diff options
| author | mr <mr@mrautenberg.de> | 2011-01-18 13:07:52 +0100 |
|---|---|---|
| committer | mr <mr@mrautenberg.de> | 2011-01-18 13:07:52 +0100 |
| commit | 9197d6a6503b3995e6f9499840e91a9ed6d3a1db (patch) | |
| tree | cfb23f7c1825338b362fb1d1e37af369b34f6d8d /lib | |
| parent | 2aafed7543287c420a5aa2e751b8c74ad771d14c (diff) | |
get subjectid from api-wrapper helper
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/environment.rb | 3 | ||||
| -rw-r--r-- | lib/helper.rb | 13 |
2 files changed, 11 insertions, 5 deletions
diff --git a/lib/environment.rb b/lib/environment.rb index 1761d92..203ebc6 100644 --- a/lib/environment.rb +++ b/lib/environment.rb @@ -84,6 +84,9 @@ class OwlNamespace end AA_SERVER = CONFIG[:authorization] ? (CONFIG[:authorization][:server] ? CONFIG[:authorization][:server] : nil) : nil +CONFIG[:authorization][:authenticate_request] = [""] unless CONFIG[:authorization][:authenticate_request] +CONFIG[:authorization][:authorize_request] = [""] unless CONFIG[:authorization][:authorize_request] +CONFIG[:authorization][:free_request] = [""] unless CONFIG[:authorization][:free_request] RDF = OwlNamespace.new 'http://www.w3.org/1999/02/22-rdf-syntax-ns#' OWL = OwlNamespace.new 'http://www.w3.org/2002/07/owl#' diff --git a/lib/helper.rb b/lib/helper.rb index 857c5b5..cc643f3 100644 --- a/lib/helper.rb +++ b/lib/helper.rb @@ -17,16 +17,18 @@ helpers do #Check Authorization for URI with method and subjectid. def authorized?(subjectid) + request_method = request.env['REQUEST_METHOD'] uri = clean_uri("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}") - if CONFIG[:authorization][:authorize_request].include?(request.env['REQUEST_METHOD']) - ret = OpenTox::Authorization.authorize(uri, request.env['REQUEST_METHOD'], subjectid) - LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return >>#{ret}<<" + request_method = "GET" if request_method == "POST" && uri =~ /\/model\/\d+\/?$/ + if CONFIG[:authorization][:authorize_request].include?(request_method) + ret = OpenTox::Authorization.authorize(uri, request_method, subjectid) + LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request_method} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return >>#{ret}<<" return ret end - if CONFIG[:authorization][:authenticate_request].include?(env['REQUEST_METHOD']) + if CONFIG[:authorization][:authenticate_request].include?(request_method) return true if OpenTox::Authorization.is_token_valid(subjectid) end - LOGGER.debug "Not authorized for: #{request.env['rack.url_scheme']}://#{request['REQUEST_URI']} with Method: #{request.env['REQUEST_METHOD']} with Token #{subjectid}" + LOGGER.debug "Not authorized for: #{uri} with Method: #{request.env['REQUEST_METHOD']}/#{request_method} with Token #{subjectid}" return false end @@ -68,6 +70,7 @@ before do subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !check_subjectid(subjectid) # see http://rack.rubyforge.org/doc/SPEC.html subjectid = CGI.unescape(subjectid) if subjectid.include?("%23") + @subjectid = subjectid rescue LOGGER.debug "OpenTox ruby api wrapper: helper before filter: NO subjectid for URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}" subjectid = "" |