Project

General

Profile

« Previous | Next » 

Revision a579432b

Added by Marc Dequènes about 16 years ago

  • ID a579432b8465d28632aa81b55adb93f2a5f2e439

[fix/evol] forgot new files in the previous commits and check admin status to access user management

View differences:

app/controllers/admin/users_controller.rb
class Admin::UsersController < Admin::AdminController
simple_rest_support
before_filter :admin_required
end
app/controllers/application.rb
end
def login_required
if session[:user_id]
return true
end
return true if session[:user_id]
flash[:warning] = _('Please login to continue')
session[:return_to] = request.request_uri
redirect_to :controller => "/logon", :action => "login"
return false
end
def admin_required
return true if login_required and current_user.admin
@reject_reason = "You are not an Admin !"
render :template => "common/403", :layout => ! request.xhr?, :status => :forbidden
return false
end
def current_user
@current_user ||= ((session[:user_id] && User.find_by_id(session[:user_id])) || nil)
end
app/controllers/logon_controller.rb
class LogonController < ApplicationController
def index
render :action => "login"
end
def login
if request.post?
if session[:user_id] = User.authenticate(params[:login], params[:password])
flash[:message] = _("Login successful")
redirect_to_stored
else
flash[:warning] = _("Login unsuccessful")
end
end
end
def logout
session[:user_id] = nil
flash[:message] = 'Logged out'
redirect_to :action => 'login'
end
end
app/models/user.rb
require 'digest/sha1'
class User < ActiveRecord::Base
validates_presence_of :login, :salt
validates_presence_of :password, :password_confirmation, :if => :password_changed?
validates_confirmation_of :password
validates_uniqueness_of :login
validates_uniqueness_of :real_name, :email, :allow_nil => true
validates_length_of :login, :within => 3..64, :allow_nil => true
validates_length_of :password, :within => 4..128, :if => :password_changed?, :allow_nil => true
validates_format_of :email, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :message => _("Invalid email"), :allow_blank => true
attr_protected :id, :salt
attr_accessor :password, :password_confirmation
def self.random_string(len)
#generate a random password consisting of strings and digits
chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
newpass = ""
1.upto(len) {|i| newpass << chars[rand(chars.size - 1)] }
return newpass
end
def password=(pass)
@password = pass
self.salt = self.class.random_string(10) if not self.salt?
self.hashed_password = self.class.encrypt(@password, self.salt)
end
def self.encrypt(pass, salt)
Digest::SHA1.hexdigest(pass + salt)
end
def self.authenticate(login, pass)
u=find(:first, :conditions => ["login = ?", login])
return nil if u.nil?
return u if self.encrypt(pass, u.salt) == u.hashed_password
nil
end
def password_changed?
self.new_record? or @password
end
end
app/views/admin/users/index.rhtml
<p><%= display_alert _("Not implemented yet !") %></p>
app/views/common/403.rhtml
<h2>403</h2>
<p>Forbidden (<%= @reject_reason %>)</p>
<p><a href="javascript:history.back()">Back</a></p>
app/views/logon/login.rhtml
<p>Please identify yourself to access this area.</p>
<% form_tag(url_for(:action => 'login')) do %>
<% field_set_tag do %>
<p><%= label(:login, "Username") %> <%= text_field_tag(:login, nil, :size => 20) %></p>
<p><%= label(:password, "Password") %> <%= password_field_tag(:password, nil, :size => 20) %></p>
<%= submit_tag "Login", :class => "small" %>
<% end %>
<% end %>

Also available in: Unified diff