aboutsummaryrefslogtreecommitdiffstats
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/admin_censor_rule_controller.rb4
-rw-r--r--app/controllers/admin_controller.rb31
-rw-r--r--app/controllers/admin_general_controller.rb2
-rw-r--r--app/controllers/admin_public_body_controller.rb8
-rw-r--r--app/controllers/admin_request_controller.rb18
-rw-r--r--app/controllers/application_controller.rb14
-rw-r--r--app/controllers/user_controller.rb5
7 files changed, 47 insertions, 35 deletions
diff --git a/app/controllers/admin_censor_rule_controller.rb b/app/controllers/admin_censor_rule_controller.rb
index dca312b8b..5381921bf 100644
--- a/app/controllers/admin_censor_rule_controller.rb
+++ b/app/controllers/admin_censor_rule_controller.rb
@@ -15,7 +15,7 @@ class AdminCensorRuleController < AdminController
end
def create
- params[:censor_rule][:last_edit_editor] = admin_http_auth_user()
+ params[:censor_rule][:last_edit_editor] = admin_current_user()
@censor_rule = CensorRule.new(params[:censor_rule])
if @censor_rule.save
if !@censor_rule.info_request.nil?
@@ -42,7 +42,7 @@ class AdminCensorRuleController < AdminController
end
def update
- params[:censor_rule][:last_edit_editor] = admin_http_auth_user()
+ params[:censor_rule][:last_edit_editor] = admin_current_user()
@censor_rule = CensorRule.find(params[:id])
if @censor_rule.update_attributes(params[:censor_rule])
if !@censor_rule.info_request.nil?
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index dd966c4af..d7933b212 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -45,12 +45,36 @@ class AdminController < ApplicationController
end
end
+ # For administration interface, return display name of authenticated user
+ def admin_current_user
+ if Configuration::skip_admin_auth
+ admin_http_auth_user
+ else
+ session[:admin_name]
+ end
+ end
+
+ # If we're skipping Alaveteli admin authentication, assume that the environment
+ # will give us an authenticated user name
+ def admin_http_auth_user
+ # This needs special magic in mongrel: http://www.ruby-forum.com/topic/83067
+ # Hence the second clause which reads X-Forwarded-User header if available.
+ # See the rewrite rules in conf/httpd.conf which set X-Forwarded-User
+ if request.env["REMOTE_USER"]
+ return request.env["REMOTE_USER"]
+ elsif request.env["HTTP_X_FORWARDED_USER"]
+ return request.env["HTTP_X_FORWARDED_USER"]
+ else
+ return "*unknown*";
+ end
+ end
+
def authenticate
if Configuration::skip_admin_auth
session[:using_admin] = 1
return
else
- if session[:using_admin].nil?
+ if session[:using_admin].nil? || session[:admin_name].nil?
if params[:emergency].nil?
if authenticated?(
:web => _("To log into the administrative interface"),
@@ -59,11 +83,12 @@ class AdminController < ApplicationController
:user_name => "a superuser")
if !@user.nil? && @user.admin_level == "super"
session[:using_admin] = 1
- request.env['REMOTE_USER'] = @user.url_name
+ session[:admin_name] = @user.url_name
else
session[:using_admin] = nil
session[:user_id] = nil
+ session[:admin_name] = nil
self.authenticate
end
end
@@ -71,7 +96,7 @@ class AdminController < ApplicationController
authenticate_or_request_with_http_basic do |user_name, password|
if user_name == Configuration::admin_username && password == Configuration::admin_password
session[:using_admin] = 1
- request.env['REMOTE_USER'] = user_name
+ session[:admin_name] = user_name
else
request_http_basic_authentication
end
diff --git a/app/controllers/admin_general_controller.rb b/app/controllers/admin_general_controller.rb
index 5176eb8db..9f4c398c1 100644
--- a/app/controllers/admin_general_controller.rb
+++ b/app/controllers/admin_general_controller.rb
@@ -120,7 +120,7 @@ class AdminGeneralController < AdminController
end
def debug
- @http_auth_user = admin_http_auth_user
+ @admin_current_user = admin_current_user
@current_commit = `git log -1 --format="%H"`
@current_branch = `git branch | perl -ne 'print $1 if /^\\* (.*)/'`
@current_version = `git describe --always --tags`
diff --git a/app/controllers/admin_public_body_controller.rb b/app/controllers/admin_public_body_controller.rb
index e64925bde..ac12e97b2 100644
--- a/app/controllers/admin_public_body_controller.rb
+++ b/app/controllers/admin_public_body_controller.rb
@@ -88,7 +88,7 @@ class AdminPublicBodyController < AdminController
def create
PublicBody.with_locale(I18n.default_locale) do
- params[:public_body][:last_edit_editor] = admin_http_auth_user()
+ params[:public_body][:last_edit_editor] = admin_current_user()
@public_body = PublicBody.new(params[:public_body])
if @public_body.save
flash[:notice] = 'PublicBody was successfully created.'
