From 08d958981182aeb44eec5174e455ab41f60f9a10 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Tue, 30 Oct 2012 15:09:04 +0000 Subject: Redirect calls to admin_http_auth_user to more generic wrapper admin_current_user --- app/controllers/application_controller.rb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f29015c63..bd56a9fa8 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -340,6 +340,10 @@ class ApplicationController < ActionController::Base end + def admin_current_user + admin_http_auth_user + end + # For administration interface, return display name of authenticated user def admin_http_auth_user # This needs special magic in mongrel: http://www.ruby-forum.com/topic/83067 -- cgit v1.2.3 From 5715cc4628f9ebd99448f85fdf3e2c191d3d2875 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Tue, 30 Oct 2012 15:47:05 +0000 Subject: If we're doing admin authentication internally, don't bother with the request environment, set the admin_name on the session instead. --- app/controllers/application_controller.rb | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index bd56a9fa8..725b1b2c4 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -340,11 +340,17 @@ class ApplicationController < ActionController::Base end + # For administration interface, return display name of authenticated user def admin_current_user - admin_http_auth_user + if Configuration::skip_admin_auth + admin_http_auth_user + else + session[:admin_name] + end end - # For administration interface, return display name of authenticated user + # If we're skipping Alaveteli admin authentication, assume that the environment + # will give us an authenticated user name def admin_http_auth_user # This needs special magic in mongrel: http://www.ruby-forum.com/topic/83067 # Hence the second clause which reads X-Forwarded-User header if available. -- cgit v1.2.3 From e19b4494d1a8901ab60dd5ea7fa116d7c799a92b Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Tue, 30 Oct 2012 15:49:50 +0000 Subject: Move methods used only in admin controllers to admin_controller.rb --- app/controllers/application_controller.rb | 24 ------------------------ 1 file changed, 24 deletions(-) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 725b1b2c4..3f3c169ae 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -340,30 +340,6 @@ class ApplicationController < ActionController::Base end - # For administration interface, return display name of authenticated user - def admin_current_user - if Configuration::skip_admin_auth - admin_http_auth_user - else - session[:admin_name] - end - end - - # If we're skipping Alaveteli admin authentication, assume that the environment - # will give us an authenticated user name - def admin_http_auth_user - # This needs special magic in mongrel: http://www.ruby-forum.com/topic/83067 - # Hence the second clause which reads X-Forwarded-User header if available. - # See the rewrite rules in conf/httpd.conf which set X-Forwarded-User - if request.env["REMOTE_USER"] - return request.env["REMOTE_USER"] - elsif request.env["HTTP_X_FORWARDED_USER"] - return request.env["HTTP_X_FORWARDED_USER"] - else - return "*unknown*"; - end - end - # Convert URL name for sort by order, to Xapian query def order_to_sort_by(sortby) if sortby.nil? -- cgit v1.2.3