Authorize access to admin panel, etc.
Adds a separate admin namespace and base controller, with authorization by looking up the admin property in the user's LDAP account.
This commit is contained in:
parent
6614f14d8a
commit
f0312cb8e7
@ -5,8 +5,19 @@
|
||||
font-style: normal;
|
||||
}
|
||||
|
||||
h1 {
|
||||
font-family: Raleway, sans-serif;
|
||||
body {
|
||||
font-family: "Open Sans", Helvetica, Arial, sans-serif;
|
||||
font-weight: 400;
|
||||
}
|
||||
|
||||
h1, h2, h3 {
|
||||
font-family: Raleway, inherit;
|
||||
font-weight: 300;
|
||||
}
|
||||
|
||||
h1 {
|
||||
text-transform: uppercase;
|
||||
}
|
||||
|
||||
h2 {
|
||||
}
|
||||
|
@ -2,8 +2,6 @@ $content-width: 800px;
|
||||
$content-max-width: 100%;
|
||||
|
||||
body {
|
||||
font-family: "Open Sans", Helvetica, Arial, sans-serif;
|
||||
font-weight: 400;
|
||||
}
|
||||
|
||||
#wrapper {
|
||||
|
6
app/controllers/admin/base_controller.rb
Normal file
6
app/controllers/admin/base_controller.rb
Normal file
@ -0,0 +1,6 @@
|
||||
class Admin::BaseController < ApplicationController
|
||||
|
||||
before_action :authenticate_user!
|
||||
before_action :authorize_admin
|
||||
|
||||
end
|
4
app/controllers/admin/dashboard_controller.rb
Normal file
4
app/controllers/admin/dashboard_controller.rb
Normal file
@ -0,0 +1,4 @@
|
||||
class Admin::DashboardController < Admin::BaseController
|
||||
def index
|
||||
end
|
||||
end
|
@ -1,4 +1,4 @@
|
||||
class LdapUsersController < ApplicationController
|
||||
class Admin::LdapUsersController < Admin::BaseController
|
||||
def index
|
||||
attributes = %w{dn cn uid mail admin}
|
||||
filter = Net::LDAP::Filter.eq("uid", "*")
|
@ -8,4 +8,15 @@ class ApplicationController < ActionController::Base
|
||||
redirect_to welcome_path and return
|
||||
end
|
||||
end
|
||||
|
||||
def authorize_admin
|
||||
http_status :forbidden unless current_user.is_admin?
|
||||
end
|
||||
|
||||
def http_status(status)
|
||||
respond_to do |format|
|
||||
format.html { render template: "shared/status_#{status.to_s}", status: status }
|
||||
format.any { head status }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -19,4 +19,12 @@ class User < ApplicationRecord
|
||||
clear_reset_password_token if valid?
|
||||
save
|
||||
end
|
||||
|
||||
def is_admin?
|
||||
admin ||= if admin = Devise::LDAP::Adapter.get_ldap_param(self.cn, :admin)
|
||||
!!admin.first
|
||||
else
|
||||
false
|
||||
end
|
||||
end
|
||||
end
|
||||
|
4
app/views/admin/dashboard/index.html.erb
Normal file
4
app/views/admin/dashboard/index.html.erb
Normal file
@ -0,0 +1,4 @@
|
||||
<h2>Admin Panel</h2>
|
||||
<p>
|
||||
Ohai there, admin human.
|
||||
</p>
|
@ -1,8 +1,8 @@
|
||||
<h2>LDAP users</h2>
|
||||
|
||||
<ul>
|
||||
<li><%= link_to 'kosmos.org', ldap_users_path %></li>
|
||||
<li><%= link_to '5apps.com', ldap_users_path(ou: '5apps.com') %></li>
|
||||
<li><%= link_to 'kosmos.org', admin_ldap_users_path %></li>
|
||||
<li><%= link_to '5apps.com', admin_ldap_users_path(ou: '5apps.com') %></li>
|
||||
</ul>
|
||||
|
||||
<table>
|
2
app/views/shared/status_forbidden.html.erb
Normal file
2
app/views/shared/status_forbidden.html.erb
Normal file
@ -0,0 +1,2 @@
|
||||
<h2>Access forbidden</h2>
|
||||
<p>Not with those shoes, buddy.</p>
|
@ -3,8 +3,8 @@
|
||||
en:
|
||||
devise:
|
||||
confirmations:
|
||||
confirmed: "Your email address has been successfully confirmed."
|
||||
send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes."
|
||||
confirmed: "Your email address has been confirmed. You can now log in below."
|
||||
send_instructions: "You will receive an email with instructions for how to confirm your email address in a moment."
|
||||
send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
|
||||
failure:
|
||||
already_authenticated: "You are already signed in."
|
||||
|
@ -7,7 +7,10 @@ Rails.application.routes.draw do
|
||||
get 'welcome', to: 'welcome#index'
|
||||
get 'check_your_email', to: 'welcome#check_your_email'
|
||||
|
||||
get 'ldap_users', to: 'ldap_users#index'
|
||||
namespace :admin do
|
||||
root to: 'dashboard#index'
|
||||
get 'ldap_users', to: 'ldap_users#index'
|
||||
end
|
||||
|
||||
# Letter Opener (open "sent" emails in dev and staging)
|
||||
if Rails.env.match(/staging|development/)
|
||||
|
@ -1,5 +1,5 @@
|
||||
require 'rails_helper'
|
||||
|
||||
RSpec.describe "ldap_users/index.html.erb", type: :view do
|
||||
RSpec.describe "dashboard/index.html.erb", type: :view do
|
||||
pending "add some examples to (or delete) #{__FILE__}"
|
||||
end
|
Loading…
x
Reference in New Issue
Block a user