ratnikov/gist:31698

## gistfile1.rb
require 'cgi'
module LoggedInControllerExtension

  def self.included(base)
    base.extend Setup
    base.setup_logged_in
  end

  module Setup
    def setup_logged_in
      include InstanceMethods
      before_filter :validate_ace_user
      helper_method :current_user, :display_forecast_link?, :display_admin_home_link?
      self.allow_forgery_protection = false
    end
  end

  module InstanceMethods

    protected
    def current_user
      @current_user
    end

    def username
      session[ApplicationController::SESSION_KEY__USERNAME]
    end

    def clear_session
      referrer = "#{request.protocol}#{request.host_with_port}#{request.request_uri}"
      session[ApplicationController::SESSION_KEY__REFERRER] = CGI::escape(referrer)
    end

    def validate_ace_user
      if username.nil?
        if request.request_uri.length > 1
          clear_session
        end
        redirect_to :controller => "/login", :action => "index"
        return false
      end
      @current_user = Member.find_by_username(username)
      if (@current_user.inactive?)
        flash[:error] = "Your account has been deactivated. For more information please contact support@#{AceConfig['email_domain']}"
        clear_session
        redirect_to :controller => '/login', :action => :index
      end
      true
    end

    def display_forecast_link?
      @current_user.has_site_role?(:project_billing_admin)
    end

    def display_admin_home_link?
      @current_user and @current_user.has_any_of_these_site_roles?(
                                                                   :project_billing_admin,
                                                                   :can_view_reports,
                                                                   :hour_report_admin,
                                                                   :news_admin,
                                                                   :text_admin,
                                                                   :template_task_admin,
                                                                   :links_admin,
                                                                   :work_order_admin
      )
    end
  end

end

## gistfile2.txt
require File.dirname(__FILE__) + '/../test_helper'

class LoggedInController
  include LoggedInControllerExtension
  attr_accessor :redirect_to_args
  def web_method
    render :text => ''
  end
  def redirect_to *args
    self.redirect_to_args = args
  end
end

class LoggedInControllerTest < ActionController::TestCase

  context "given an inactive user" do
    @controller.username = member(:inactive_user).username
    @controller.validate_ace_user

    class << @controller
      attr_accessor :session_cleared
      def clear_session; self.session_cleared = true end
    end

    assert !validate_ace_user, "Should fail ace user for whatever reason."
    assert_equal({ :controller => "/login", :action => "index" },
    assert @controller.session_cleared, "Should have cleared the session."
  end
end
	require 'cgi'
	module LoggedInControllerExtension

	def self.included(base)
	base.extend Setup
	base.setup_logged_in
	end

	module Setup
	def setup_logged_in
	include InstanceMethods
	before_filter :validate_ace_user
	helper_method :current_user, :display_forecast_link?, :display_admin_home_link?
	self.allow_forgery_protection = false
	end
	end

	module InstanceMethods

	protected
	def current_user
	@current_user
	end

	def username
	session[ApplicationController::SESSION_KEY__USERNAME]
	end

	def clear_session
	referrer = "#{request.protocol}#{request.host_with_port}#{request.request_uri}"
	session[ApplicationController::SESSION_KEY__REFERRER] = CGI::escape(referrer)
	end

	def validate_ace_user
	if username.nil?
	if request.request_uri.length > 1
	clear_session
	end
	redirect_to :controller => "/login", :action => "index"
	return false
	end
	@current_user = Member.find_by_username(username)
	if (@current_user.inactive?)
	flash[:error] = "Your account has been deactivated. For more information please contact support@#{AceConfig['email_domain']}"
	clear_session
	redirect_to :controller => '/login', :action => :index
	end
	true
	end

	def display_forecast_link?
	@current_user.has_site_role?(:project_billing_admin)
	end

	def display_admin_home_link?
	@current_user and @current_user.has_any_of_these_site_roles?(
	:project_billing_admin,
	:can_view_reports,
	:hour_report_admin,
	:news_admin,
	:text_admin,
	:template_task_admin,
	:links_admin,
	:work_order_admin
	)
	end
	end

	end
	require File.dirname(__FILE__) + '/../test_helper'

	class LoggedInController
	include LoggedInControllerExtension
	attr_accessor :redirect_to_args
	def web_method
	render :text => ''
	end
	def redirect_to *args
	self.redirect_to_args = args
	end
	end

	class LoggedInControllerTest < ActionController::TestCase

	context "given an inactive user" do
	@controller.username = member(:inactive_user).username
	@controller.validate_ace_user

	class << @controller
	attr_accessor :session_cleared
	def clear_session; self.session_cleared = true end
	end

	assert !validate_ace_user, "Should fail ace user for whatever reason."
	assert_equal({ :controller => "/login", :action => "index" },
	assert @controller.session_cleared, "Should have cleared the session."
	end
	end