@@ -107,7 +107,7 @@ class AdminPublicBodyController < AdminController
def update
PublicBody.with_locale(I18n.default_locale) do
- params[:public_body][:last_edit_editor] = admin_http_auth_user()
+ params[:public_body][:last_edit_editor] = admin_current_user()
@public_body = PublicBody.find(params[:id])
if @public_body.update_attributes(params[:public_body])
flash[:notice] = 'PublicBody was successfully updated.'
@@ -157,7 +157,7 @@ class AdminPublicBodyController < AdminController
params[:tag],
params[:tag_behaviour],
true,
- admin_http_auth_user(),
+ admin_current_user(),
I18n.available_locales)
if errors.size == 0
@@ -171,7 +171,7 @@ class AdminPublicBodyController < AdminController
params[:tag],
params[:tag_behaviour],
false,
- admin_http_auth_user(),
+ admin_current_user(),
I18n.available_locales)
if errors.size != 0
raise "dry run mismatched real run"
diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb
index c97ef7f1e..3e574b10f 100644
--- a/app/controllers/admin_request_controller.rb
+++ b/app/controllers/admin_request_controller.rb
@@ -85,7 +85,7 @@ class AdminRequestController < AdminController
if @info_request.valid?
@info_request.save!
@info_request.log_event("edit",
- { :editor => admin_http_auth_user(),
+ { :editor => admin_current_user(),
:old_title => old_title, :title => @info_request.title,
:old_prominence => old_prominence, :prominence => @info_request.prominence,
:old_described_state => old_described_state, :described_state => @info_request.described_state,
@@ -128,7 +128,7 @@ class AdminRequestController < AdminController
@outgoing_message.fully_destroy
@outgoing_message.info_request.log_event("destroy_outgoing",
- { :editor => admin_http_auth_user(), :deleted_outgoing_message_id => outgoing_message_id })
+ { :editor => admin_current_user(), :deleted_outgoing_message_id => outgoing_message_id })
flash[:notice] = 'Outgoing message successfully destroyed.'
redirect_to request_admin_url(@info_request)
@@ -141,7 +141,7 @@ class AdminRequestController < AdminController
if @outgoing_message.update_attributes(params[:outgoing_message])
@outgoing_message.info_request.log_event("edit_outgoing",
- { :outgoing_message_id => @outgoing_message.id, :editor => admin_http_auth_user(),
+ { :outgoing_message_id => @outgoing_message.id, :editor => admin_current_user(),
:old_body => old_body, :body => @outgoing_message.body })
flash[:notice] = 'Outgoing message successfully updated.'
