1 files changed, 28 insertions, 3 deletions

diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index dd966c4af..d7933b212 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -45,12 +45,36 @@ class AdminController < ApplicationController
         end
     end
 
+    # For administration interface, return display name of authenticated user
+    def admin_current_user
+        if Configuration::skip_admin_auth
+            admin_http_auth_user
+        else
+            session[:admin_name]
+        end
+    end
+
+    # If we're skipping Alaveteli admin authentication, assume that the environment
+    # will give us an authenticated user name
+    def admin_http_auth_user
+        # This needs special magic in mongrel: http://www.ruby-forum.com/topic/83067
+        # Hence the second clause which reads X-Forwarded-User header if available.
+        # See the rewrite rules in conf/httpd.conf which set X-Forwarded-User
+        if request.env["REMOTE_USER"]
+            return request.env["REMOTE_USER"]
+        elsif request.env["HTTP_X_FORWARDED_USER"]
+            return request.env["HTTP_X_FORWARDED_USER"]
+        else
+            return "*unknown*";
+        end
+    end
+
     def authenticate
         if Configuration::skip_admin_auth
             session[:using_admin] = 1
             return
         else
-            if session[:using_admin].nil?
+            if session[:using_admin].nil? || session[:admin_name].nil?
                 if params[:emergency].nil?
                     if authenticated?(
                                       :web => _("To log into the administrative interface"),
@@ -59,11 +83,12 @@ class AdminController < ApplicationController
                                       :user_name => "a superuser")
                         if !@user.nil? && @user.admin_level == "super"
                             session[:using_admin] = 1
-                            request.env['REMOTE_USER'] = @user.url_name
+                            session[:admin_name] = @user.url_name
                         else
 
                             session[:using_admin] = nil
                             session[:user_id] = nil
+                            session[:admin_name] = nil
                             self.authenticate
                         end
                     end
@@ -71,7 +96,7 @@ class AdminController < ApplicationController
                     authenticate_or_request_with_http_basic do |user_name, password|
                         if user_name == Configuration::admin_username && password == Configuration::admin_password
                             session[:using_admin] = 1
-                            request.env['REMOTE_USER'] = user_name
+                            session[:admin_name] = user_name
                         else
                             request_http_basic_authentication
                         end