From 3e0a1a47c0eafb7f9b79e5f2765ea33ce1ad159b Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 24 Oct 2012 20:35:52 +0200
Subject: basic admin controller methods and helpers + tests

---
 users/app/controllers/application_controller.rb | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

(limited to 'users/app')

diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb
index 64e1a55..0d6e5d1 100644
--- a/users/app/controllers/application_controller.rb
+++ b/users/app/controllers/application_controller.rb
@@ -1,14 +1,32 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
 
-  private
+  protected
 
   def current_user
     @current_user ||= User.find(session[:user_id]) if session[:user_id]
   end
   helper_method :current_user
 
+  def logged_in?
+    !!current_user
+  end
+  helper_method :logged_in?
+
   def authorize
-    redirect_to login_url, alert: "Not authorized" if current_user.nil?
+    access_denied unless logged_in?
+  end
+
+  def admin?
+    current_user && current_user.is_admin?
+  end
+  helper_method :admin?
+
+  def authorize_admin
+    access_denied unless admin?
+  end
+
+  def access_denied
+    redirect_to login_url, :alert => "Not authorized"
   end
 end
-- 
cgit v1.2.3


From a2a8caf577415ef51c0f99da43f9b47bde226fc6 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 29 Oct 2012 12:08:25 +0100
Subject: first steps at is_admin?

---
 users/app/models/user.rb | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'users/app')

diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 1afb9db..9bbf169 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -63,11 +63,8 @@ class User < CouchRest::Model::Base
     login
   end
 
-  def self.current
-    Thread.current[:user]
-  end
-  def self.current=(user)
-    Thread.current[:user] = user
+  def is_admin?
+    APP_CONFIG['admins'].include? self.id
   end
 
 end
-- 
cgit v1.2.3


From 6c60b179a09030da985462d15dbdf076367b5ea4 Mon Sep 17 00:00:00 2001
From: jessib <jessib@riseup.net>
Date: Wed, 31 Oct 2012 12:10:07 -0700
Subject: Code to check administration (and ugly test display.) This includes
 example config file.

---
 .../controller_extension/authentication.rb          | 21 +++++++++++++++++++--
 users/app/models/user.rb                            |  3 ++-
 users/app/views/sessions/_nav.html.haml             |  5 ++++-
 3 files changed, 25 insertions(+), 4 deletions(-)

(limited to 'users/app')

diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index 507b62f..c3342f3 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -4,14 +4,31 @@ module ControllerExtension::Authentication
   private
 
   included do
-    helper_method :current_user
+    helper_method :current_user, :logged_in?, :admin?
   end
 
   def current_user
     @current_user ||= User.find(session[:user_id]) if session[:user_id]
   end
 
+  def logged_in?
+    !!current_user
+  end
+
   def authorize
-    redirect_to login_url, :alert => "Not authorized" if current_user.nil?
+    access_denied unless logged_in?
   end
+
+  def access_denied
+    redirect_to login_url, :alert => "Not authorized"
+  end
+
+  def admin?
+    current_user && current_user.is_admin?
+  end
+
+  def authorize_admin
+    access_denied unless admin?
+  end
+
 end
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 2b8ead7..0f5d650 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -66,8 +66,9 @@ class User < CouchRest::Model::Base
     login
   end
 
+  # Since we are storing admins by login, we cannot allow admins to change their login.
   def is_admin?
-    APP_CONFIG['admins'].include? self.id
+    APP_CONFIG['admins'].include? self.login
   end
 
 end
diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml
index a5397bd..204ba88 100644
--- a/users/app/views/sessions/_nav.html.haml
+++ b/users/app/views/sessions/_nav.html.haml
@@ -1,6 +1,9 @@
-- if current_user
+- if logged_in?
   %li
+    = 'logged in as ' + current_user.login
     = link_to t(:logout), logout_path
+    - if admin?
+      = 'ADMIN' # obviously not like this
 - else
   %li
     = link_to t(:login), login_path
-- 
cgit v1.2.3