diff options
author | mguetlein <martin.guetlein@gmail.com> | 2011-02-14 17:48:26 +0100 |
---|---|---|
committer | mguetlein <martin.guetlein@gmail.com> | 2011-02-14 17:48:26 +0100 |
commit | d4eb231a35c23a5fdb36fd6220b5ab706e7528ba (patch) | |
tree | b707e43fd0fc17bf1b7eb6aa9430c694b7f457a3 /lib/helper.rb | |
parent | 7dd4c74bf118285d567b0b221d091511b6a77b2f (diff) |
read from subjectcookie, fix read feature_type
Diffstat (limited to 'lib/helper.rb')
-rw-r--r-- | lib/helper.rb | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/helper.rb b/lib/helper.rb index 191b932..a1590d7 100644 --- a/lib/helper.rb +++ b/lib/helper.rb @@ -19,8 +19,6 @@ helpers do #Check Authorization for URI with method and subjectid. def authorized?(subjectid) - # hack for reports, address problem as soon as subjectid is not longer allowed as param - return true if request.env['REQUEST_URI'] =~ /validation\/report\/.*svg$/ request_method = request.env['REQUEST_METHOD'] uri = clean_uri("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}") request_method = "GET" if request_method == "POST" && uri =~ /\/model\/\d+\/?$/ @@ -52,6 +50,7 @@ before do subjectid = session[:subjectid] if session[:subjectid] subjectid = params[:subjectid] if params[:subjectid] and !subjectid subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !subjectid + subjectid = request.cookies["subjectid"] unless subjectid # see http://rack.rubyforge.org/doc/SPEC.html subjectid = CGI.unescape(subjectid) if subjectid.include?("%23") @subjectid = subjectid |