concerns: Organize existing concerns in application controller

Braulio Bhavamitra
1 parent a96fed84
Showing 10 changed files with 292 additions and 291 deletions Show diff stats
app/concerns/authenticated_system.rb
app/controllers/application_controller.rb
app/controllers/concerns/authenticated_system.rb
app/controllers/concerns/custom_design.rb
app/controllers/concerns/needs_profile.rb
app/helpers/design_helper.rb
config/initializers/00_dependencies.rb
lib/needs_profile.rb
test/unit/custom_design_test.rb
test/unit/design_helper_test.rb
@@ -1,169 +0,0 @@
-module AuthenticatedSystem
-
-  protected
-
-    extend ActiveSupport::Concern
-
-    included do
-      if self < ActionController::Base
-        around_filter :user_set_current
-        before_filter :override_user
-        before_filter :login_from_cookie
-      end
-
-      # Inclusion hook to make #current_user and #logged_in?
-      # available as ActionView helper methods.
-      helper_method :current_user, :logged_in?
-    end
-
-    # Returns true or false if the user is logged in.
-    # Preloads @current_user with the user model if they're logged in.
-    def logged_in?
-      current_user != nil
-    end
-
-    # Accesses the current user from the session.
-    def current_user user_id = session[:user]
-      @current_user ||= begin
-        user = User.find_by id: user_id if user_id
-        user.session = session if user
-        User.current = user
-        user
-      end
-    end
-
-    # Store the given user in the session.
-    def current_user=(new_user)
-      if new_user.nil?
-        session.delete(:user)
-      else
-        session[:user] = new_user.id
-        new_user.session = session
-        new_user.register_login
-      end
-      @current_user = User.current = new_user
-    end
-
-    # See impl. from http://stackoverflow.com/a/2513456/670229
-    def user_set_current
-      User.current = current_user
-      yield
-    ensure
-      # to address the thread variable leak issues in Puma/Thin webserver
-      User.current = nil
-    end
-
-    # Check if the user is authorized.
-    #
-    # Override this method in your controllers if you want to restrict access
-    # to only a few actions or if you want to check if the user
-    # has the correct rights.
-    #
-    # Example:
-    #
-    #  # only allow nonbobs
-    #  def authorize?
-    #    current_user.login != "bob"
-    #  end
-    def authorized?
-      true
-    end
-
-    # Filter method to enforce a login requirement.
-    #
-    # To require logins for all actions, use this in your controllers:
-    #
-    #   before_filter :login_required
-    #
-    # To require logins for specific actions, use this in your controllers:
-    #
-    #   before_filter :login_required, :only => [ :edit, :update ]
-    #
-    # To skip this in a subclassed controller:
-    #
-    #   skip_before_filter :login_required
-    #
-    def login_required
-      username, passwd = get_auth_data
-      if username && passwd
-        self.current_user ||= User.authenticate(username, passwd) || nil
-      end
-      if logged_in? && authorized?
-        true
-      else
-        if params[:require_login_popup]
-          render :json => { :require_login_popup => true }
-        else
-          access_denied
-        end
-      end
-    end
-
-    # Redirect as appropriate when an access request fails.
-    #
-    # The default action is to redirect to the login screen.
-    #
-    # Override this method in your controllers if you want to have special
-    # behavior in case the user is not authorized
-    # to access the requested action.  For example, a popup window might
-    # simply close itself.
-    def access_denied
-      respond_to do |accepts|
-        accepts.html do
-          if request.xhr?
-            render :text => _('Access denied'), :status => 401
-          else
-            store_location
-            redirect_to :controller => '/account', :action => 'login'
-          end
-        end
-        accepts.xml do
-          headers["Status"]           = "Unauthorized"
-          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
-          render :text => "Could't authenticate you", :status => '401 Unauthorized'
-        end
-      end
-      false
-    end
-
-    # Store the URI of the current request in the session.
-    #
-    # We can return to this location by calling #redirect_back_or_default.
-    def store_location(location = request.url)
-      session[:return_to] = location
-    end
-
-    # Redirect to the URI stored by the most recent store_location call or
-    # to the passed default.
-    def redirect_back_or_default(default)
-      if session[:return_to]
-        redirect_to(session.delete(:return_to))
-      else
-        redirect_to(default)
-      end
-    end
-
-    def override_user
-      return if params[:override_user].blank?
