blob: 08528f8a8b850ce0ad6205151d7f82fc7218ea56 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
# controllers/admin.rb:
# All admin controllers are dervied from this.
#
# Copyright (c) 2009 UK Citizens Online Democracy. All rights reserved.
# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
#
# $Id: admin_controller.rb,v 1.29 2009-09-17 10:24:35 francis Exp $
require 'fileutils'
class AdminController < ApplicationController
layout "admin"
before_filter :authenticate
protect_from_forgery # See ActionController::RequestForgeryProtection for details
# action to take if expecting an authenticity token and one isn't received
def handle_unverified_request
raise(ActionController::InvalidAuthenticityToken)
end
# Always give full stack trace for admin interface
def local_request?
true
end
# Expire cached attachment files for a request
def expire_for_request(info_request)
# Clear out cached entries, by removing files from disk (the built in
# Rails fragment cache made doing this and other things too hard)
cache_subpath = foi_fragment_cache_all_for_request(info_request)
FileUtils.rm_rf(cache_subpath)
# Remove the database caches of body / attachment text (the attachment text
# one is after privacy rules are applied)
info_request.clear_in_database_caches!
# also force a search reindexing (so changed text reflected in search)
info_request.reindex_request_events
# and remove from varnish
info_request.purge_in_cache
end
# Expire cached attachment files for a user
def expire_requests_for_user(user)
for info_request in user.info_requests
expire_for_request(info_request)
end
end
def authenticate
if MySociety::Config.get('SKIP_ADMIN_AUTH', false)
session[:using_admin] = 1
return
else
if session[:using_admin].nil?
if params[:emergency].nil?
if authenticated?(
:web => _("To log into the administrative interface"),
:email => _("Then you can log into the administrative interface"),
:email_subject => _("Log into the admin interface"),
:user_name => "a superuser")
if !@user.nil? && @user.admin_level == "super"
session[:using_admin] = 1
request.env['REMOTE_USER'] = @user.url_name
else
session[:using_admin] = nil
session[:user_id] = nil
self.authenticate
end
end
else
config_username = MySociety::Config.get('ADMIN_USERNAME', '')
config_password = MySociety::Config.get('ADMIN_PASSWORD', '')
authenticate_or_request_with_http_basic do |user_name, password|
if user_name == config_username && password == config_password
session[:using_admin] = 1
request.env['REMOTE_USER'] = user_name
else
request_http_basic_authentication
end
end
end
end
end
end
end
|
