kosmos/akkounts
kosmos/akkounts
8
1
Fork 0
Code Issues 19 Pull Requests 1 Actions Packages Releases 12 Activity

Authorize access to admin panel, etc.

Browse Source 
Adds a separate admin namespace and base controller, with authorization
by looking up the admin property in the user's LDAP account.
This commit is contained in:
Basti 2020-11-18 00:22:44 +01:00
parent 6614f14d8a
commit f0312cb8e7
Signed by untrusted user: basti
GPG Key ID: 9F88009D31D99C72
13 changed files with 58 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/assets/stylesheets/fonts.scss
View File

@ -5,8 +5,19 @@
font-style: normal; font-style: normal;
} }
h1 { body {
font-family: Raleway, sans-serif; font-family: "Open Sans", Helvetica, Arial, sans-serif;
font-weight: 400;
}
h1, h2, h3 {
font-family: Raleway, inherit;
font-weight: 300; font-weight: 300;
}
h1 {
text-transform: uppercase; text-transform: uppercase;
} }
h2 {
}

2
app/assets/stylesheets/layout.scss
View File

@ -2,8 +2,6 @@ $content-width: 800px;
$content-max-width: 100%; $content-max-width: 100%;
body { body {
font-family: "Open Sans", Helvetica, Arial, sans-serif;
font-weight: 400;
} }
#wrapper { #wrapper {

6
app/controllers/admin/base_controller.rb Normal file
View File

@ -0,0 +1,6 @@
class Admin::BaseController < ApplicationController
before_action :authenticate_user!
before_action :authorize_admin
end

4
app/controllers/admin/dashboard_controller.rb Normal file
View File

@ -0,0 +1,4 @@
class Admin::DashboardController < Admin::BaseController
def index
end
end

2
app/controllers/ldap_users_controller.rb → app/controllers/admin/ldap_users_controller.rb
View File

@ -1,4 +1,4 @@
class LdapUsersController < ApplicationController class Admin::LdapUsersController < Admin::BaseController
def index def index
attributes = %w{dn cn uid mail admin} attributes = %w{dn cn uid mail admin}
filter = Net::LDAP::Filter.eq("uid", "*") filter = Net::LDAP::Filter.eq("uid", "*")

11
app/controllers/application_controller.rb
View File

@ -8,4 +8,15 @@ class ApplicationController < ActionController::Base
redirect_to welcome_path and return redirect_to welcome_path and return
end end
end end
def authorize_admin
http_status :forbidden unless current_user.is_admin?
end
def http_status(status)
respond_to do |format|
format.html { render template: "shared/status_#{status.to_s}", status: status }
format.any { head status }
end
end
end end

8
app/models/user.rb
View File

@ -19,4 +19,12 @@ class User < ApplicationRecord
clear_reset_password_token if valid? clear_reset_password_token if valid?
save save
end end
def is_admin?
admin ||= if admin = Devise::LDAP::Adapter.get_ldap_param(self.cn, :admin)
!!admin.first
else
false
end
end
end end

4
app/views/admin/dashboard/index.html.erb Normal file
View File

@ -0,0 +1,4 @@
<h2>Admin Panel</h2>
<p>
Ohai there, admin human.
</p>

4
app/views/ldap_users/index.html.erb → app/views/admin/ldap_users/index.html.erb
View File

@ -1,8 +1,8 @@
<h2>LDAP users</h2> <h2>LDAP users</h2>
<ul> <ul>
<li><%= link_to 'kosmos.org', ldap_users_path %></li> <li><%= link_to 'kosmos.org', admin_ldap_users_path %></li>
<li><%= link_to '5apps.com', ldap_users_path(ou: '5apps.com') %></li> <li><%= link_to '5apps.com', admin_ldap_users_path(ou: '5apps.com') %></li>
</ul> </ul>
<table> <table>

2
app/views/shared/status_forbidden.html.erb Normal file
View File

@ -0,0 +1,2 @@
<h2>Access forbidden</h2>
<p>Not with those shoes, buddy.</p>

4
config/locales/devise.en.yml
View File

@ -3,8 +3,8 @@
en: en:
devise: devise:
confirmations: confirmations:
confirmed: "Your email address has been successfully confirmed." confirmed: "Your email address has been confirmed. You can now log in below."
send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes." send_instructions: "You will receive an email with instructions for how to confirm your email address in a moment."
send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
failure: failure:
already_authenticated: "You are already signed in." already_authenticated: "You are already signed in."

5
config/routes.rb
View File

@ -7,7 +7,10 @@ Rails.application.routes.draw do
get 'welcome', to: 'welcome#index' get 'welcome', to: 'welcome#index'
get 'check_your_email', to: 'welcome#check_your_email' get 'check_your_email', to: 'welcome#check_your_email'
get 'ldap_users', to: 'ldap_users#index' namespace :admin do
root to: 'dashboard#index'
get 'ldap_users', to: 'ldap_users#index'
end
# Letter Opener (open "sent" emails in dev and staging) # Letter Opener (open "sent" emails in dev and staging)
if Rails.env.match(/staging|development/) if Rails.env.match(/staging|development/)

2
spec/views/ldap_users/index.html.erb_spec.rb → spec/views/admin/dashboard/index.html.erb_spec.rb
View File

@ -1,5 +1,5 @@
require 'rails_helper' require 'rails_helper'
RSpec.describe "ldap_users/index.html.erb", type: :view do RSpec.describe "dashboard/index.html.erb", type: :view do
pending "add some examples to (or delete) #{__FILE__}" pending "add some examples to (or delete) #{__FILE__}"
end end