-      return unless logged_in? and user.is_admin? environment
-      @current_user = nil
-      current_user params[:override_user]
-    end
-
-    # When called with before_filter :login_from_cookie will check for an :auth_token
-    # cookie and log the user back in if apropriate
-    def login_from_cookie
-      return if cookies[:auth_token].blank? or logged_in?
-      user = User.where(remember_token: cookies[:auth_token]).first
-      self.current_user = user if user and user.remember_token?
-    end
-
-  private
-    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
-    # gets BASIC auth info
-    def get_auth_data
-      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
-      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
-      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
-    end
-end
@@ -14,6 +14,20 @@ class ApplicationController &lt; ActionController::Base
   before_filter :redirect_to_current_user
  
   before_filter :set_session_theme
+
+  # FIXME: only include necessary methods
+  include ApplicationHelper
+
+  # concerns
+  include PermissionCheck
+  include CustomDesign
+  include NeedsProfile
+
+  # implementations
+  include FindByContents
+  include Noosfero::Plugin::HotSpot
+  include SearchTermHelper
+
   def set_session_theme
     if params[:theme]
       session[:theme] = environment.theme_ids.include?(params[:theme]) ? params[:theme] : nil
@@ -48,7 +62,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  include ApplicationHelper
   layout :get_layout
   def get_layout
     return false if request.format == :js or request.xhr?
@@ -74,9 +87,6 @@ class ApplicationController &lt; ActionController::Base
   helper :document
   helper :language
  
-  include DesignHelper
-  include PermissionCheck
-
   before_filter :set_locale
   def set_locale
     FastGettext.available_locales = environment.available_locales
@@ -89,8 +99,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  include NeedsProfile
-
   attr_reader :environment
  
   # declares that the given <tt>actions</tt> cannot be accessed by other HTTP
@@ -151,8 +159,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  include Noosfero::Plugin::HotSpot
-
   # FIXME this filter just loads @plugins to children controllers and helpers
   def init_noosfero_plugins
     plugins
@@ -184,9 +190,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  include SearchTermHelper
-  include FindByContents
-
   def find_suggestions(query, context, asset, options={})
     plugins.dispatch_first(:find_suggestions, query, context, asset, options)
   end
@@ -0,0 +1,169 @@
+module AuthenticatedSystem
+
+  protected
+
+    extend ActiveSupport::Concern
+
+    included do
+      if self < ActionController::Base
+        around_filter :user_set_current
+        before_filter :override_user
+        before_filter :login_from_cookie
+      end
+
+      # Inclusion hook to make #current_user and #logged_in?
+      # available as ActionView helper methods.
+      helper_method :current_user, :logged_in?
+    end
+
+    # Returns true or false if the user is logged in.
+    # Preloads @current_user with the user model if they're logged in.
+    def logged_in?
+      current_user != nil
+    end
+
+    # Accesses the current user from the session.
+    def current_user user_id = session[:user]
+      @current_user ||= begin
+        user = User.find_by id: user_id if user_id
+        user.session = session if user
+        User.current = user
+        user
+      end
+    end
+
+    # Store the given user in the session.
+    def current_user=(new_user)
+      if new_user.nil?
+        session.delete(:user)
+      else
+        session[:user] = new_user.id
+        new_user.session = session
+        new_user.register_login
+      end
+      @current_user = User.current = new_user
+    end
+
+    # See impl. from http://stackoverflow.com/a/2513456/670229
+    def user_set_current
+      User.current = current_user
+      yield
+    ensure
+      # to address the thread variable leak issues in Puma/Thin webserver
+      User.current = nil
+    end
+
+    # Check if the user is authorized.
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the user
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorize?
+    #    current_user.login != "bob"
+    #  end
+    def authorized?
+      true
+    end
+
+    # Filter method to enforce a login requirement.
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def login_required
+      username, passwd = get_auth_data
+      if username && passwd
+        self.current_user ||= User.authenticate(username, passwd) || nil
+      end
+      if logged_in? && authorized?
+        true
+      else
+        if params[:require_login_popup]
+          render :json => { :require_login_popup => true }
+        else
+          access_denied
+        end
+      end
+    end
+
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the user is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def access_denied
+      respond_to do |accepts|
+        accepts.html do
+          if request.xhr?
