application_controller.rb 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176
  1. class ApplicationController < ActionController::Base
  2. include UserInfo
  3. # http_basic_authenticate_with :name => "test", :password => "ttt"
  4. helper_method :current_user, :authentication_check, :config_frontend, :user_data_full
  5. before_filter :set_user, :cors_preflight_check
  6. after_filter :set_access_control_headers
  7. # For all responses in this controller, return the CORS access control headers.
  8. def set_access_control_headers
  9. # headers['Access-Control-Allow-Origin'] = 'http://localhost/'
  10. # headers['Access-Control-Request-Method'] = '*'
  11. # headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version'
  12. headers['Access-Control-Allow-Origin'] = 'http://localhost/'
  13. headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, OPTIONS'
  14. headers['Access-Control-Max-Age'] = "1728000"
  15. headers['Access-Control-Allow-Headers'] = 'Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control'
  16. headers['Access-Control-Allow-Credentials'] = 'true'
  17. end
  18. # If this is a preflight OPTIONS request, then short-circuit the
  19. # request, return only the necessary headers and return an empty
  20. # text/plain.
  21. def cors_preflight_check
  22. if request.method == :options
  23. headers['Access-Control-Allow-Origin'] = '*'
  24. headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
  25. headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version'
  26. headers['Access-Control-Max-Age'] = '1728000'
  27. # headers['Access-Control-Allow-Credentials'] = 'true'
  28. render :text => '', :content_type => 'text/plain'
  29. end
  30. end
  31. private
  32. # Finds the User with the ID stored in the session with the key
  33. # :current_user_id This is a common way to handle user login in
  34. # a Rails application; logging in sets the session value and
  35. # logging out removes it.
  36. def current_user
  37. @_current_user ||= session[:user_id] &&
  38. User.find_by_id( session[:user_id] )
  39. end
  40. def authentication_check
  41. logger.debug 'authentication_check'
  42. # logger.debug session.inspect
  43. # check http basic auth
  44. authenticate_with_http_basic do |user, password|
  45. logger.debug 'http basic auth check'
  46. # logger.debug user
  47. # logger.debug password
  48. userdata = User.where( :login => user ).first
  49. message = ''
  50. if !userdata
  51. message = 'authentication failed, user'
  52. else
  53. if password != userdata.password
  54. message = 'authentication failed, pw'
  55. end
  56. end
  57. if message != ''
  58. render(
  59. :json => {
  60. :error => message,
  61. },
  62. :status => :unauthorized
  63. )
  64. end
  65. return false
  66. end
  67. # logger.debug 'session check'
  68. # logger.debug session.inspect
  69. # session[:user_id] = 2
  70. if !session[:user_id]
  71. logger.debug '!session user_id'
  72. message = 'no valid session, user_id'
  73. render(
  74. :json => {
  75. :error => message,
  76. },
  77. :status => :unauthorized
  78. )
  79. return false
  80. end
  81. # return 1231
  82. # request_http_basic_authentication
  83. return false
  84. end
  85. # Sets the current user into a named Thread location so that it can be accessed
  86. # by models and observers
  87. def set_user
  88. UserInfo.current_user_id = session[:user_id]
  89. end
  90. def log_view (object)
  91. history_type = History::Type.where( :name => 'viewed' ).first
  92. if !history_type || !history_type.id
  93. history_type = History::Type.create(
  94. :name => 'viewed'
  95. )
  96. end
  97. history_object = History::Object.where( :name => object.class.name ).first
  98. if !history_object || !history_object.id
  99. history_object = History::Object.create(
  100. :name => object.class.name
  101. )
  102. end
  103. History.create(
  104. :o_id => object.id,
  105. :history_type_id => history_type.id,
  106. :history_object_id => history_object.id,
  107. :created_by_id => session[:user_id]
  108. )
  109. end
  110. def config_frontend
  111. # config
  112. config = {}
  113. Setting.select('name').where( :frontend => true ).each { |setting|
  114. config[setting.name] = Setting.get(setting.name)
  115. }
  116. return config
  117. end
  118. def user_data_full (user_id)
  119. # get user
  120. user = User.find_fulldata(user_id)
  121. # do not show password
  122. user['password'] = ''
  123. # show linked topics and items
  124. user['links'] = []
  125. # TEMP: compat. reasons
  126. user['preferences'] = {} if user['preferences'] == nil
  127. topic = {
  128. :title => 'Tickets',
  129. :items => [
  130. {
  131. :url => '',
  132. :name => 'open (' + user['preferences'][:tickets_open].to_s + ')',
  133. :title => 'Open Tickets',
  134. :class => 'user-tickets',
  135. :data => 'open'
  136. },
  137. {
  138. :url => '',
  139. :name => 'closed (' + user['preferences'][:tickets_closed].to_s + ')',
  140. :title => 'Closed Tickets',
  141. :class => 'user-tickets',
  142. :data => 'closed'
  143. }
  144. ]
  145. }
  146. user['links'].push topic
  147. return user
  148. end
  149. end