Authorize access to admin panel, etc.

Adds a separate admin namespace and base controller, with authorization by looking up the admin property in the user's LDAP account.
2020-11-18 00:22:44 +01:00
parent 6614f14d8a
commit f0312cb8e7
13 changed files with 58 additions and 11 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -19,4 +19,12 @@ class User < ApplicationRecord
    clear_reset_password_token if valid?
    save
  end
+
+  def is_admin?
+    admin ||= if admin = Devise::LDAP::Adapter.get_ldap_param(self.cn, :admin)
+                !!admin.first
+              else
+                false
+              end
+  end
 end