[myexperiment-hackers] [2628] trunk/app/controllers/previews_controller.rb: adjusted previews controller to request http basic on auth failure

[noreply]

Revision

2628

Author

dgc

Date

2011-07-05 11:27:27 -0400 (Tue, 05 Jul 2011)

Log Message

adjusted previews controller to request http basic on auth failure

Modified Paths

• trunk/app/controllers/previews_controller.rb

Diff

Modified: trunk/app/controllers/previews_controller.rb (2627 => 2628)

--- trunk/app/controllers/previews_controller.rb	2011-07-05 15:26:37 UTC (rev 2627)
+++ trunk/app/controllers/previews_controller.rb	2011-07-05 15:27:27 UTC (rev 2628)
@@ -9,13 +9,34 @@
 
   def show
 
+    auth = request.env["HTTP_AUTHORIZATION"]
+    user = current_user
+
+    if auth and auth.starts_with?("Basic ")
+      credentials = Base64.decode64(auth.sub(/^Basic /, '')).split(':')
+      user = User.authenticate(credentials[0], credentials[1])
+
+      if user.nil?
+        render :nothing => true, :status => "401 Unauthorized"
+        response.headers['WWW-Authenticate'] = "Basic realm=\"#{Conf.sitename} REST API\""
+        return
+      end
+    end
+
     if @context.preview.nil?
       render :nothing => true, :status => "404 Not Found"
       return
     end
 
-    if Authorization.check(:action ="" 'view', :object => @context, :user => current_user) == false
+    if @context.respond_to?("versioned_resource")
+      auth_object = @context.versioned_resource
+    else
+      auth_object = @context
+    end
+
+    if Authorization.check(:action ="" 'view', :object => auth_object, :user => user) == false
       render :nothing => true, :status => "401 Unauthorized"
+      response.headers['WWW-Authenticate'] = "Basic realm=\"#{Conf.sitename} REST API\""
       return
     end