Sign upLogin

camdub/Internships

View on GitHub
Star
app/controllers/application_controller.rb

Summary

Maintainability
A
35 mins
Test Coverage
class ApplicationController < ActionController::Base
  protect_from_forgery

  #check_authorization  
  
#  include Rails.application.routes.url_helpers
#  include ActionView::Helpers::UrlHelper

  before_filter :authenticate, :except => [:cas_response]
  #before_filter :access, :except => [:cas_response, :authenticate, :current_user]
  before_filter :set_section  
  
  before_filter :authorize, :except => [:cas_response, :authenticate, :current_user]
  
  def authorize
    #puts params[:action]
    #puts params[:controller]
    
    authorize! params[:action].to_s.to_sym, params[:controller].to_s.to_sym if params[:format] != 'json'
  end
  
  def set_section
    @section = 'home'
  end

  def access
    forbidden = true
    
    #permission like setup - user has permissions
    white_list_controllers = []
    if @current_user.has_role('student')
      white_list_controllers << ['']
    end
    if @current_user.has_role('faculty')
      white_list_controllers << ['']
    end
    
    forbidden = false if white_list_controllers.index(params[:controller])
    forbidden = false if params[:format] == 'json'
    forbidden = false if @current_user.has_role('admin')
    forbidden = false if params[:action] == 'forbidden403'
    
    redirect_to forbidden_path if forbidden
    
    #if params[:controller] == 'internships' 
    #  redirect_to forbidden_path
    #end
  end
  def cas_response
    cookies[:net_id] = get_net_id(params[:ticket])
    cookies[:page_redirect] = "http://#{request.env['HTTP_HOST']}" if not cookies[:page_redirect]
    redirect_to cookies[:page_redirect]
  end
  
  private
  def current_user
    @current_user = false
    if cookies[:net_id]
      @current_user = User.find_by_net_id(cookies[:net_id])
      @current_user = User.create(:net_id => cookies[:net_id], :roles => [Role.find_by_name('student')]) if (not @current_user) && (cookies[:net_id] != "")
    end
    @current_user    
  end
  
  def authenticate
    #ADDRED FOR OFFLINE TESTING - UNCOMMENT LATER
    #cookies[:net_id] = 'kcalmes'
    
    cookies[:page_redirect] = request.url
    
    if not current_user
      redirect_to "https://cas.byu.edu/cas/login?&method=POST&service=http://#{request.env['HTTP_HOST'] + cas_response_redirect_path}"
    end
  end
  def get_net_id (ticket)
    require 'net/http'
    require 'net/https'
    
    http = Net::HTTP.new('cas.byu.edu', 443)
    http.use_ssl = true
    path = '/cas/validate'
    data = "service=http://#{request.env['HTTP_HOST'] + cas_response_redirect_path}&ticket=#{ticket}"
    head, body = http.post(path, data)
    yes, netid = body.split("\n")
    netid
  end
  
  
  rescue_from CanCan::AccessDenied do |exception|
    redirect_to root_url, :alert => exception.message
  end
  
end