forked from OpenNeo/impress
Matchu
45090b8d1c
In the login case, we save the `return_to` parameter in the session, because login can be a multi-step process. In the logout case, we just read it directly from the form params. Note that you *could* end up in a weird scenario where an old return_to value sticks around for a bit? But we have the sense to delete it when we use it on a successful sign-in, and most links to the login page come with a `return_to` param which should reset it. So, you'd have to 1) have started but not finished a sign-in, 2) during the same session, and 3) get to the login page by an unusual means. Probably fine!
104 lines
2.9 KiB
Ruby
104 lines
2.9 KiB
Ruby
require 'ipaddr'
|
|
|
|
class ApplicationController < ActionController::Base
|
|
include FragmentLocalization
|
|
|
|
protect_from_forgery
|
|
|
|
helper_method :current_user, :user_signed_in?
|
|
|
|
before_action :set_locale
|
|
|
|
before_action :configure_permitted_parameters, if: :devise_controller?
|
|
before_action :save_return_to_path,
|
|
if: ->(c) { c.controller_name == 'sessions' && c.action_name == 'new' }
|
|
|
|
def authenticate_user!
|
|
redirect_to(new_auth_user_session_path) unless user_signed_in?
|
|
end
|
|
|
|
def authorize_user!
|
|
raise AccessDenied unless user_signed_in? && current_user.id == params[:user_id].to_i
|
|
end
|
|
|
|
def current_user
|
|
if auth_user_signed_in?
|
|
User.where(remote_id: current_auth_user.id).first
|
|
else
|
|
nil
|
|
end
|
|
end
|
|
|
|
def user_signed_in?
|
|
auth_user_signed_in?
|
|
end
|
|
|
|
def infer_locale
|
|
return params[:locale] if valid_locale?(params[:locale])
|
|
return cookies[:locale] if valid_locale?(cookies[:locale])
|
|
Rails.logger.debug "Preferred languages: #{http_accept_language.user_preferred_languages}"
|
|
http_accept_language.language_region_compatible_from(I18n.public_locales.map(&:to_s)) ||
|
|
I18n.default_locale
|
|
end
|
|
|
|
PRIVATE_IP_BLOCK = IPAddr.new('192.168.0.0/16')
|
|
def local_only
|
|
raise AccessDenied unless request.ip == '127.0.0.1' || PRIVATE_IP_BLOCK.include?(request.ip)
|
|
end
|
|
|
|
def localized_fragment_exist?(key)
|
|
localized_key = localize_fragment_key(key, locale)
|
|
fragment_exist?(localized_key)
|
|
end
|
|
|
|
def not_found(record_name='record')
|
|
raise ActionController::RoutingError.new("#{record_name} not found")
|
|
end
|
|
|
|
class AccessDenied < StandardError;end
|
|
|
|
rescue_from AccessDenied, :with => :on_access_denied
|
|
|
|
def on_access_denied
|
|
render template: 'public/403.html', :layout => false, :status => :forbidden
|
|
end
|
|
|
|
def redirect_back!(default=:back)
|
|
redirect_to(params[:return_to] || default)
|
|
end
|
|
|
|
def set_locale
|
|
I18n.locale = infer_locale || I18n.default_locale
|
|
end
|
|
|
|
def valid_locale?(locale)
|
|
locale && I18n.usable_locales.include?(locale.to_sym)
|
|
end
|
|
|
|
def configure_permitted_parameters
|
|
# Devise will automatically permit the authentication key (username) and
|
|
# the password, but we need to let the email field through ourselves.
|
|
devise_parameter_sanitizer.permit(:sign_up, keys: [:email])
|
|
devise_parameter_sanitizer.permit(:account_update, keys: [:email])
|
|
end
|
|
|
|
def save_return_to_path
|
|
if params[:return_to]
|
|
Rails.logger.debug "Saving return_to path: #{params[:return_to].inspect}"
|
|
session[:devise_return_to] = params[:return_to]
|
|
end
|
|
end
|
|
|
|
def after_sign_in_path_for(user)
|
|
return_to = session.delete(:devise_return_to)
|
|
Rails.logger.debug "Using return_to path: #{return_to.inspect}"
|
|
return_to || root_path
|
|
end
|
|
|
|
def after_sign_out_path_for(user)
|
|
return_to = params[:return_to]
|
|
Rails.logger.debug "Using return_to path: #{return_to.inspect}"
|
|
return_to || root_path
|
|
end
|
|
end
|
|
|