+            render :text => _('Access denied'), :status => 401
+          else
+            store_location
+            redirect_to :controller => '/account', :action => 'login'
+          end
+        end
+        accepts.xml do
+          headers["Status"]           = "Unauthorized"
+          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
+          render :text => "Could't authenticate you", :status => '401 Unauthorized'
+        end
+      end
+      false
+    end
+
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location(location = request.url)
+      session[:return_to] = location
+    end
+
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.
+    def redirect_back_or_default(default)
+      if session[:return_to]
+        redirect_to(session.delete(:return_to))
+      else
+        redirect_to(default)
+      end
+    end
+
+    def override_user
+      return if params[:override_user].blank?
+      return unless logged_in? and user.is_admin? environment
+      @current_user = nil
+      current_user params[:override_user]
+    end
+
+    # When called with before_filter :login_from_cookie will check for an :auth_token
+    # cookie and log the user back in if apropriate
+    def login_from_cookie
+      return if cookies[:auth_token].blank? or logged_in?
+      user = User.where(remember_token: cookies[:auth_token]).first
+      self.current_user = user if user and user.remember_token?
+    end
+
+  private
+    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+    # gets BASIC auth info
+    def get_auth_data
+      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
+    end
+end
@@ -0,0 +1,50 @@
+module CustomDesign
+
+  extend ActiveSupport::Concern
+
+  included do
+    extend ClassMethods
+    include InstanceMethods
+    before_filter :load_custom_design if self.respond_to? :before_filter
+  end
+
+  module ClassMethods
+
+    def no_design_blocks
+      @no_design_blocks = true
+    end
+
+    def use_custom_design options = {}
+      @custom_design = options
+    end
+
+    def custom_design
+      @custom_design ||= {}
+    end
+
+    def uses_design_blocks?
+      !@no_design_blocks
+    end
+
+  end
+
+  module InstanceMethods
+
+    protected
+
+    def uses_design_blocks?
+      !@no_design_blocks && self.class.uses_design_blocks?
+    end
+
+    def load_custom_design
+      # see also: LayoutHelper#body_classes
+      @layout_template = self.class.custom_design[:layout_template]
+    end
+
+    def custom_design
+      @custom_design || self.class.custom_design
+    end
+
+  end
+
+end
@@ -0,0 +1,40 @@
+module NeedsProfile
+
+  module ClassMethods
+    def needs_profile
+      before_filter :load_profile
+    end
+  end
+
+  def self.included(including)
+    including.send(:extend, NeedsProfile::ClassMethods)
+  end
+
+  def boxes_holder
+    profile || environment # prefers profile, but defaults to environment
+  end
+
+  def profile
+    @profile
+  end
+
+  protected
+
+  def load_profile
+    if params[:profile]
+      params[:profile].downcase!
+      @profile ||= environment.profiles.where(identifier: params[:profile]).first
+    end
+
+    if @profile
+      profile_hostname = @profile.hostname
+      if profile_hostname && profile_hostname != request.host
+        params.delete(:profile)
+        redirect_to(Noosfero.url_options.merge(params).merge(:host => profile_hostname))
+      end
+    else
+      render_not_found
+    end
+  end
+
+end
@@ -1,50 +0,0 @@
-module DesignHelper
-
-  extend ActiveSupport::Concern
-
-  included do
-    extend ClassMethods
-    include InstanceMethods
-    before_filter :load_custom_design if self.respond_to? :before_filter
-  end
-
-  module ClassMethods
-
-    def no_design_blocks
-      @no_design_blocks = true
-    end
-
-    def use_custom_design options = {}
-      @custom_design = options
-    end
-
-    def custom_design
-      @custom_design ||= {}
-    end
-
-    def uses_design_blocks?
-      !@no_design_blocks
-    end
-
-  end
-
-  module InstanceMethods
-
-    protected
-
-    def uses_design_blocks?
-      !@no_design_blocks && self.class.uses_design_blocks?
-    end
-
-    def load_custom_design
-      # see also: LayoutHelper#body_classes
-      @layout_template = self.class.custom_design[:layout_template]
-    end
-
-    def custom_design
-      @custom_design || self.class.custom_design
-    end
-
-  end
-
-end
@@ -25,6 +25,5 @@ require &#39;acts_as_customizable&#39;
 require 'route_if'
 require 'maybe_add_http'
 require 'set_profile_region_from_city_state'
-require 'needs_profile'
 require 'white_list_filter'
  
@@ -1,40 +0,0 @@
-module NeedsProfile
-
-  module ClassMethods
-    def needs_profile
-      before_filter :load_profile
-    end
-  end
-
-  def self.included(including)
-    including.send(:extend, NeedsProfile::ClassMethods)
-  end
-
-  def boxes_holder
-    profile || environment # prefers profile, but defaults to environment
-  end
-
-  def profile
-    @profile
-  end
-
-  protected
-
-  def load_profile
-    if params[:profile]
-      params[:profile].downcase!