redirect_to request_admin_url(@outgoing_message.info_request)
@@ -163,7 +163,7 @@ class AdminRequestController < AdminController
if @comment.update_attributes(params[:comment])
@comment.info_request.log_event("edit_comment",
- { :comment_id => @comment.id, :editor => admin_http_auth_user(),
+ { :comment_id => @comment.id, :editor => admin_current_user(),
:old_body => old_body, :body => @comment.body,
:old_visible => old_visible, :visible => @comment.visible,
})
@@ -182,7 +182,7 @@ class AdminRequestController < AdminController
@incoming_message.fully_destroy
@incoming_message.info_request.log_event("destroy_incoming",
- { :editor => admin_http_auth_user(), :deleted_incoming_message_id => incoming_message_id })
+ { :editor => admin_current_user(), :deleted_incoming_message_id => incoming_message_id })
# expire cached files
expire_for_request(@info_request)
flash[:notice] = 'Incoming message successfully destroyed.'
@@ -213,7 +213,7 @@ class AdminRequestController < AdminController
incoming_message_id = incoming_message.id
incoming_message.info_request.log_event("redeliver_incoming", {
- :editor => admin_http_auth_user(),
+ :editor => admin_current_user(),
:destination_request => destination_request.id,
:deleted_incoming_message_id => incoming_message_id
})
@@ -239,7 +239,7 @@ class AdminRequestController < AdminController
info_request.user = destination_user
info_request.save!
info_request.log_event("move_request", {
- :editor => admin_http_auth_user(),
+ :editor => admin_current_user(),
:old_user_url_name => old_user.url_name,
:user_url_name => destination_user.url_name
})
@@ -257,7 +257,7 @@ class AdminRequestController < AdminController
info_request.public_body = destination_public_body
info_request.save!
info_request.log_event("move_request", {
- :editor => admin_http_auth_user(),
+ :editor => admin_current_user(),
:old_public_body_url_name => old_public_body.url_name,
:public_body_url_name => destination_public_body.url_name
})
@@ -367,7 +367,7 @@ class AdminRequestController < AdminController
info_request.prominence = "requester_only"
info_request.log_event("hide", {
- :editor => admin_http_auth_user(),
+ :editor => admin_current_user(),
:reason => params[:reason],
:subject => subject,
:explanation => explanation
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index f29015c63..3f3c169ae 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -340,20 +340,6 @@ class ApplicationController < ActionController::Base
end
- # For administration interface, return display name of authenticated user
- def admin_http_auth_user
- # This needs special magic in mongrel: http://www.ruby-forum.com/topic/83067
- # Hence the second clause which reads X-Forwarded-User header if available.
- # See the rewrite rules in conf/httpd.conf which set X-Forwarded-User
- if request.env["REMOTE_USER"]
- return request.env["REMOTE_USER"]
- elsif request.env["HTTP_X_FORWARDED_USER"]
- return request.env["HTTP_X_FORWARDED_USER"]
- else
- return "*unknown*";
- end
- end
-
# Convert URL name for sort by order, to Xapian query
def order_to_sort_by(sortby)
if sortby.nil?
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 810b3321e..4ee527bae 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -119,13 +119,13 @@ class UserController < ApplicationController
@track_things = TrackThing.find(:all, :conditions => ["tracking_user_id = ? and track_medium = ?", @display_user.id, 'email_daily'], :order => 'created_at desc')
for track_thing in @track_things
# XXX factor out of track_mailer.rb
- xapian_object = InfoRequest.full_search([InfoRequestEvent], track_thing.track_query, 'described_at', true, nil, 20, 1)
+ xapian_object = InfoRequest.full_search([InfoRequestEvent], track_thing.track_query, 'described_at', true, nil, 20, 1)
feed_results += xapian_object.results.map {|x| x[:model]}
end
end
@feed_results = Array(feed_results).sort {|x,y| y.created_at <=> x.created_at}.first(20)
-
+
respond_to do |format|
format.html { @has_json = true }
format.json { render :json => @display_user.json_for_api }
@@ -244,6 +244,7 @@ class UserController < ApplicationController
session[:user_circumstance] = nil
session[:remember_me] = false
session[:using_admin] = nil
+ session[:admin_name] = nil
end
def signout
self._do_signout
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-22 19:17:26 +0000