Allowing access when login_required is site wide?

Added by Anders Aagaard over 11 years ago

I have a redmine setup, and I want to keep login_required on site wide.

But I have a controller pulling information (statistics etc) from redmine, using render :partial, and putting it into an iframe into our intranet setup. This works very well when the user is logged in, but if a user is not logged in I get an extremely ugly and non functional (because of the small iframe) login window.

I tried overriding check_if_login_required in my controller, but that ends up giving me a 403.

Is there any clean way, through plugin overrides only, I can allow a side to be rendered without login, when login_required is on?

Replies (2)

RE: Allowing access when login_required is site wide? - Added by Paolo Montrasio almost 11 years ago

I had the same problem and I fixed it by adding a line into ApplicationController#check_if_login_required
It looks like this now

  def check_if_login_required
    # no check needed if user is already logged in
    return true if User.current.logged?
    # NEW LINE! No login required for all actions of my CustomController
    return true if params[:controller] == "custom" 
    require_login if Setting.login_required?
  end

You might need to do something more elaborate, maybe checking for both the controller and the actions, but that's the general idea.

RE: Allowing access when login_required is site wide? - Added by Anders Aagaard almost 11 years ago

Thanks! I scrapped this function in what I was building, as it wasn't strictly needed for the stuff I was building. But I have another function coming up where this will be required, and I've let it hang for a bit as I knew this might be an obstacle.

(1-2/2)