trabajo-afectivo/app/controllers/application_controller/has_user.rb

module ApplicationController::HasUser
  extend ActiveSupport::Concern

  included do
    before_action :set_user, :session_update
  end

  private

  def current_user
    user_on_behalf = current_user_on_behalf
    return user_on_behalf if user_on_behalf

    current_user_real
  end

  # Finds the User with the ID stored in the session with the key
  # :current_user_id This is a common way to handle user login in
  # a Rails application; logging in sets the session value and
  # logging out removes it.
  def current_user_real
    return @_current_user if @_current_user
    return if !session[:user_id]

    @_current_user = User.lookup(id: session[:user_id])
  end

  # Finds the user based on the id, login or email which is given
  # in the headers. If it is found then all api activities are done
  # with the behalf of user. With this functionality it is possible
  # to do changes with a user which is different from the admin user.
  # E.g. create a ticket as a customer user based on a user with admin rights.
  def current_user_on_behalf

    # check header
    return if request.headers['X-On-Behalf-Of'].blank?

    # return user if set
    return @_user_on_behalf if @_user_on_behalf

    # get current user
    user_real = current_user_real
    return if !user_real

    # check if the user has admin rights
    raise Exceptions::Forbidden, "Current user has no permission to use 'X-On-Behalf-Of'!" if !user_real.permissions?('admin.user')

    # find user for execution based on the header
    %i[id login email].each do |field|
      search_attributes = search_attributes(field)
      @_user_on_behalf = User.find_by(search_attributes)
      next if !@_user_on_behalf

      return @_user_on_behalf
    end

    # no behalf of user found
    raise Exceptions::Forbidden, "No such user '#{request.headers['X-On-Behalf-Of']}'"
  end

  def search_attributes(field)
    search_attributes = {}
    search_attributes[field] = request.headers['X-On-Behalf-Of']
    if %i[login email].include?(field)
      search_attributes[field] = search_attributes[field].to_s.downcase.strip
    end
    search_attributes
  end

  def current_user_set(user, auth_type = 'session')
    session[:user_id] = user.id
    @_auth_type = auth_type
    @_current_user = user
    set_user
  end

  # Sets the current user into a named Thread location so that it can be accessed
  # by models and observers
  def set_user
    if !current_user
      UserInfo.current_user_id = 1
      return
    end
    UserInfo.current_user_id = current_user.id
  end

  # update session updated_at
  def session_update
    #sleep 0.6

    session[:ping] = Time.zone.now.iso8601

    # check if remote ip need to be updated
    if session[:user_id]
      if !session[:remote_ip] || session[:remote_ip] != request.remote_ip # rubocop:disable Style/SoleNestedConditional
        session[:remote_ip] = request.remote_ip
        session[:geo]       = Service::GeoIp.location(request.remote_ip)
      end
    end

    # fill user agent
    return if session[:user_agent]

    session[:user_agent] = request.env['HTTP_USER_AGENT']
  end
end
Refactoring: Splitted ApplicationController functionality into separat modules and concerns. 2017-03-09 11:44:51 +00:00			`module ApplicationController::HasUser`
			`extend ActiveSupport::Concern`

			`included do`
			`before_action :set_user, :session_update`
			`end`

			`private`

Fixed issue #1805 - API: Ticket creation - wrong user in notifcations, activity stream. 2018-02-13 16:19:22 +00:00			`def current_user`
			`user_on_behalf = current_user_on_behalf`
			`return user_on_behalf if user_on_behalf`
Updated rubocop to latest version (0.59.2) and applied required changes. 2018-10-09 06:17:41 +00:00
Fixed issue #1805 - API: Ticket creation - wrong user in notifcations, activity stream. 2018-02-13 16:19:22 +00:00			`current_user_real`
			`end`

Refactoring: Splitted ApplicationController functionality into separat modules and concerns. 2017-03-09 11:44:51 +00:00			`# Finds the User with the ID stored in the session with the key`
			`# :current_user_id This is a common way to handle user login in`
			`# a Rails application; logging in sets the session value and`
			`# logging out removes it.`
Fixed issue #1805 - API: Ticket creation - wrong user in notifcations, activity stream. 2018-02-13 16:19:22 +00:00			`def current_user_real`
Refactoring: Splitted ApplicationController functionality into separat modules and concerns. 2017-03-09 11:44:51 +00:00			`return @_current_user if @_current_user`
			`return if !session[:user_id]`
Updated rubocop to latest version (0.59.2) and applied required changes. 2018-10-09 06:17:41 +00:00
Refactoring: Splitted ApplicationController functionality into separat modules and concerns. 2017-03-09 11:44:51 +00:00			`@_current_user = User.lookup(id: session[:user_id])`
			`end`

