Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # encoding: utf-8
- module Application::AuthFilters
- def self.included(base)
- base.class_eval do
- protect_from_forgery
- before_filter :verify_site_access
- before_filter :set_current_account_for_model_security
- helper_method :current_user, :me?, :admin?, :can?, :cannot?
- filter_parameter_logging :password, :password_confirmation
- end
- end
- protected
- # Authentication-filter: Before-hook to verify site access using HTTP Basic Authentication.
- # Used for hiding/restricting development/unstable versions of the site,
- # i.e. "staging" versions.
- #
- def verify_site_access
- # Make non-production environments hidden for public.
- if ::Settings.security.enabled && ::Settings.security.environments.present?
- if ::Settings.security.environments.any? { |env| ::Rails.env?(env.to_sym) rescue false }
- authenticate_or_request_with_http_basic do |login, password|
- login == ::Settings.security.site_access.login &&
- password == ::Settings.security.site_access.pass
- end
- end
- end
- end
- # Authorization-filter: For model security maintenance.
- #
- # See "declarative_authorization" documentation for more info.
- #
- def set_current_account_for_model_security
- ::Authorization.current_user = current_user
- end
- # Authorization-hook: Permission denied, i.e. user not authorized.
- #
- # See "declarative_authorization" documentation for more info.
- #
- def permission_denied
- respond_to do |format|
- flash[:failure] = ::I18n.t(:not_allowed, [:flash, :accounts, :errors])
- format.html do
- begin
- if current_account
- redirect_to :back
- else
- redirect_to login_path
- end
- rescue
- redirect_to root_path
- end
- end
- format.xml { head :unauthorized }
- format.js { head :unauthorized }
- end
- end
- # Helper: alias :current_user :current
- #
- def current_user
- current_account
- end
- # Helper: Is current user?
- #
- # == Usage/Examples:
- #
- # me?(current_user) # => true
- # me?(User.new) # => false
- #
- def me?(subject)
- subject == current_user
- end
- # Helper: Is current user admin?
- #
- # == Usage/Examples:
- #
- # admin? # => admin?(current_user) => false
- # admin?(User.new) # => false
- # current_user.assign_role!(:admin) #
- # admin?(User.new) # => false
- #
- def admin?(subject = current_user)
- subject && subject.respond_to?(:has_role?) && subject.has_role?(:admin)
- end
- # Helper: Is the current user authorized to do X?
- #
- # == Usage/Examples:
- #
- # can?(:new, Post)
- # can?(:edit, Post)
- # can?(:edit, @post)
- #
- # See/Manage authorization rules in: +config/authorization_rules.rb+
- #
- def can?(*args)
- permitted_to?(*args)
- end
- # Helper: Opposite of +can?+.
- #
- # == Usage/Examples:
- #
- # cannot?(:new, Post)
- # cannot?(:edit, Post)
- # cannot?(:edit, @post)
- #
- # See/Manage authorization rules in: +config/authorization_rules.rb+
- #
- def cannot?(*args)
- !can?(*args)
- end
- end
Add Comment
Please, Sign In to add comment