Class: SessionController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• SessionController

Defined in:

frontend/app/controllers/session_controller.rb

Instance Method Summary

• #become_user ⇒ Object
• #check_session ⇒ Object

  let a trusted app (i.e., public catalog) know if a user should see links back to this editing interface.

• #has_session ⇒ Object
• #login ⇒ Object
• #login_inline ⇒ Object
• #logout ⇒ Object
• #select_user ⇒ Object
• #token_login ⇒ Object

Methods inherited from ApplicationController

#archivesspace, can_access?, permission_mappings, set_access_control

Instance Method Details

#become_user ⇒ Object

# File 'frontend/app/controllers/session_controller.rb', line 29

def become_user
  if User.become_user(self, params[:username])
    flash[:success] = t("become-user.success")
    redirect_to :controller => :welcome, :action => :index
  else
    flash[:error] = t("become-user.failed")
    redirect_to :controller => :session, :action => :select_user
  end
end

#check_session ⇒ Object

let a trusted app (i.e., public catalog) know if a user should see links back to this editing interface

# File 'frontend/app/controllers/session_controller.rb', line 48

def check_session
  response.headers['Access-Control-Allow-Origin'] = AppConfig[:public_proxy_url]
  response.headers['Access-Control-Allow-Credentials'] = 'true'

  if session[:session] && params[:uri]
    render json: user_can_edit?(params)
  else
    render json: false
  end
end

#has_session ⇒ Object

# File 'frontend/app/controllers/session_controller.rb', line 60

def has_session
  render :json => {:has_session => !session[:user].nil?}
end

#login ⇒ Object

# File 'frontend/app/controllers/session_controller.rb', line 7

def login
  backend_session = User.login(params[:username], params[:password])

  if backend_session
    User.establish_session(self, backend_session, params[:username])
  end

  load_repository_list

  render :json => {:session => backend_session, :csrf_token => form_authenticity_token}
end

#login_inline ⇒ Object

# File 'frontend/app/controllers/session_controller.rb', line 20

def login_inline
  render_aspace_partial :partial => "shared/modal", :locals => {:title => t("session.inline_login_title"), :partial => "shared/login", :id => "inlineLoginModal", :klass => "inline-login-modal"}
end

#logout ⇒ Object

# File 'frontend/app/controllers/session_controller.rb', line 40

def logout
  reset_session
  redirect_to :root
end

#select_user ⇒ Object

# File 'frontend/app/controllers/session_controller.rb', line 25

def select_user
end

#token_login ⇒ Object

# File 'frontend/app/controllers/session_controller.rb', line 65

def token_login
  backend_session = User.token_login(params[:username], params[:token])
  if backend_session
    # this can't prevent a determined user from using a token-acquired
    # session to do things they could do with a regular login token, but it should
    # suffice to make a typical user reset password and log back in.
    backend_session['user']['permissions'] = {}
    User.establish_session(self, backend_session, params[:username])
  else
    flash[:error] = I18n.t('login.password_update_error')
  end

  redirect_to :controller => :users, :action => :password_form
end