app/controllers/admin_controller.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

# controllers/admin.rb:
# All admin controllers are dervied from this.
#
# Copyright (c) 2009 UK Citizens Online Democracy. All rights reserved.
# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
#
# $Id: admin_controller.rb,v 1.29 2009-09-17 10:24:35 francis Exp $

require 'fileutils'

class AdminController < ApplicationController
    layout "admin"
    before_filter :authenticate
    protect_from_forgery # See ActionController::RequestForgeryProtection for details

    # action to take if expecting an authenticity token and one isn't received
    def handle_unverified_request
        raise(ActionController::InvalidAuthenticityToken)
    end

    # Always give full stack trace for admin interface
    def local_request?
        true
    end

    # Expire cached attachment files for a request
    def expire_for_request(info_request)
        # Clear out cached entries, by removing files from disk (the built in
        # Rails fragment cache made doing this and other things too hard)
        cache_subpath = foi_fragment_cache_all_for_request(info_request)
        FileUtils.rm_rf(cache_subpath)

        # Remove the database caches of body / attachment text (the attachment text
        # one is after privacy rules are applied)
        info_request.clear_in_database_caches!

        # also force a search reindexing (so changed text reflected in search)
        info_request.reindex_request_events
    end

    # Expire cached attachment files for a user
    def expire_requests_for_user(user)
        for info_request in user.info_requests
            expire_for_request(info_request)
        end
    end
	private

	def authenticate
            config_username = MySociety::Config.get('ADMIN_USERNAME', '')
            config_password = MySociety::Config.get('ADMIN_PASSWORD', '')
            if !config_username.empty? && !config_password.empty?
                authenticate_or_request_with_http_basic do |user_name, password|
                    if user_name == config_username && password == config_password
                        session[:using_admin] = 1
                    else
                        request_http_basic_authentication
                    end
                end
            else
                session[:using_admin] = 1
            end
	end
end