Open-Source-Access-Control-.../app/controllers/cards_controller.rb

161 lines
4.3 KiB
Ruby
Raw Normal View History

class CardsController < ApplicationController
2014-02-23 12:55:00 +00:00
load_and_authorize_resource except: :authorize
before_filter :authenticate_user!, except: :authorize
# GET /cards
# GET /cards.json
def index
#@cards = Card.all
#authorize! :read, @cards
@cards = @cards.sort_by{|e| e[:id]}
if can? :read, DoorLog then
most_active_count = 0
runner_up_count = 0
@most_active_card = nil
@runner_up_card = nil
@cards.each do |card|
card_num_R = card.card_number.to_i(16)%32767
card[:accesses_this_week] = DoorLog.where("key = ? AND data = ? AND created_at > ?", 'G', card_num_R, DateTime.now - 1.month).order("created_at DESC").group_by { |d| d.created_at.beginning_of_day }.count
end
@most_active_cards = @cards.sort{|a,b| b[:accesses_this_week] <=> a[:accesses_this_week]}
@most_active_card = @most_active_cards[0]
@runner_up_card = @most_active_cards[1]
end
respond_to do |format|
format.html # index.html.erb
format.json { render :json => @cards }
end
end
# GET /cards/1
# GET /cards/1.json
def show
if can? :read, DoorLog then
card_num_R = @card.card_number.to_i(16)%32767
@door_logs = DoorLog.where('key = ? AND data = ?', "G", card_num_R).order("created_at DESC")
end
respond_to do |format|
format.html # show.html.erb
format.json { render :json => @card }
end
end
# PUT /cards/1/upload
def upload
#@card = Card.find(params[:id])
@upload_result = @card.upload_to_door
respond_to do |format|
format.html # show.html.erb
format.json { render :json => @upload_result }
end
end
# PUT /cards/upload_all
def upload_all
@upload_result = Card.upload_all_to_door
respond_to do |format|
format.html # show.html.erb
format.json { render :json => @upload_result }
end
end
# GET /cards/new
# GET /cards/new.json
def new
#@card = Card.new
respond_to do |format|
format.html # new.html.erb
format.json { render :json => @card }
end
end
# GET /cards/1/edit
def edit
#@card = Card.find(params[:id])
end
# POST /cards
# POST /cards.json
def create
#@card = Card.new(params[:card])
respond_to do |format|
if @card.save
format.html { redirect_to cards_url, :notice => 'Card was successfully created.' }
format.json { render :json => @card, :status => :created, :location => @card }
else
format.html { render :action => "new" }
format.json { render :json => @card.errors, :status => :unprocessable_entity }
end
end
end
# PUT /cards/1
# PUT /cards/1.json
def update
#@card = Card.find(params[:id])
respond_to do |format|
if @card.update_attributes(params[:card])
format.html { redirect_to cards_url, :notice => 'Card was successfully updated.' }
format.json { head :no_content }
else
format.html { render :action => "edit" }
format.json { render :json => @card.errors, :status => :unprocessable_entity }
end
end
end
2014-02-23 12:55:00 +00:00
def authorize
# Stop unless signed in already, OR if the supplied user/pass params are good.
unless current_user || check_auth(params['user'],params['pass'])
@auth = "bad_user_or_pass"
else
# Stop unless the user can access the door system
unless can? :authorize, Card
@auth = "bad_user_permissions"
Rails.logger.warn "----------\r\nWARNING: CARD AUTH ATTEMPT DENIED. USER #{current_user.inspect}\r\n----------"
else
begin
@card = Card.find(:first, :conditions => ["lower(card_number) = ?", params[:id].downcase])
@auth = @card.inspect
if @card && @card.user
@auth = @card.user.has_certification?(params[:device])
else
@auth = false
end
rescue
@auth = false
end
end
end
if @card && @card.user
username = @card.user.name
else
username = nil
end
render json: [@auth, username]
end
# DELETE /cards/1
# DELETE /cards/1.json
def destroy
#@card = Card.find(params[:id])
@card.destroy
respond_to do |format|
format.html { redirect_to cards_url, :notice => 'Card successfully deleted.' }
format.json { head :no_content }
end
end
end