Dmitry Yu Okunev лет назад: 7
Родитель
Сommit
5a4324b1d3

+ 39 - 1
app/controllers/application_controller.rb

@@ -1,3 +1,41 @@
 class ApplicationController < ActionController::Base
-  protect_from_forgery with: :exception
+	protect_from_forgery with: :exception
+	protect_from_forgery with: :null_session, if: Proc.new { |c| c.request.format.json? }
+
+	before_action :common
+	before_action :determine_user
+
+	def determine_user
+
+		if session[:cas].respond_to?(:with_indifferent_access)
+			session[:cas] = session[:cas].with_indifferent_access
+		end
+
+		if params[:apiKey] === Rails.application.config.cps_api_key
+			@user = Hash.new
+			@user["user"] = "cps"
+			return
+		end
+
+		if session[:cas].nil? || session[:cas][:user].nil? #|| (session[:cas][:last_validated_at].blank? || session[:cas][:last_validated_at] < 15.minutes.ago)
+			redirect_to "https://login.mephi.ru/login?service=#{url_for(:only_path => false)}"
+		end
+
+		@user = session[:cas]
+
+		unless @user.nil?
+			@user["user"] = @user["user"].downcase
+
+			@allowed_users = [ 'dyokunev', 'nnromanov', 'aatruttse', 'avsolodovnikov', 'pvmakarov', 'kvmartinov', 'earoganov' ]
+
+			unless @allowed_users.include?(@user["user"])
+				render(:file => File.join(Rails.root, 'public/403.html'), :status => 403, :layout => false)
+			end
+		end
+	end
+
+	def common
+		@current_url = url_for(:only_path => false)
+		@back_url    = params[:back_url]
+	end
 end

+ 0 - 37
app/controllers/passes_controller.rb

@@ -1,43 +1,6 @@
 class PassesController < ApplicationController
 	protect_from_forgery
 
-	before_action :common
-	before_action :determine_user
-
-	def common
-		@current_url = url_for(:only_path => false)
-	end
-
-	# deduplicate this with people_controller.rb
-	def determine_user
-
-		if session[:cas].respond_to?(:with_indifferent_access)
-			session[:cas] = session[:cas].with_indifferent_access
-		end
-
-		if params[:apiKey] === Rails.application.config.cps_api_key
-			@user = Hash.new
-			@user["user"] = "cps"
-			return
-		end
-
-		if session[:cas].nil? || session[:cas][:user].nil? #|| (session[:cas][:last_validated_at].blank? || session[:cas][:last_validated_at] < 15.minutes.ago)
-			redirect_to "https://login.mephi.ru/login?service=#{url_for(:only_path => false)}"
-		end
-
-		@user = session[:cas]
-
-		unless @user.nil?
-			@user["user"] = @user["user"].downcase
-
-			@allowed_users = [ 'dyokunev', 'nnromanov', 'aatruttse', 'avsolodovnikov', 'pvmakarov', 'kvmartinov', 'earoganov' ]
-
-			unless @allowed_users.include?(@user["user"])
-				render(:file => File.join(Rails.root, 'public/403.html'), :status => 403, :layout => false)
-			end
-		end
-	end
-
 	def show
 		@pass = Pass.find(params[:id])
 

+ 0 - 37
app/controllers/people_controller.rb

@@ -1,43 +1,6 @@
 class PeopleController < ApplicationController
 	protect_from_forgery
 
-	before_action :common
-	before_action :determine_user
-
-	def common
-		@current_url = url_for(:only_path => false)
-		@back_url    = params[:back_url]
-	end
-
-	def determine_user
-
-		if session[:cas].respond_to?(:with_indifferent_access)
-			session[:cas] = session[:cas].with_indifferent_access
-		end
-
-		if params[:apiKey] === Rails.application.config.cps_api_key
-			@user = Hash.new
-			@user["user"] = "cps"
-			return
-		end
-
-		if session[:cas].nil? || session[:cas][:user].nil? #|| (session[:cas][:last_validated_at].blank? || session[:cas][:last_validated_at] < 15.minutes.ago)
-			redirect_to "https://login.mephi.ru/login?service=#{url_for(:only_path => false)}"
-		end
-
-		@user = session[:cas]
-
-		unless @user.nil?
-			@user["user"] = @user["user"].downcase
-
-			@allowed_users = [ 'dyokunev', 'nnromanov', 'aatruttse', 'avsolodovnikov', 'pvmakarov', 'kvmartinov', 'earoganov' ]
-
-			unless @allowed_users.include?(@user["user"])
-				render(:file => File.join(Rails.root, 'public/403.html'), :status => 403, :layout => false)
-			end
-		end
-	end
-
 	def commonindex
 		@count_total  = @people.size
 		@count_errors = 0