-      @profile ||= environment.profiles.where(identifier: params[:profile]).first
-    end
-
-    if @profile
-      profile_hostname = @profile.hostname
-      if profile_hostname && profile_hostname != request.host
-        params.delete(:profile)
-        redirect_to(Noosfero.url_options.merge(params).merge(:host => profile_hostname))
-      end
-    else
-      render_not_found
-    end
-  end
-
-end
@@ -0,0 +1,19 @@
+require_relative "../test_helper"
+
+class CustomDesignTest < ActionView::TestCase
+
+  include CustomDesign
+  include ActionView::Helpers::TagHelper
+
+  def setup
+  end
+
+  should 'allow class instance customization of custom design' do
+    self.class.use_custom_design boxes_limit: 1
+    assert_equal({boxes_limit: 1}, self.custom_design)
+    @custom_design = {boxes_limit: 2}
+    assert_equal({boxes_limit: 2}, self.custom_design)
+
+  end
+
+end
@@ -1,20 +0,0 @@
-require_relative "../test_helper"
-require 'boxes_helper'
-
-class DesignHelperTest < ActionView::TestCase
-
-  include DesignHelper
-  include ActionView::Helpers::TagHelper
-
-  def setup
-  end
-
-  should 'allow class instance customization of custom design' do
-    self.class.use_custom_design boxes_limit: 1
-    assert_equal({boxes_limit: 1}, self.custom_design)
-    @custom_design = {boxes_limit: 2}
-    assert_equal({boxes_limit: 2}, self.custom_design)
-
-  end
-
-end
...	...	@@ -1,169 +0,0 @@
1		-module AuthenticatedSystem
2		-
3		- protected
4		-
5		- extend ActiveSupport::Concern
6		-
7		- included do
8		- if self < ActionController::Base
9		- around_filter :user_set_current
10		- before_filter :override_user
11		- before_filter :login_from_cookie
12		- end
13		-
14		- # Inclusion hook to make #current_user and #logged_in?
15		- # available as ActionView helper methods.
16		- helper_method :current_user, :logged_in?
17		- end
18		-
19		- # Returns true or false if the user is logged in.
20		- # Preloads @current_user with the user model if they're logged in.
21		- def logged_in?
22		- current_user != nil
23		- end
24		-
25		- # Accesses the current user from the session.
26		- def current_user user_id = session[:user]
27		- @current_user \|\|= begin
28		- user = User.find_by id: user_id if user_id
29		- user.session = session if user
30		- User.current = user
31		- user
32		- end
33		- end
34		-
35		- # Store the given user in the session.
36		- def current_user=(new_user)
37		- if new_user.nil?
38		- session.delete(:user)
39		- else
40		- session[:user] = new_user.id
41		- new_user.session = session
42		- new_user.register_login
43		- end
44		- @current_user = User.current = new_user
45		- end
46		-
47		- # See impl. from http://stackoverflow.com/a/2513456/670229
48		- def user_set_current
49		- User.current = current_user
50		- yield
51		- ensure
52		- # to address the thread variable leak issues in Puma/Thin webserver
53		- User.current = nil
54		- end
55		-
56		- # Check if the user is authorized.
57		- #
58		- # Override this method in your controllers if you want to restrict access
59		- # to only a few actions or if you want to check if the user
60		- # has the correct rights.
61		- #
62		- # Example:
63		- #
64		- # # only allow nonbobs
65		- # def authorize?
66		- # current_user.login != "bob"
67		- # end
68		- def authorized?
69		- true
70		- end
71		-
72		- # Filter method to enforce a login requirement.
73		- #
74		- # To require logins for all actions, use this in your controllers:
75		- #
76		- # before_filter :login_required
77		- #
78		- # To require logins for specific actions, use this in your controllers:
79		- #
80		- # before_filter :login_required, :only => [ :edit, :update ]
81		- #
82		- # To skip this in a subclassed controller:
83		- #
84		- # skip_before_filter :login_required
85		- #
86		- def login_required
87		- username, passwd = get_auth_data
88		- if username && passwd
89		- self.current_user \|\|= User.authenticate(username, passwd) \|\| nil
90		- end
91		- if logged_in? && authorized?
