Merge branch 'develop' into feature/follow-buttons

Conflicts: app/models/track_mailer.rb app/models/track_thing.rb
author: Seb Bacon <seb.bacon@gmail.com> 2012-05-15 12:55:09 +0100
committer: Seb Bacon <seb.bacon@gmail.com> 2012-05-15 12:55:09 +0100
commit: 23816aff9e970e1264b2231757702f648f05e30c (patch)
tree: a286daaa01c1ca2bb5f8ca7035d3370541148f43 /app/controllers/admin_controller.rb
parent: 8c5a6f4dc2d174ed5190719d952b39720d3bf362 (diff)
parent: 5097146ff016b2aaa9d3dc29f3ec65db0aadbb72 (diff)
1 files changed, 31 insertions, 14 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 1612e5179..884d7e540 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -46,23 +46,40 @@ class AdminController < ApplicationController
             expire_for_request(info_request)
         end
     end
-	private
 
-	def authenticate
-            config_username = MySociety::Config.get('ADMIN_USERNAME', '')
-            config_password = MySociety::Config.get('ADMIN_PASSWORD', '')
-            if !config_username.empty? && !config_password.empty?
-                authenticate_or_request_with_http_basic do |user_name, password|
-                    if user_name == config_username && password == config_password
-                        session[:using_admin] = 1
-                        request.env['REMOTE_USER'] = user_name
-                    else
-                        request_http_basic_authentication
+    private
+
+    def authenticate
+        if MySociety::Config.get('SKIP_ADMIN_AUTH', false)
+            session[:using_admin] = 1
+            return
+        else
+            if session[:using_admin].nil?
+                if params[:emergency].nil?
+                    if authenticated?(
+                                      :web => _("To log into the administrative interface"),
+                                      :email => _("Then you can log into the administrative interface"),
+                                      :email_subject => _("Log into the admin interface"),
+                                      :user_name => "a superuser")
+                        if !@user.nil? && @user.admin_level == "super"
+                            session[:using_admin] = 1
+                            request.env['REMOTE_USER'] = @user.url_name
+                        end
+                    end
+                else
+                    config_username = MySociety::Config.get('ADMIN_USERNAME', '')
+                    config_password = MySociety::Config.get('ADMIN_PASSWORD', '')
+                    authenticate_or_request_with_http_basic do |user_name, password|
+                        if user_name == config_username && password == config_password
+                            session[:using_admin] = 1
+                            request.env['REMOTE_USER'] = user_name
+                        else
+                            request_http_basic_authentication
+                        end
                     end
                 end
-            else
-                session[:using_admin] = 1
             end
-	end
+        end
+    end
 end
author	Seb Bacon <seb.bacon@gmail.com>	2012-05-15 12:55:09 +0100
committer	Seb Bacon <seb.bacon@gmail.com>	2012-05-15 12:55:09 +0100
commit	23816aff9e970e1264b2231757702f648f05e30c (patch)
tree	a286daaa01c1ca2bb5f8ca7035d3370541148f43 /app/controllers/admin_controller.rb
parent	8c5a6f4dc2d174ed5190719d952b39720d3bf362 (diff)
parent	5097146ff016b2aaa9d3dc29f3ec65db0aadbb72 (diff)