foodsoft/app/controllers/application_controller.rb

class ApplicationController < ActionController::Base

  filter_parameter_logging :password, :password_confirmation   # do not log passwort parameters
  before_filter :select_foodcoop, :authenticate, :store_controller
  after_filter  :remove_controller
  
  # sends a mail, when an error occurs
  # see plugins/exception_notification
  include ExceptionNotifiable

  # Returns the controller handling the current request.
  def self.current
    Thread.current[:application_controller]
  end

  # Use this method to call a rake task,,
  # e.g. to deliver mails after there are created.
  def call_rake(task, options = {})
    options[:rails_env] ||= Foodsoft.env
    args = options.map { |n, v| "#{n.to_s.upcase}='#{v}'" }
    system "/usr/bin/rake #{task} #{args.join(' ')} --trace 2>&1 >> #{Rails.root}/log/rake.log &"
  end

  
  protected

  def current_user
    begin
      # check if there is a valid session and return the logged-in user (its object)
      if session[:user] and session[:foodcoop]
        # for shared-host installations. check if the cookie-subdomain fits to request.
        return User.current_user = User.find(session[:user]) if session[:foodcoop] == Foodsoft.env
      end
    rescue
      reset_session
      flash[:error]= _("An error has occurred. Please login again.")
      redirect_to :controller => 'login'
    end
  end

  def current_user=(user)
    session[:user], session[:foodcoop] = user.id, Foodsoft.env
  end
    
  def return_to
    session['return_to']
  end

  def return_to=(uri)
    session['return_to'] = uri
  end
    
  def deny_access
    self.return_to = request.request_uri
    redirect_to :controller => '/login', :action => 'denied'
    return false
  end

  private  

  def authenticate(role = 'any')
    # Attempt to retrieve authenticated user from controller instance or session...
    if !(user = current_user)
      # No user at all: redirect to login page.
      self.return_to = request.request_uri
      redirect_to :controller => '/login'
      return false
    else
      # We have an authenticated user, now check role...
      # Roles gets the user through his memberships.
      hasRole = case role
      when "admin"  then user.role_admin?
      when "finance"   then  user.role_finance?
      when "article_meta" then user.role_article_meta?
      when "suppliers"  then user.role_suppliers?
      when "orders" then user.role_orders?
      when "any" then true        # no role required
      else false                  # any unknown role will always fail
      end
      if hasRole
        @current_user = user
      else
        deny_access
      end
    end
  end
    
  def authenticate_admin
    authenticate('admin')
  end
    
  def authenticate_finance
    authenticate('finance')
  end
    
  def authenticate_article_meta
    authenticate('article_meta')
  end

  def authenticate_suppliers
    authenticate('suppliers')
  end

  def authenticate_orders
    authenticate('orders')
  end

  # checks if the current_user is member of given group.
  # if fails the user will redirected to startpage
  def authenticate_membership_or_admin
    @group = Group.find(params[:id])
    unless @group.member?(@current_user) or @current_user.role_admin?
      flash[:error] = "Diese Aktion ist nur für Mitglieder der Gruppe erlaubt!"
      if request.xml_http_request?
        render(:update) {|page| page.redirect_to root_path }
      else
        redirect_to root_path
      end
    end
  end

  # Stores this controller instance as a thread local varibale to be accessible from outside ActionController/ActionView.
  def store_controller
    Thread.current[:application_controller] = self
  end
    
  # Sets the thread local variable that holds a reference to the current controller to nil.
  def remove_controller
    Thread.current[:application_controller] = nil
  end

  # Get supplier in nested resources
  def find_supplier
    @supplier = Supplier.find(params[:supplier_id]) if params[:supplier_id]
  end

  # Set config and database connection for each request
  # It uses the subdomain to select the appropriate section in the config files
  # Use this method as a before filter (first filter!) in ApplicationController
  def select_foodcoop
    if Foodsoft.config[:multi_coop_install]
      if !params[:foodcoop].blank?
        begin
          # Set Config
          Foodsoft.env = params[:foodcoop]
          # Set database-connection
          ActiveRecord::Base.establish_connection(Foodsoft.database)
        rescue => error
          flash[:error] = error.to_s
          redirect_to root_path
        end
      else
        redirect_to root_path
      end
    else
      # Deactivate routing filter
      RoutingFilter::Foodcoop.active = false
    end
  end
end