92		- true
93		- else
94		- if params[:require_login_popup]
95		- render :json => { :require_login_popup => true }
96		- else
97		- access_denied
98		- end
99		- end
100		- end
101		-
102		- # Redirect as appropriate when an access request fails.
103		- #
104		- # The default action is to redirect to the login screen.
105		- #
106		- # Override this method in your controllers if you want to have special
107		- # behavior in case the user is not authorized
108		- # to access the requested action. For example, a popup window might
109		- # simply close itself.
110		- def access_denied
111		- respond_to do \|accepts\|
112		- accepts.html do
113		- if request.xhr?
114		- render :text => _('Access denied'), :status => 401
115		- else
116		- store_location
117		- redirect_to :controller => '/account', :action => 'login'
118		- end
119		- end
120		- accepts.xml do
121		- headers["Status"] = "Unauthorized"
122		- headers["WWW-Authenticate"] = %(Basic realm="Web Password")
123		- render :text => "Could't authenticate you", :status => '401 Unauthorized'
124		- end
125		- end
126		- false
127		- end
128		-
129		- # Store the URI of the current request in the session.
130		- #
131		- # We can return to this location by calling #redirect_back_or_default.
132		- def store_location(location = request.url)
133		- session[:return_to] = location
134		- end
135		-
136		- # Redirect to the URI stored by the most recent store_location call or
137		- # to the passed default.
138		- def redirect_back_or_default(default)
139		- if session[:return_to]
140		- redirect_to(session.delete(:return_to))
141		- else
142		- redirect_to(default)
143		- end
144		- end
145		-
146		- def override_user
147		- return if params[:override_user].blank?
148		- return unless logged_in? and user.is_admin? environment
149		- @current_user = nil
150		- current_user params[:override_user]
151		- end
152		-
153		- # When called with before_filter :login_from_cookie will check for an :auth_token
154		- # cookie and log the user back in if apropriate
155		- def login_from_cookie
156		- return if cookies[:auth_token].blank? or logged_in?
157		- user = User.where(remember_token: cookies[:auth_token]).first
158		- self.current_user = user if user and user.remember_token?
159		- end
160		-
161		- private
162		- @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
163		- # gets BASIC auth info
164		- def get_auth_data
165		- auth_key = @@http_auth_headers.detect { \|h\| request.env.has_key?(h) }
166		- auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
167		- return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
168		- end
169		-end
...	...	@@ -14,6 +14,20 @@ class ApplicationController < ActionController::Base
14	14	before_filter :redirect_to_current_user
15	15
16	16	before_filter :set_session_theme
	17	+
	18	+ # FIXME: only include necessary methods
	19	+ include ApplicationHelper
	20	+
	21	+ # concerns
	22	+ include PermissionCheck
	23	+ include CustomDesign
	24	+ include NeedsProfile
	25	+
	26	+ # implementations
	27	+ include FindByContents
	28	+ include Noosfero::Plugin::HotSpot
	29	+ include SearchTermHelper
	30	+
17	31	def set_session_theme
18	32	if params[:theme]
19	33	session[:theme] = environment.theme_ids.include?(params[:theme]) ? params[:theme] : nil
...	...	@@ -48,7 +62,6 @@ class ApplicationController < ActionController::Base
48	62	end
49	63	end
50	64
51		- include ApplicationHelper
52	65	layout :get_layout
53	66	def get_layout
54	67	return false if request.format == :js or request.xhr?
...	...	@@ -74,9 +87,6 @@ class ApplicationController < ActionController::Base
74	87	helper :document
75	88	helper :language
76	89
77		- include DesignHelper
78		- include PermissionCheck
79		-
80	90	before_filter :set_locale
81	91	def set_locale
82	92	FastGettext.available_locales = environment.available_locales
...	...	@@ -89,8 +99,6 @@ class ApplicationController < ActionController::Base
89	99	end
90	100	end
91	101
92		- include NeedsProfile
93		-
94	102	attr_reader :environment
95	103
96	104	# declares that the given <tt>actions</tt> cannot be accessed by other HTTP
...	...	@@ -151,8 +159,6 @@ class ApplicationController < ActionController::Base
151	159	end
152	160	end
153	161
154		- include Noosfero::Plugin::HotSpot
155		-
156	162	# FIXME this filter just loads @plugins to children controllers and helpers
157	163	def init_noosfero_plugins
158	164	plugins
...	...	@@ -184,9 +190,6 @@ class ApplicationController < ActionController::Base
184	190	end
185	191	end
186	192
187		- include SearchTermHelper
188		- include FindByContents
189		-
190	193	def find_suggestions(query, context, asset, options={})
191	194	plugins.dispatch_first(:find_suggestions, query, context, asset, options)
192	195	end
...	...
