-
- # have we identified the user?
- if @user
- # check if the user has been banned
- if @user.blocks.active.exists?
- # NOTE: need slightly more helpful message than this.
- report_error t('application.setup_user_auth.blocked'), :forbidden
- end
-
- # if the user hasn't seen the contributor terms then don't
- # allow editing - they have to go to the web site and see
- # (but can decline) the CTs to continue.
- if REQUIRE_TERMS_SEEN and not @user.terms_seen and flash[:skip_terms].nil?
- set_locale
- report_error t('application.setup_user_auth.need_to_see_terms'), :forbidden
- end
- end
- end
-
- def authorize(realm='Web Password', errormessage="Couldn't authenticate you")
- # make the @user object from any auth sources we have
- setup_user_auth
-
- # handle authenticate pass/fail
- unless @user
- # no auth, the user does not exist or the password was wrong
- response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\""
- render :text => errormessage, :status => :unauthorized
- return false
- end
- end
-
- ##
- # to be used as a before_filter *after* authorize. this checks that
- # the user is a moderator and, if not, returns a forbidden error.
- #
- # NOTE: this isn't a very good way of doing it - it duplicates logic
- # from require_moderator - but what we really need to do is a fairly
- # drastic refactoring based on :format and respond_to? but not a
- # good idea to do that in this branch.
- def authorize_moderator(errormessage="Access restricted to moderators")
- # check user is a moderator
- unless @user.moderator?
- render :text => errormessage, :status => :forbidden
- return false
- end
- end
-
- def check_database_readable(need_api = false)
- if STATUS == :database_offline or (need_api and STATUS == :api_offline)
- redirect_to :controller => 'site', :action => 'offline'
- end
- end
-
- def check_database_writable(need_api = false)
- if STATUS == :database_offline or STATUS == :database_readonly or
- (need_api and (STATUS == :api_offline or STATUS == :api_readonly))
- redirect_to :controller => 'site', :action => 'offline'
- end