControllerExtension::FetchUser + extend ActiveSupport::Concern + + protected + + def fetch_user + @user = User.find(params[:user_id] || params[:id]) + if !@user && admin? + redirect_to users_url, :alert => t(:no_such_thing, :thing => 'user') + elsif !admin? && @user != current_user + access_denied + end + end + +end -- cgit v1.2.3 From bb10a669e1129c662ba01f223bd5a0ee7f2a0344 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 14 Jul 2014 18:00:14 +0200 Subject: fix controller refactor and features Also save debug log on failing features --- .../controller_extension/authentication.rb | 23 --------------- app/controllers/controller_extension/errors.rb | 34 ++++++++++++++++++++++ app/controllers/controller_extension/json_file.rb | 1 + .../controller_extension/token_authentication.rb | 2 ++ 4 files changed, 37 insertions(+), 23 deletions(-) create mode 100644 app/controllers/controller_extension/errors.rb (limited to 'app/controllers/controller_extension') diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb index 687bc6e..e2b24f0 100644 --- a/app/controllers/controller_extension/authentication.rb +++ b/app/controllers/controller_extension/authentication.rb @@ -26,29 +26,6 @@ module ControllerExtension::Authentication redirect_to home_url if logged_in? end - def access_denied - respond_to_error :not_authorized, :forbidden, home_url - end - - def login_required - # Warden will intercept the 401 response and call - # SessionController#unauthenticated instead. - respond_to_error :not_authorized_login, :unauthorized, login_url - end - - def respond_to_error(message, status=nil, redirect=nil) - message = t(message) if message.is_a?(Symbol) - respond_to do |format| - format.html do - redirect_to redirect, alert: message - end - format.json do - status ||= :unprocessable_entity - render json: {error: message}, status: status - end - end - end - def admin? current_user.is_admin? end diff --git a/app/controllers/controller_extension/errors.rb b/app/controllers/controller_extension/errors.rb new file mode 100644 index 0000000..8f8edde --- /dev/null +++ b/app/controllers/controller_extension/errors.rb @@ -0,0 +1,34 @@ +module ControllerExtension::Errors + extend ActiveSupport::Concern + + protected + + def access_denied + respond_to_error :not_authorized, :forbidden, home_url + end + + def login_required + # Warden will intercept the 401 response and call + # SessionController#unauthenticated instead. + respond_to_error :not_authorized_login, :unauthorized, login_url + end + + def not_found + respond_to_error :not_found, :not_found, home_url + end + + + def respond_to_error(message, status=nil, redirect=nil) + error = message + message = t(message) if message.is_a?(Symbol) + respond_to do |format| + format.html do + redirect_to redirect, alert: message + end + format.json do + status ||= :unprocessable_entity + render json: {error: error, message: message}, status: status + end + end + end +end diff --git a/app/controllers/controller_extension/json_file.rb b/app/controllers/controller_extension/json_file.rb index 0cb4b6d..6be919a 100644 --- a/app/controllers/controller_extension/json_file.rb +++ b/app/controllers/controller_extension/json_file.rb @@ -1,5 +1,6 @@ module ControllerExtension::JsonFile extend ActiveSupport::Concern + include ControllerExtension::Errors protected diff --git a/app/controllers/controller_extension/token_authentication.rb b/app/controllers/controller_extension/token_authentication.rb index 1cb6ffa..4ad1977 100644 --- a/app/controllers/controller_extension/token_authentication.rb +++ b/app/controllers/controller_extension/token_authentication.rb @@ -1,6 +1,8 @@ module ControllerExtension::TokenAuthentication extend ActiveSupport::Concern + protected + def token @token ||= authenticate_with_http_token do |token, options| Token.find_by_token(token) -- cgit v1.2.3