Fixed issue #1805 - API: Ticket creation - wrong user in notifcations, activity stream. 2018-02-13 16:19:22 +00:00			`# Finds the user based on the id, login or email which is given`
			`# in the headers. If it is found then all api activities are done`
			`# with the behalf of user. With this functionality it is possible`
			`# to do changes with a user which is different from the admin user.`
			`# E.g. create a ticket as a customer user based on a user with admin rights.`
			`def current_user_on_behalf`

			`# check header`
			`return if request.headers['X-On-Behalf-Of'].blank?`

			`# return user if set`
			`return @_user_on_behalf if @_user_on_behalf`

			`# get current user`
			`user_real = current_user_real`
			`return if !user_real`

			`# check if the user has admin rights`
Fixes issue #2983 - HTTP 401 responses causing issues with Basic Authentication. 2021-02-04 08:28:41 +00:00			`raise Exceptions::Forbidden, "Current user has no permission to use 'X-On-Behalf-Of'!" if !user_real.permissions?('admin.user')`
Fixed issue #1805 - API: Ticket creation - wrong user in notifcations, activity stream. 2018-02-13 16:19:22 +00:00
			`# find user for execution based on the header`
			`%i[id login email].each do \|field\|`
Fixes #3316 - X-On-Behalf-Of does not downcase input. 2020-12-03 08:07:15 +00:00			`search_attributes = search_attributes(field)`
Fixed issue #1805 - API: Ticket creation - wrong user in notifcations, activity stream. 2018-02-13 16:19:22 +00:00			`@_user_on_behalf = User.find_by(search_attributes)`
			`next if !@_user_on_behalf`
Updated rubocop to latest version (0.59.2) and applied required changes. 2018-10-09 06:17:41 +00:00
Fixed issue #1805 - API: Ticket creation - wrong user in notifcations, activity stream. 2018-02-13 16:19:22 +00:00			`return @_user_on_behalf`
			`end`

			`# no behalf of user found`
Fixes issue #2983 - HTTP 401 responses causing issues with Basic Authentication. 2021-02-04 08:28:41 +00:00			`raise Exceptions::Forbidden, "No such user '#{request.headers['X-On-Behalf-Of']}'"`
Fixed issue #1805 - API: Ticket creation - wrong user in notifcations, activity stream. 2018-02-13 16:19:22 +00:00			`end`

Fixes #3316 - X-On-Behalf-Of does not downcase input. 2020-12-03 08:07:15 +00:00			`def search_attributes(field)`
			`search_attributes = {}`
			`search_attributes[field] = request.headers['X-On-Behalf-Of']`
			`if %i[login email].include?(field)`
			`search_attributes[field] = search_attributes[field].to_s.downcase.strip`
			`end`
			`search_attributes`
			`end`

Refactoring: Splitted ApplicationController functionality into separat modules and concerns. 2017-03-09 11:44:51 +00:00			`def current_user_set(user, auth_type = 'session')`
			`session[:user_id] = user.id`
			`@_auth_type = auth_type`
			`@_current_user = user`
			`set_user`
			`end`

			`# Sets the current user into a named Thread location so that it can be accessed`
			`# by models and observers`
			`def set_user`
			`if !current_user`
			`UserInfo.current_user_id = 1`
			`return`
			`end`
			`UserInfo.current_user_id = current_user.id`
			`end`

			`# update session updated_at`
			`def session_update`
			`#sleep 0.6`

			`session[:ping] = Time.zone.now.iso8601`

			`# check if remote ip need to be updated`
			`if session[:user_id]`
Maintenance: Updated rubocop(-* gems) to latest version (0.92.0). 2020-09-30 09:07:01 +00:00			`if !session[:remote_ip] \|\| session[:remote_ip] != request.remote_ip # rubocop:disable Style/SoleNestedConditional`
Refactoring: Splitted ApplicationController functionality into separat modules and concerns. 2017-03-09 11:44:51 +00:00			`session[:remote_ip] = request.remote_ip`
			`session[:geo] = Service::GeoIp.location(request.remote_ip)`
			`end`
			`end`

			`# fill user agent`
			`return if session[:user_agent]`
Updated rubocop to latest version (0.59.2) and applied required changes. 2018-10-09 06:17:41 +00:00
Refactoring: Splitted ApplicationController functionality into separat modules and concerns. 2017-03-09 11:44:51 +00:00			`session[:user_agent] = request.env['HTTP_USER_AGENT']`
			`end`
			`end`