...	...	@@ -0,0 +1,169 @@
	1	+module AuthenticatedSystem
	2	+
	3	+ protected
	4	+
	5	+ extend ActiveSupport::Concern
	6	+
	7	+ included do
	8	+ if self < ActionController::Base
	9	+ around_filter :user_set_current
	10	+ before_filter :override_user
	11	+ before_filter :login_from_cookie
	12	+ end
	13	+
	14	+ # Inclusion hook to make #current_user and #logged_in?
	15	+ # available as ActionView helper methods.
	16	+ helper_method :current_user, :logged_in?
	17	+ end
	18	+
	19	+ # Returns true or false if the user is logged in.
	20	+ # Preloads @current_user with the user model if they're logged in.
	21	+ def logged_in?
	22	+ current_user != nil
	23	+ end
	24	+
	25	+ # Accesses the current user from the session.
	26	+ def current_user user_id = session[:user]
	27	+ @current_user \|\|= begin
	28	+ user = User.find_by id: user_id if user_id
	29	+ user.session = session if user
	30	+ User.current = user
	31	+ user
	32	+ end
	33	+ end
	34	+
	35	+ # Store the given user in the session.
	36	+ def current_user=(new_user)
	37	+ if new_user.nil?
	38	+ session.delete(:user)
	39	+ else
	40	+ session[:user] = new_user.id
	41	+ new_user.session = session
	42	+ new_user.register_login
	43	+ end
	44	+ @current_user = User.current = new_user
	45	+ end
	46	+
	47	+ # See impl. from http://stackoverflow.com/a/2513456/670229
	48	+ def user_set_current
	49	+ User.current = current_user
	50	+ yield
	51	+ ensure
	52	+ # to address the thread variable leak issues in Puma/Thin webserver
	53	+ User.current = nil
	54	+ end
	55	+
	56	+ # Check if the user is authorized.
	57	+ #
	58	+ # Override this method in your controllers if you want to restrict access
	59	+ # to only a few actions or if you want to check if the user
	60	+ # has the correct rights.
	61	+ #
	62	+ # Example:
	63	+ #
	64	+ # # only allow nonbobs
	65	+ # def authorize?
	66	+ # current_user.login != "bob"
	67	+ # end
	68	+ def authorized?
	69	+ true
	70	+ end
	71	+
	72	+ # Filter method to enforce a login requirement.
	73	+ #
	74	+ # To require logins for all actions, use this in your controllers:
	75	+ #
	76	+ # before_filter :login_required
	77	+ #
	78	+ # To require logins for specific actions, use this in your controllers:
	79	+ #
	80	+ # before_filter :login_required, :only => [ :edit, :update ]
	81	+ #
	82	+ # To skip this in a subclassed controller:
	83	+ #
	84	+ # skip_before_filter :login_required
	85	+ #
	86	+ def login_required
	87	+ username, passwd = get_auth_data
	88	+ if username && passwd
	89	+ self.current_user \|\|= User.authenticate(username, passwd) \|\| nil
	90	+ end
	91	+ if logged_in? && authorized?
	92	+ true
	93	+ else
	94	+ if params[:require_login_popup]
	95	+ render :json => { :require_login_popup => true }
	96	+ else
	97	+ access_denied
	98	+ end
	99	+ end
	100	+ end
	101	+
	102	+ # Redirect as appropriate when an access request fails.
	103	+ #
	104	+ # The default action is to redirect to the login screen.
	105	+ #
	106	+ # Override this method in your controllers if you want to have special
	107	+ # behavior in case the user is not authorized
	108	+ # to access the requested action. For example, a popup window might
	109	+ # simply close itself.
	110	+ def access_denied
	111	+ respond_to do \|accepts\|
	112	+ accepts.html do
	113	+ if request.xhr?
	114	+ render :text => _('Access denied'), :status => 401
	115	+ else
	116	+ store_location
	117	+ redirect_to :controller => '/account', :action => 'login'
	118	+ end
	119	+ end
	120	+ accepts.xml do
	121	+ headers["Status"] = "Unauthorized"
	122	+ headers["WWW-Authenticate"] = %(Basic realm="Web Password")
	123	+ render :text => "Could't authenticate you", :status => '401 Unauthorized'
	124	+ end
	125	+ end
	126	+ false
	127	+ end
	128	+
	129	+ # Store the URI of the current request in the session.
	130	+ #
	131	+ # We can return to this location by calling #redirect_back_or_default.
	132	+ def store_location(location = request.url)
	133	+ session[:return_to] = location
	134	+ end
	135	+
	136	+ # Redirect to the URI stored by the most recent store_location call or
	137	+ # to the passed default.
	138	+ def redirect_back_or_default(default)
	139	+ if session[:return_to]
	140	+ redirect_to(session.delete(:return_to))
	141	+ else
	142	+ redirect_to(default)
	143	+ end
	144	+ end
	145	+
	146	+ def override_user
	147	+ return if params[:override_user].blank?
	148	+ return unless logged_in? and user.is_admin? environment
	149	+ @current_user = nil
	150	+ current_user params[:override_user]
	151	+ end
	152	+
	153	+ # When called with before_filter :login_from_cookie will check for an :auth_token
	154	+ # cookie and log the user back in if apropriate
	155	+ def login_from_cookie
	156	+ return if cookies[:auth_token].blank? or logged_in?
	157	+ user = User.where(remember_token: cookies[:auth_token]).first
	158	+ self.current_user = user if user and user.remember_token?
	159	+ end
	160	+
	161	+ private
	162	+ @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
	163	+ # gets BASIC auth info
	164	+ def get_auth_data
	165	+ auth_key = @@http_auth_headers.detect { \|h\| request.env.has_key?(h) }
	166	+ auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
	167	+ return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
	168	+ end
	169	+end
...	...
...	...	@@ -0,0 +1,50 @@
	1	+module CustomDesign
	2	+
	3	+ extend ActiveSupport::Concern
	4	+
	5	+ included do
	6	+ extend ClassMethods
	7	+ include InstanceMethods
	8	+ before_filter :load_custom_design if self.respond_to? :before_filter
	9	+ end
	10	+
	11	+ module ClassMethods
	12	+
	13	+ def no_design_blocks
	14	+ @no_design_blocks = true
	15	+ end
	16	+
	17	+ def use_custom_design options = {}
	18	+ @custom_design = options
	19	+ end
	20	+
	21	+ def custom_design
	22	+ @custom_design \|\|= {}
	23	+ end
	24	+
	25	+ def uses_design_blocks?
	26	+ !@no_design_blocks
	27	+ end
	28	+
	29	+ end
	30	+
	31	+ module InstanceMethods
	32	+
	33	+ protected
	34	+
	35	+ def uses_design_blocks?
	36	+ !@no_design_blocks && self.class.uses_design_blocks?
	37	+ end
	38	+
	39	+ def load_custom_design
	40	+ # see also: LayoutHelper#body_classes
	41	+ @layout_template = self.class.custom_design[:layout_template]
	42	+ end
	43	+
	44	+ def custom_design
	45	+ @custom_design \|\| self.class.custom_design
	46	+ end
	47	+
	48	+ end
	49	+
	50	+end
...	...
...	...	@@ -0,0 +1,40 @@
	1	+module NeedsProfile
	2	+
	3	+ module ClassMethods
	4	+ def needs_profile
	5	+ before_filter :load_profile
	6	+ end
	7	+ end
	8	+
	9	+ def self.included(including)
	10	+ including.send(:extend, NeedsProfile::ClassMethods)
	11	+ end
	12	+
	13	+ def boxes_holder
	14	+ profile \|\| environment # prefers profile, but defaults to environment
	15	+ end
	16	+
	17	+ def profile
	18	+ @profile
	19	+ end
	20	+
	21	+ protected
	22	+
	23	+ def load_profile
	24	+ if params[:profile]
	25	+ params[:profile].downcase!
