Module: Redmine::SudoMode::Controller

Extended by:

ActiveSupport::Concern

Included in:

ApplicationController

Defined in:

lib/redmine/sudo_mode.rb

Defined Under Namespace

Modules: ClassMethods Classes: SudoRequestFilter

Instance Method Summary

• #process_sudo_form ⇒ Object

  handle sudo password form submit.

• #render_sudo_form(param_names) ⇒ Object

  display the sudo password form.

• #require_sudo_mode(*param_names) ⇒ Object

  This renders the sudo mode form / handles sudo form submission.

• #sudo_mode ⇒ Object

  Sudo mode Around Filter.

• #sudo_timestamp_valid? ⇒ Boolean
• #update_sudo_timestamp!(new_value = Time.now.to_i) ⇒ Object

Instance Method Details

#process_sudo_form ⇒ Object

handle sudo password form submit

# File 'lib/redmine/sudo_mode.rb', line 119

def process_sudo_form
  if params[:sudo_password]
    @sudo_form = SudoMode::Form.new(params[:sudo_password])
    if @sudo_form.valid?
      SudoMode.active!
    else
      flash.now[:error] = l(:notice_account_wrong_password)
    end
  end
end

#render_sudo_form(param_names) ⇒ Object

display the sudo password form

# File 'lib/redmine/sudo_mode.rb', line 107

def render_sudo_form(param_names)
  @sudo_form ||= SudoMode::Form.new
  @sudo_form.original_fields = params.slice( *param_names )
  # a simple 'render "sudo_mode/new"' works when used directly inside an
  # action, but not when called from a before_action:
  respond_to do |format|
    format.html { render 'sudo_mode/new' }
    format.js   { render 'sudo_mode/new' }
  end
end

#require_sudo_mode(*param_names) ⇒ Object

This renders the sudo mode form / handles sudo form submission.

Call this method in controller actions if sudo permissions are required for processing this request. This approach is good in cases where the action needs to be protected in any case or where the check is simple.

In cases where this decision depends on complex conditions in the model, consider the declarative approach using the require_sudo_mode class method and a corresponding declaration in the model that causes it to throw a SudoRequired Error when necessary.

All parameter names given are included as hidden fields to be resubmitted along with the password.

Returns true when processing the action should continue, false otherwise. If false is returned, render has already been called for display of the password form.

if @user.mail_changed?

require_sudo_mode :user or return

end

# File 'lib/redmine/sudo_mode.rb', line 89

def require_sudo_mode(*param_names)
  return true if SudoMode.active?

  if param_names.blank?
    param_names = params.keys - %w(id action controller sudo_password _method authenticity_token utf8)
  end

  process_sudo_form

  if SudoMode.active?
    true
  else
    render_sudo_form param_names
    false
  end
end

#sudo_mode ⇒ Object

Sudo mode Around Filter

Checks the 'last used' timestamp from session and sets the SudoMode::active? flag accordingly.

After the request refreshes the timestamp if sudo mode was used during this request.

# File 'lib/redmine/sudo_mode.rb', line 59

def sudo_mode
  if sudo_timestamp_valid?
    SudoMode.active!
  end
  yield
  update_sudo_timestamp! if SudoMode.was_used?
end

#sudo_timestamp_valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/redmine/sudo_mode.rb', line 130

def sudo_timestamp_valid?
  session[:sudo_timestamp].to_i > SudoMode.timeout.ago.to_i
end

#update_sudo_timestamp!(new_value = Time.now.to_i) ⇒ Object

# File 'lib/redmine/sudo_mode.rb', line 134

def update_sudo_timestamp!(new_value = Time.now.to_i)
  session[:sudo_timestamp] = new_value
end