From dbd302164b74de2b241627bcc205de7245ea0da1 Mon Sep 17 00:00:00 2001
From: mr <mr@mrautenberg.de>
Date: Tue, 18 Jan 2011 17:15:14 +0100
Subject: refactoring A&A

---
 lib/authorization.rb |  6 +++++-
 lib/helper.rb        | 30 ++++++++++++++----------------
 2 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/lib/authorization.rb b/lib/authorization.rb
index dab228a..7e898cc 100644
--- a/lib/authorization.rb
+++ b/lib/authorization.rb
@@ -286,7 +286,11 @@ module OpenTox
       end
       true
     end    
-    
+
+    class << self    
+      alias :token_valid? :is_token_valid
+    end
+
   end 
 end
 
diff --git a/lib/helper.rb b/lib/helper.rb
index cc643f3..5fe1857 100644
--- a/lib/helper.rb
+++ b/lib/helper.rb
@@ -3,18 +3,21 @@ helpers do
   # Authentification
   def protected!(subjectid)
     if env["session"]
-      flash[:notice] = "You don't have access to this section: " and \
-      redirect back and \
-      return unless authorized?(subjectid)
+      unless authorized?(subjectid)
+        flash[:notice] = "You don't have access to this section: "
+        redirect back
+      end
     elsif !env["session"] && subjectid
-      throw(:halt, [401, "Not authorized.\n"]) and \
-      redirect back and \
-      return unless authorized?(subjectid)
+      unless authorized?(subjectid)
+        throw(:halt, [401, "Not authorized.\n"])
+        redirect back
+      end
+    else
+      throw(:halt, [401, "Not authorized.\n"]) unless authorized?(subjectid)
     end
-    throw(:halt, [401, "Not authorized.\n"]) and \
-    return unless authorized?(subjectid)
   end
 
+
   #Check Authorization for URI with method and subjectid. 
   def authorized?(subjectid)
     request_method = request.env['REQUEST_METHOD']
@@ -40,12 +43,6 @@ helpers do
     "#{out.scheme}:" + (out.port != 80 ? out.port : "") + "//#{out.host}#{out.path}"
   end
 
-  def check_subjectid(subjectid)
-    return false if !subjectid
-    return true if subjectid.size > 62
-    false
-  end
-
   #unprotected uris for login/logout, webapplication ...
   def unprotected_requests
     case  env['REQUEST_URI']
@@ -65,9 +62,10 @@ end
 before do
   unless unprotected_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) 
     begin
+      subjectid = nil
       subjectid = session[:subjectid] if session[:subjectid]
-      subjectid = params[:subjectid]  if params[:subjectid] and !check_subjectid(subjectid)
-      subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !check_subjectid(subjectid)
+      subjectid = params[:subjectid]  if params[:subjectid] and !subjectid
+      subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !subjectid
       # see http://rack.rubyforge.org/doc/SPEC.html
       subjectid = CGI.unescape(subjectid) if subjectid.include?("%23")
       @subjectid = subjectid
-- 
cgit v1.2.3