diff options
| author | mguetlein <martin.guetlein@gmail.com> | 2011-01-26 15:54:05 +0100 |
|---|---|---|
| committer | mguetlein <martin.guetlein@gmail.com> | 2011-01-26 15:54:05 +0100 |
| commit | ce93b07bb253df3c548c59bacc869839aa78bb4c (patch) | |
| tree | 49089ce84a319fb46136fb4e4f0f4407ee7b1fb3 /lib/helper.rb | |
| parent | 2528891633d838a383f5a0e07712a0a8ee839f32 (diff) | |
add whitlisting concept for A&A, some minor modifications
Diffstat (limited to 'lib/helper.rb')
| -rw-r--r-- | lib/helper.rb | 12 |
1 files changed, 1 insertions, 11 deletions
diff --git a/lib/helper.rb b/lib/helper.rb index e82c8fb..afeeb43 100644 --- a/lib/helper.rb +++ b/lib/helper.rb @@ -16,22 +16,12 @@ helpers do end end - #Check Authorization for URI with method and subjectid. def authorized?(subjectid) request_method = request.env['REQUEST_METHOD'] uri = clean_uri("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}") request_method = "GET" if request_method == "POST" && uri =~ /\/model\/\d+\/?$/ - if CONFIG[:authorization][:authorize_request].include?(request_method) - ret = OpenTox::Authorization.authorize(uri, request_method, subjectid) - LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request_method} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return >>#{ret}<<" - return ret - end - if CONFIG[:authorization][:authenticate_request].include?(request_method) - return true if OpenTox::Authorization.is_token_valid(subjectid) - end - LOGGER.debug "Not authorized for: #{uri} with Method: #{request.env['REQUEST_METHOD']}/#{request_method} with Token #{subjectid}" - return false + return OpenTox::Authorization.authorized?(uri, request_method, subjectid) end #cleans URI from querystring and file-extension. Sets port 80 to emptystring |