diff options
| -rw-r--r-- | app/controllers/devise/cas_sessions_controller.rb | 10 | ||||
| -rw-r--r-- | app/models/user.rb | 3 |
2 files changed, 9 insertions, 4 deletions
diff --git a/app/controllers/devise/cas_sessions_controller.rb b/app/controllers/devise/cas_sessions_controller.rb index 0a9d9ecb2..d000d0309 100644 --- a/app/controllers/devise/cas_sessions_controller.rb +++ b/app/controllers/devise/cas_sessions_controller.rb @@ -20,14 +20,14 @@ class Devise::CasSessionsController < Devise::SessionsController if LoginPolicy.new(current_user).boiv? redirect_to after_sign_in_path_for(current_user) else - redirect_to root_path, flash: {alert: t('devise.sessions.new.unauthorized')} + destroy message: t('devise.sessions.new.unauthorized') end end def unregistered end - def destroy + def destroy message: nil # if :cas_create_user is false a CAS session might be open but not signed_in # in such case we destroy the session here if signed_in?(resource_name) @@ -36,7 +36,11 @@ class Devise::CasSessionsController < Devise::SessionsController reset_session end - redirect_to(cas_logout_url) + if message + redirect_to(cas_logout_url, flash: {alert: message}) + else + redirect_to(cas_logout_url) + end end def single_sign_out diff --git a/app/models/user.rb b/app/models/user.rb index 1a06746da..4ba05b164 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -31,13 +31,14 @@ class User < ActiveRecord::Base @@edit_offer_permissions = ['routes.create', 'routes.edit', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy', 'vehicle_journeys.create', 'vehicle_journeys.edit', 'vehicle_journeys.destroy', 'time_tables.create', 'time_tables.edit', 'time_tables.destroy', 'footnotes.edit', 'footnotes.create', 'footnotes.destroy', 'routing_constraint_zones.create', 'routing_constraint_zones.edit', - 'routing_constraint_zones.destroy', 'referentials.create', 'referentials.edit', 'referentials.destroy'] + 'routing_constraint_zones.destroy', 'referentials.create', 'referentials.edit', 'referentials.destroy', 'boiv:edit-offer'] mattr_reader :edit_offer_permissions def self.all_permissions edit_offer_permissions end + # Callback invoked by DeviseCasAuthenticable::Model#authernticate_with_cas_ticket def cas_extra_attributes=(extra_attributes) extra = extra_attributes.inject({}){|memo,(k,v)| memo[k.to_sym] = v; memo} self.name = extra[:full_name] |