Revision a579432b
Added by Marc Dequènes about 16 years ago
- ID a579432b8465d28632aa81b55adb93f2a5f2e439
app/controllers/admin/users_controller.rb | ||
---|---|---|
class Admin::UsersController < Admin::AdminController
|
||
simple_rest_support
|
||
|
||
before_filter :admin_required
|
||
end
|
app/controllers/application.rb | ||
---|---|---|
end
|
||
|
||
def login_required
|
||
if session[:user_id]
|
||
return true
|
||
end
|
||
return true if session[:user_id]
|
||
|
||
flash[:warning] = _('Please login to continue')
|
||
session[:return_to] = request.request_uri
|
||
redirect_to :controller => "/logon", :action => "login"
|
||
return false
|
||
end
|
||
|
||
def admin_required
|
||
return true if login_required and current_user.admin
|
||
|
||
@reject_reason = "You are not an Admin !"
|
||
render :template => "common/403", :layout => ! request.xhr?, :status => :forbidden
|
||
return false
|
||
end
|
||
|
||
def current_user
|
||
@current_user ||= ((session[:user_id] && User.find_by_id(session[:user_id])) || nil)
|
||
end
|
app/controllers/logon_controller.rb | ||
---|---|---|
class LogonController < ApplicationController
|
||
def index
|
||
render :action => "login"
|
||
end
|
||
|
||
def login
|
||
if request.post?
|
||
if session[:user_id] = User.authenticate(params[:login], params[:password])
|
||
flash[:message] = _("Login successful")
|
||
redirect_to_stored
|
||
else
|
||
flash[:warning] = _("Login unsuccessful")
|
||
end
|
||
end
|
||
end
|
||
|
||
def logout
|
||
session[:user_id] = nil
|
||
flash[:message] = 'Logged out'
|
||
redirect_to :action => 'login'
|
||
end
|
||
end
|
app/models/user.rb | ||
---|---|---|
require 'digest/sha1'
|
||
|
||
class User < ActiveRecord::Base
|
||
validates_presence_of :login, :salt
|
||
validates_presence_of :password, :password_confirmation, :if => :password_changed?
|
||
validates_confirmation_of :password
|
||
validates_uniqueness_of :login
|
||
validates_uniqueness_of :real_name, :email, :allow_nil => true
|
||
validates_length_of :login, :within => 3..64, :allow_nil => true
|
||
validates_length_of :password, :within => 4..128, :if => :password_changed?, :allow_nil => true
|
||
validates_format_of :email, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :message => _("Invalid email"), :allow_blank => true
|
||
|
||
attr_protected :id, :salt
|
||
attr_accessor :password, :password_confirmation
|
||
|
||
def self.random_string(len)
|
||
#generate a random password consisting of strings and digits
|
||
chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
|
||
newpass = ""
|
||
1.upto(len) {|i| newpass << chars[rand(chars.size - 1)] }
|
||
return newpass
|
||
end
|
||
|
||
def password=(pass)
|
||
@password = pass
|
||
self.salt = self.class.random_string(10) if not self.salt?
|
||
self.hashed_password = self.class.encrypt(@password, self.salt)
|
||
end
|
||
|
||
def self.encrypt(pass, salt)
|
||
Digest::SHA1.hexdigest(pass + salt)
|
||
end
|
||
|
||
def self.authenticate(login, pass)
|
||
u=find(:first, :conditions => ["login = ?", login])
|
||
return nil if u.nil?
|
||
return u if self.encrypt(pass, u.salt) == u.hashed_password
|
||
nil
|
||
end
|
||
|
||
def password_changed?
|
||
self.new_record? or @password
|
||
end
|
||
end
|
app/views/admin/users/index.rhtml | ||
---|---|---|
<p><%= display_alert _("Not implemented yet !") %></p>
|
app/views/common/403.rhtml | ||
---|---|---|
<h2>403</h2>
|
||
|
||
<p>Forbidden (<%= @reject_reason %>)</p>
|
||
<p><a href="javascript:history.back()">Back</a></p>
|
app/views/logon/login.rhtml | ||
---|---|---|
<p>Please identify yourself to access this area.</p>
|
||
|
||
<% form_tag(url_for(:action => 'login')) do %>
|
||
<% field_set_tag do %>
|
||
<p><%= label(:login, "Username") %> <%= text_field_tag(:login, nil, :size => 20) %></p>
|
||
<p><%= label(:password, "Password") %> <%= password_field_tag(:password, nil, :size => 20) %></p>
|
||
<%= submit_tag "Login", :class => "small" %>
|
||
<% end %>
|
||
<% end %>
|
Also available in: Unified diff
[fix/evol] forgot new files in the previous commits and check admin status to access user management