2009-05-22 14:13:46 +02:00
|
|
|
# Filters added to this controller apply to all controllers in the application.
|
|
|
|
# Likewise, all the methods added will be available for all controllers.
|
|
|
|
|
|
|
|
class ApplicationController < ActionController::Base
|
|
|
|
helper :all # include all helpers, all the time
|
|
|
|
protect_from_forgery # See ActionController::RequestForgeryProtection for details
|
|
|
|
|
2009-05-22 16:14:07 +02:00
|
|
|
helper_method :current_user, :current_user_session
|
2010-04-13 00:40:47 +02:00
|
|
|
|
|
|
|
before_filter :setup
|
2009-06-08 16:16:30 +02:00
|
|
|
|
2009-05-22 21:04:41 +02:00
|
|
|
|
2009-05-22 16:14:07 +02:00
|
|
|
private
|
2009-08-03 16:39:33 +02:00
|
|
|
|
2010-04-13 00:40:47 +02:00
|
|
|
def setup
|
|
|
|
redirect_to new_account_path if User.all.length == 0
|
|
|
|
end
|
|
|
|
|
2009-08-03 16:39:33 +02:00
|
|
|
def check_public_access
|
2011-04-11 06:38:53 +02:00
|
|
|
require_user if ENV['PRIVATE'] == 'true'
|
2009-08-03 16:39:33 +02:00
|
|
|
end
|
2009-06-08 16:16:30 +02:00
|
|
|
|
2009-05-22 16:14:07 +02:00
|
|
|
def current_user_session
|
|
|
|
return @current_user_session if defined?(@current_user_session)
|
|
|
|
@current_user_session = UserSession.find
|
|
|
|
end
|
2009-05-22 14:13:46 +02:00
|
|
|
|
2009-05-22 16:14:07 +02:00
|
|
|
def current_user
|
|
|
|
return @current_user if defined?(@current_user)
|
|
|
|
@current_user = current_user_session && current_user_session.user
|
|
|
|
end
|
|
|
|
|
2009-06-08 16:16:30 +02:00
|
|
|
def require_role(roles = [])
|
|
|
|
unless current_user && current_user.in_role?(*roles)
|
|
|
|
store_location
|
|
|
|
flash[:notice] = "You must have permission to access this page"
|
2009-06-09 00:30:22 +02:00
|
|
|
redirect_to account_path
|
2009-06-08 16:16:30 +02:00
|
|
|
return false
|
|
|
|
end
|
2009-06-09 00:30:22 +02:00
|
|
|
return true
|
2009-06-08 16:16:30 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
def require_role_admin
|
2009-06-09 00:30:22 +02:00
|
|
|
return false if !require_user
|
|
|
|
return require_role("admin")
|
2009-06-08 16:16:30 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
def require_permission(permissions = [])
|
2009-06-09 00:30:22 +02:00
|
|
|
return false if !require_user
|
2009-06-08 16:16:30 +02:00
|
|
|
unless current_user && current_user.has_permission?(*permissions)
|
|
|
|
store_location
|
|
|
|
flash[:notice] = "You must have permission to access this page"
|
2009-06-09 00:30:22 +02:00
|
|
|
redirect_to account_path
|
2009-06-08 16:16:30 +02:00
|
|
|
return false
|
|
|
|
end
|
2009-06-09 00:30:22 +02:00
|
|
|
return true
|
2009-06-08 16:16:30 +02:00
|
|
|
end
|
|
|
|
|
2009-05-22 16:14:07 +02:00
|
|
|
def require_user
|
|
|
|
unless current_user
|
|
|
|
store_location
|
|
|
|
flash[:notice] = "You must be logged in to access this page"
|
2009-06-09 00:30:22 +02:00
|
|
|
redirect_to login_path
|
2009-05-22 16:14:07 +02:00
|
|
|
return false
|
|
|
|
end
|
2009-06-09 00:30:22 +02:00
|
|
|
return true
|
2009-05-22 16:14:07 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
def require_no_user
|
|
|
|
if current_user
|
|
|
|
store_location
|
2009-06-09 00:30:22 +02:00
|
|
|
flash[:notice] = "Already logged in. Please logout"
|
|
|
|
redirect_to account_path
|
2009-05-22 16:14:07 +02:00
|
|
|
return false
|
|
|
|
end
|
2009-06-09 00:30:22 +02:00
|
|
|
return true
|
2009-05-22 16:14:07 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
def store_location
|
2011-04-25 07:49:06 +02:00
|
|
|
session[:return_to] = request.fullpath
|
2009-05-22 16:14:07 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
def redirect_back_or_default(default)
|
|
|
|
redirect_to(session[:return_to] || default)
|
|
|
|
session[:return_to] = nil
|
|
|
|
end
|
2009-05-22 14:13:46 +02:00
|
|
|
end
|