It's Riseup's twentieth year, help keep us going! If you can afford it, please contribute to our winter fundraising drive.

Commit ec8d1368 authored by azul's avatar azul

Merge branch 'cleanup-controller-commons' into 'staging'

Cleanup controller commons

See merge request !280
parents c2e3cc87 c1a70c3f
......@@ -22,7 +22,6 @@ module Common::Application::Authentication
def current_user=(new_user)
new_user = nil unless new_user.respond_to? :id
session[:user] = new_user.nil? ? nil : new_user.id
session[:logged_in_since] = Time.now
@current_user = new_user
end
......@@ -42,74 +41,8 @@ module Common::Application::Authentication
session[:language_code] = language
end
def logged_in_since
session[:logged_in_since]
end
def process_login
unless current_user
# auth using http headers
username, passwd = get_auth_data
if username and passwd
self.current_user = User.authenticate(username, passwd) || User::Unknown.new
end
end
current_user
end
# Store the URI of the current request in the session.
#
# We can return to this location by calling #redirect_back_or_default.
def store_location
session[:return_to] = (request.request_uri unless request.xhr?)
end
# Redirect to the URI stored by the most recent store_location call or
# to the passed default.
def redirect_back_or_default(default)
session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
session[:return_to] = nil
end
# When called with before_action :login_from_cookie will check for an :auth_token
# cookie and log the user back in if apropriate
def login_from_cookie
return unless cookies[:auth_token] && !logged_in?
user = User.find_by_remember_token(cookies[:auth_token])
if user && user.remember_token?
user.remember_me
self.current_user = user
cookies[:auth_token] = { value: current_user.remember_token, expires: current_user.remember_token_expires_at }
flash[:notice] = 'Logged in successfully'
end
end
# note: this method is not automatically called. if you want to enable HTTP
# authentication for some action(s), you must put a prepend_before_action in
# place.
# however, a user who successfully uses HTTP auth on an action for which it
# was enabled will stay logged in and can then go and see other things.
# this is kind of lame. but only exploitable by people who could log in
# anyway, so presumabbly not *too* big a security hole.
def login_with_http_auth
unless logged_in?
authenticate_or_request_with_http_basic do |user, password|
founduser = User.authenticate(user, password)
self.current_user = founduser unless founduser.nil?
end
end
end
private
@@http_auth_headers = %w[X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization]
# gets BASIC auth info
def get_auth_data
auth_key = @@http_auth_headers.detect { |h| request.env.key?(h) }
auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
end
def load_user(id)
user = User.find_by_id(id)
user.seen! if user
......
......@@ -54,7 +54,6 @@ module Common::Application::BeforeFilters
# skip_before_action :login_required
#
def login_required
process_login
raise AuthenticationRequired unless logged_in?
end
......
......@@ -13,9 +13,6 @@ module Common::Application::UrlIdentifiers
helper_method :action?
helper_method :controller?
helper_method :page_controller?
helper_method :id?
helper_method :active_url?
helper_method :url_active?
end
end
......@@ -65,80 +62,8 @@ module Common::Application::UrlIdentifiers
controller?('me/pages', 'groups/pages', 'people/pages', 'pages/') or controller.is_a?(Page::BaseController) or controller.is_a?(Page::CreateController)
end
# returns true if params[:id] matches the id passed in
# the arguments may include the id in the form of an integer,
# string, or active record object.
def id?(*ids)
for obj in ids
if obj.is_a?(ActiveRecord::Base)
return true if obj.id == params[:id].to_i
elsif obj.is_a?(Integer)
return true if obj == params[:id].to_i
elsif obj.is_a?(String)
return true if obj == params[:id].to_s
elsif obj.is_a?(Symbol)
return true if obj.to_s == params[:id].to_s
end
end
false
end
##
## ACTIVE URL IDENTIFICATION
##
# returns true if the current params matches url_hash
def url_active?(url_hash)
return false unless url_hash.is_a? Hash
url_hash[:action] ||= 'index'
selected = true
url_hash.each do |key, value|
selected = compare_param(params[key], value)
break unless selected
end
selected
end
# here is another method to do the same thing. it is a bad sign when we start
# to get duplicated efforts like this. I am not sure which one is better.
# i moved both of them to this file to make it clear they are similar. -elijah
def active_url?(url_path)
if url_path.is_a?(String) or url_path.is_a?(Hash)
url_for(url_path) =~ /^#{Regexp.escape(request.path)}$/i
elsif url_path.is_a?(Array)
!url_path.select do |path|
url_for(path) =~ /^#{Regexp.escape(request.path)}$/i ? true : false
end.empty?
else
false
end
end
private
def compare_param(a, b)
a = a.to_param
b = b.to_param
if b.empty?
true
elsif a.empty?
false
elsif a == b
true
elsif a.is_a?(Array) or b.is_a?(Array)
a = a.to_a.sort
b = b.to_a.sort
b == a
elsif a.sub(/^\//, '') == b.sub(/^\//, '')
true # a controller of '/groups' should match 'groups'
else
false
end
end
def controller_string
@controller_string ||= params[:controller].to_s.gsub(/^\//, '')
end
......
......@@ -32,10 +32,8 @@ module Common::Ui::LinkHelper
##
# just like link_to, but sets the <a> tag to have class 'active'
# if last argument is true or if the url is in the form of a hash
# and the current params match this hash.
# if active is true
def link_to_active(link_label, url_hash, active = nil, html_options = {})
active ||= url_active?(url_hash)
selected_class = active ? 'active' : ''
classes = [selected_class, html_options[:class]]
html_options[:class] = classes.join(' ')
......
......@@ -10,9 +10,9 @@
- f.tab do |t|
- t.label :survey_my_response_tab.t
- t.url response_path(my_response, page_id: @page)
- t.selected controller?(:survey_page_response) && action?(:show) && id?(my_response.id)
- t.selected controller?(:survey_page_response) && @response.user == current_user
- if may_view_survey_response?
- f.tab do |t|
- t.label :survey_list_all_tab.t
- t.url responses_path(page_id: @page)
- t.selected controller?(:survey_page_response) && action?(:index, :show) && !id?(my_response)
- t.selected controller?(:survey_page_response) && @response.try.user != current_user
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment