| Class | ApplicationController |
| In: |
app/controllers/application.rb
|
| Parent: | ActionController::Base |
Filters added to this controller apply to all controllers in the application. Likewise, all the methods added will be available for all controllers.
Alter session state so that we will now be acting as "other_user". The user_of_record must have an permission to :act_as other_user, or a PermissionFailure will be thrown.
# File app/controllers/application.rb, line 143
143: def assume_alias( other_user )
144:
145: if other_user != User.of_record
146: User.acting_as_user_of_record do
147: other_user.check_permission! :act_as
148: end
149: end
150:
151: User.current = other_user
152: session[:current_user_id] = other_user.id
153:
154: end
Request filter for logging. NB done as an around filter, in part because after filters get skipped when an exception is thrown…
# File app/controllers/application.rb, line 46
46: def db_log
47: RequestLogEntry.logging( self, request, response ) do
48: yield
49: end
50: end
Alters session state so that the user is logged out; also redirects to the login page. (What else are you gonna do?)
# File app/controllers/application.rb, line 133
133: def ensure_logged_out_and_redirect_to_login_page
134: session[:current_user_id] = nil
135: session[:user_of_record_id] = nil
136: redirect_to :controller => 'password', :action => 'login'
137: end
Find (or create!) the current order for the given store in this session. Note that paid orders are never current… this machinery is for orders still being constructed.
# File app/controllers/application.rb, line 160
160: def find_or_create_current_order_for( store )
161: session[:orders] ||= {}
162: order_id = session[:orders][store.id]
163: order = Order.find( order_id ) unless order_id.nil?
164: if order.nil? || order.paid?
165: order = Order.create :store => store
166: session[:orders][store.id] = order.id
167: end
168: return order
169: end
Returns true if we have remembered a diverted request. See remember_diversion
# File app/controllers/application.rb, line 114
114: def have_diverted_request?
115: !session[:diverted_controller].nil?
116: end
Alter session state so that "user" will now be logged in. The "user" becomes both the acting user and the user of record.
# File app/controllers/application.rb, line 121
121: def login_as( user )
122:
123: User.current = user
124: User.of_record = user
125: session[:current_user_id] = user.id
126: session[:user_of_record_id] = user.id
127:
128: end
Undo a diversion remembered by remember_diversion.
# File app/controllers/application.rb, line 99
99: def redirect_to_diverted_request
100:
101: controller = session[:diverted_controller] || 'stores'
102: action = session[:diverted_action] || 'index'
103:
104: session[:diverted_controller] = nil
105: session[:diverted_action] = nil
106:
107: redirect_to :controller => controller, :action => action
108:
109: end
This can be invoked by a before_filter that‘s hijacking a request with a redirect, in order to remember the controller and action being redirected from. A subsequent call to redirect_to_diverted_request will (attempt to) redirect back.
Note that these diversions don‘t stack (there can only be one in effect at a time), and this mechanism is used by the password-based login machinery.
# File app/controllers/application.rb, line 92
92: def remember_diversion
93: session[:diverted_controller] = controller_name
94: session[:diverted_action] = action_name
95: end