Adding direct door access commands and interface

2013-12-02 02:03:40 -07:00
parent d2434be109
commit 41a8431be5
13 changed files with 300 additions and 11 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -7,6 +7,7 @@ class ApplicationController < ActionController::Base
    else
      flash[:alert] = "Nothing to see here!"
    end
+    Rails.logger.warn "----------\r\nWARNING: AccessDenied Exception: #{exception.inspect} User: #{current_user.inspect}\r\n----------"
    redirect_to root_url
  end

--- a/app/controllers/space_api_controller.rb
+++ b/app/controllers/space_api_controller.rb
@@ -1,6 +1,8 @@
 class SpaceApiController < ApplicationController
-  authorize_resource :except => :index
-  before_filter :authenticate_user!, :except => :index
+  # Individually remove authorizing stuff since there is no SpaceApi model
+  authorize_resource :except => [:index, :access, :access_post]
+  # User auth here happens via params, instead of form.
+  before_filter :authenticate_user!, :except => [:index, :access, :access_post]

  def index
    @json = JSON.parse(Setting.space_api_json_template)
@@ -21,11 +23,74 @@ class SpaceApiController < ApplicationController
    respond_to do |format|
      format.html
      format.json { 
-        response.headers['Access-Control-Allow-Origin'] = '*'
        response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
        render :json => @json
      }
    end
  end

+  def access
+    @status = DoorLog.show_status
+
+    # Nothing, just render form
+    unless user_signed_in?
+      @output =  "Invalid email or password. Please login with your Members DB email and password below."
+    else
+      unless can? :access_doors_remotely, :door_access
+        @output =  "Sorry, your account isn't able to control doors remotely."
+      end
+    end
+  end
+
+  def access_post
+    @output = ""
+
+    #if params['cmd'] == "check-login" then
+    #  if users[params['user']] && users[params['user']]['pass'].to_s == (Digest::SHA2.new(bitlen=512) << params['pass']).to_s then
+    #    @output +=  '{ "login": "okay" }'
+    #  else
+    #    @output +=  '{ "login": "fail" }'
+    #  end
+    # 
+    #  exit
+    #end
+    
+    # Stop unless signed in already, OR if the supplied user/pass params are good.
+    unless current_user || check_auth(params['user'],params['pass'])
+      @output +=  "Invalid email or password."
+    else
+      # Stop unless the user can access the door system
+      unless can? :access_doors_remotely, :door_access
+        @output += "Sorry, your account isn't able to control doors remotely. Ask an admin if this is incorrect."
+        Rails.logger.warn "----------\r\nWARNING: DOOR ACCESS ATTEMPT DENIED. USER #{current_user.inspect}\r\n----------"
+      else
+        # Stop unless we've got a command to run
+        unless params['cmd']
+          @output += "No command specified."
+        else 
+          # Log the access
+          Rails.logger.info "Door access: user #{current_user.inspect}"
+          DoorLog.create!({:key => "rem_"+DoorLog.parse_command(params['cmd'])[:url_param], :data => current_user.id})
+
+          # Execute the access
+          @output += DoorLog.execute_command(params['cmd'])
+        end 
+      end
+    end
+
+    # Render the form again
+    render :access
+  end
+
+  def check_auth(email,password)
+    resource = User.find_by_email(email)
+    if resource && resource.valid_password?(password)
+      resource.remember_me = true
+      sign_in :user, resource
+      return true
+    else
+      return false
+    end
+  end
+
 end