| blob | 1fb36cd70df8b0bb74bdfc0e498cf347f2637ea7 |
1 # Application-wide functionality used by controllers.
2 class ApplicationController < ActionController::Base
3 before_filter :authorize # user should be logged in
5 # Returns the id of the current folder, which is used by the
6 # CRUD authorize methods to check the logged in user's permissions.
7 def folder_id
8 case params[:controller] + '/' + params[:action]
9 when 'folder/index', 'folder/list', 'folder/new', 'folder/create', 'folder/update_permissions', 'folder/feed', 'file/upload', 'file/validate_filename'
10 current_folder_id = 1 unless current_folder_id = params[:id]
11 when 'file/do_the_upload'
12 # This prevents a URL like 0.0.0.0/file/do_the_upload/12,
13 # which breaks the upload progress. The URL now looks like this:
14 # 0.0.0.0/file/do_the_upload/?folder_id=12
15 current_folder_id = 1 unless current_folder_id = params[:folder_id]
16 when 'folder/rename', 'folder/update', 'folder/destroy'
17 current_folder_id = @folder.parent_id if @folder
18 when 'file/download', 'file/rename', 'file/update', 'file/destroy', 'file/preview'
19 current_folder_id = @myfile.folder.id
20 end
21 return current_folder_id
22 end
24 # Check if a folder exists before executing an action.
25 # If it doesn't exist: redirect to 'list' and show an error message
26 def does_folder_exist
27 @folder = Folder.find(params[:id]) if params[:id]
28 rescue
29 flash.now[:folder_error] = 'Someone else deleted the folder you are using. Your action was cancelled and you have been taken back to the root folder.'
30 redirect_to :controller => 'folder', :action => 'list' and return false
31 end
33 # The #authorize method is used as a <tt>before_hook</tt> in most controllers.
34 # If the session does not contain a valid user, the method redirects to either
35 # AuthenticationController.login or AuthenticationController.create_admin (if no users exist yet).
36 def authorize
37 @logged_in_user = User.find(session[:user_id])
38 rescue
39 reset_session
40 @logged_in_user = nil
41 if User.find(:all).length > 0
42 session[:jumpto] = request.parameters
43 redirect_to :controller => 'authentication', :action => 'login' and return false
44 else
45 redirect_to :controller => 'authentication', :action => 'create_admin' and return false
46 end
47 end
49 # If the session does not contain a user with admin privilages (is in the admins
50 # group), the method redirects to /folder/list
51 def authorize_admin
52 redirect_to(:controller => 'folder', :action => 'list') and return false unless @logged_in_user.is_admin?
53 end
55 # Redirect to the Root folder and show an error message
56 # if current user cannot create in current folder
57 def authorize_creating
58 unless @logged_in_user.can_create(folder_id)
59 flash.now[:folder_error] = "You don't have create permissions for this folder."
60 redirect_to :controller => 'folder', :action => 'list', :id => folder_id and return false
61 end
62 end
64 # Redirect to the Root folder and show an error message
65 # if current user cannot read in current folder
66 def authorize_reading
67 unless @logged_in_user.can_read(folder_id)
68 flash.now[:folder_error] = "You don't have read permissions for this folder."
69 redirect_to :controller => 'folder', :action => 'list', :id => nil and return false
70 end
71 end
73 # Redirect to the Root folder and show an error message
74 # if current user cannot update in current folder
75 def authorize_updating
76 unless @logged_in_user.can_update(folder_id)
77 flash.now[:folder_error] = "You don't have update permissions for this folder."
78 redirect_to :controller => 'folder', :action => 'list', :id => folder_id and return false
79 end
80 end
82 # Check if the logged in user has permission to delete the file
83 def authorize_deleting
84 unless @logged_in_user.can_delete(folder_id)
85 flash.now[:folder_error] = "You don't have delete permissions for this folder."
86 redirect_to :controller => 'folder', :action => 'list', :id => folder_id and return false
87 end
88 end
89 end