	26	+ @profile \|\|= environment.profiles.where(identifier: params[:profile]).first
	27	+ end
	28	+
	29	+ if @profile
	30	+ profile_hostname = @profile.hostname
	31	+ if profile_hostname && profile_hostname != request.host
	32	+ params.delete(:profile)
	33	+ redirect_to(Noosfero.url_options.merge(params).merge(:host => profile_hostname))
	34	+ end
	35	+ else
	36	+ render_not_found
	37	+ end
	38	+ end
	39	+
	40	+end
...	...
...	...	@@ -1,50 +0,0 @@
1		-module DesignHelper
2		-
3		- extend ActiveSupport::Concern
4		-
5		- included do
6		- extend ClassMethods
7		- include InstanceMethods
8		- before_filter :load_custom_design if self.respond_to? :before_filter
9		- end
10		-
11		- module ClassMethods
12		-
13		- def no_design_blocks
14		- @no_design_blocks = true
15		- end
16		-
17		- def use_custom_design options = {}
18		- @custom_design = options
19		- end
20		-
21		- def custom_design
22		- @custom_design \|\|= {}
23		- end
24		-
25		- def uses_design_blocks?
26		- !@no_design_blocks
27		- end
28		-
29		- end
30		-
31		- module InstanceMethods
32		-
33		- protected
34		-
35		- def uses_design_blocks?
36		- !@no_design_blocks && self.class.uses_design_blocks?
37		- end
38		-
39		- def load_custom_design
40		- # see also: LayoutHelper#body_classes
41		- @layout_template = self.class.custom_design[:layout_template]
42		- end
43		-
44		- def custom_design
45		- @custom_design \|\| self.class.custom_design
46		- end
47		-
48		- end
49		-
50		-end
...	...	@@ -25,6 +25,5 @@ require 'acts_as_customizable'
25	25	require 'route_if'
26	26	require 'maybe_add_http'
27	27	require 'set_profile_region_from_city_state'
28		-require 'needs_profile'
29	28	require 'white_list_filter'
30	29
...	...
...	...	@@ -1,40 +0,0 @@
1		-module NeedsProfile
2		-
3		- module ClassMethods
4		- def needs_profile
5		- before_filter :load_profile
6		- end
7		- end
8		-
9		- def self.included(including)
10		- including.send(:extend, NeedsProfile::ClassMethods)
11		- end
12		-
13		- def boxes_holder
14		- profile \|\| environment # prefers profile, but defaults to environment
15		- end
16		-
17		- def profile
18		- @profile
19		- end
20		-
21		- protected
22		-
23		- def load_profile
24		- if params[:profile]
25		- params[:profile].downcase!
26		- @profile \|\|= environment.profiles.where(identifier: params[:profile]).first
27		- end
28		-
29		- if @profile
30		- profile_hostname = @profile.hostname
31		- if profile_hostname && profile_hostname != request.host
32		- params.delete(:profile)
33		- redirect_to(Noosfero.url_options.merge(params).merge(:host => profile_hostname))
34		- end
35		- else
36		- render_not_found
37		- end
38		- end
39		-
40		-end
...	...	@@ -0,0 +1,19 @@
	1	+require_relative "../test_helper"
	2	+
	3	+class CustomDesignTest < ActionView::TestCase
	4	+
	5	+ include CustomDesign
	6	+ include ActionView::Helpers::TagHelper
	7	+
	8	+ def setup
	9	+ end
	10	+
	11	+ should 'allow class instance customization of custom design' do
	12	+ self.class.use_custom_design boxes_limit: 1
	13	+ assert_equal({boxes_limit: 1}, self.custom_design)
	14	+ @custom_design = {boxes_limit: 2}
	15	+ assert_equal({boxes_limit: 2}, self.custom_design)
	16	+
	17	+ end
	18	+
	19	+end
...	...
...	...	@@ -1,20 +0,0 @@
1		-require_relative "../test_helper"
2		-require 'boxes_helper'
3		-
4		-class DesignHelperTest < ActionView::TestCase
5		-
6		- include DesignHelper
7		- include ActionView::Helpers::TagHelper
8		-
9		- def setup
10		- end
11		-
12		- should 'allow class instance customization of custom design' do
13		- self.class.use_custom_design boxes_limit: 1
14		- assert_equal({boxes_limit: 1}, self.custom_design)
15		- @custom_design = {boxes_limit: 2}
16		- assert_equal({boxes_limit: 2}, self.custom_design)
17		-
18		- end
19		-
20		-end