diff options
| author | Louise Crow <louise.crow@gmail.com> | 2012-10-30 15:47:05 +0000 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2012-10-30 15:49:43 +0000 |
| commit | 5715cc4628f9ebd99448f85fdf3e2c191d3d2875 (patch) | |
| tree | 3ff0f8faeb3b07099d258937188f7fe29ab9ffc6 | |
| parent | 081d912ee868843c5b73b201761b1d8d19239e34 (diff) | |
If we're doing admin authentication internally, don't bother with the request environment, set the admin_name on the session instead.
| -rw-r--r-- | app/controllers/admin_controller.rb | 7 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 10 | ||||
| -rw-r--r-- | app/controllers/user_controller.rb | 5 |
3 files changed, 15 insertions, 7 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index dd966c4af..c25463f80 100644 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -50,7 +50,7 @@ class AdminController < ApplicationController session[:using_admin] = 1 return else - if session[:using_admin].nil? + if session[:using_admin].nil? || session[:admin_name].nil? if params[:emergency].nil? if authenticated?( :web => _("To log into the administrative interface"), @@ -59,11 +59,12 @@ class AdminController < ApplicationController :user_name => "a superuser") if !@user.nil? && @user.admin_level == "super" session[:using_admin] = 1 - request.env['REMOTE_USER'] = @user.url_name + session[:admin_name] = @user.url_name else session[:using_admin] = nil session[:user_id] = nil + session[:admin_name] = nil self.authenticate end end @@ -71,7 +72,7 @@ class AdminController < ApplicationController authenticate_or_request_with_http_basic do |user_name, password| if user_name == Configuration::admin_username && password == Configuration::admin_password session[:using_admin] = 1 - request.env['REMOTE_USER'] = user_name + session[:admin_name] = user_name else request_http_basic_authentication end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index bd56a9fa8..725b1b2c4 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -340,11 +340,17 @@ class ApplicationController < ActionController::Base end + # For administration interface, return display name of authenticated user def admin_current_user - admin_http_auth_user + if Configuration::skip_admin_auth + admin_http_auth_user + else + session[:admin_name] + end end - # For administration interface, return display name of authenticated user + # If we're skipping Alaveteli admin authentication, assume that the environment + # will give us an authenticated user name def admin_http_auth_user # This needs special magic in mongrel: http://www.ruby-forum.com/topic/83067 # Hence the second clause which reads X-Forwarded-User header if available. diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 810b3321e..4ee527bae 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -119,13 +119,13 @@ class UserController < ApplicationController @track_things = TrackThing.find(:all, :conditions => ["tracking_user_id = ? and track_medium = ?", @display_user.id, 'email_daily'], :order => 'created_at desc') for track_thing in @track_things # XXX factor out of track_mailer.rb - xapian_object = InfoRequest.full_search([InfoRequestEvent], track_thing.track_query, 'described_at', true, nil, 20, 1) + xapian_object = InfoRequest.full_search([InfoRequestEvent], track_thing.track_query, 'described_at', true, nil, 20, 1) feed_results += xapian_object.results.map {|x| x[:model]} end end @feed_results = Array(feed_results).sort {|x,y| y.created_at <=> x.created_at}.first(20) - + respond_to do |format| format.html { @has_json = true } format.json { render :json => @display_user.json_for_api } @@ -244,6 +244,7 @@ class UserController < ApplicationController session[:user_circumstance] = nil session[:remember_me] = false session[:using_admin] = nil + session[:admin_name] = nil end def signout self._do_signout |