blob: 4a0d2473063597570687526a88c8291e2c5e6c0b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
class Application < Merb::Controller
def fix_up_node_id
if params.has_key?(:id)
params[:id].gsub!(/_/, '.')
end
end
def escape_node_id
if params.has_key?(:id)
params[:id].gsub(/_/, '.')
end
end
def login_required
if session[:openid]
return session[:openid]
else
self.store_location
throw(:halt, :access_denied)
end
end
def authorized_node
if session[:level] == :admin
Chef::Log.debug("Authorized as Administrator")
true
elsif session[:level] == :node
Chef::Log.debug("Authorized as node")
if session[:node_name] == params[:id].gsub(/\./, '_')
true
else
raise(
Unauthorized,
"You are not the correct node for this action: #{session[:node_name]} instead of #{params[:id]}"
)
end
else
Chef::Log.debug("Unauthorized")
raise Unauthorized, "You are not allowed to take this action."
end
end
# Store the URI of the current request in the session.
#
# We can return to this location by calling #redirect_back_or_default.
def store_location
session[:return_to] = request.uri
end
# Redirect to the URI stored by the most recent store_location call or
# to the passed default.
def redirect_back_or_default(default)
loc = session[:return_to] || default
session[:return_to] = nil
redirect loc
end
def access_denied
case content_type
when :html
store_location
redirect url(:openid_consumer)
else
raise Unauthorized, "You must authenticate first!"
end
end
end
|
