engine/app/controllers/locomotive/cross_domain_sessions_controller.rb

40 lines
1.0 KiB
Ruby

module Locomotive
class CrossDomainSessionsController < BaseController
layout '/locomotive/layouts/not_logged_in'
skip_before_filter :verify_authenticity_token
skip_before_filter :validate_site_membership
before_filter :require_account, :only => :new
skip_load_and_authorize_resource
def new
if site = current_locomotive_account.sites.detect { |s| s._id.to_s == params[:target_id] }
if Rails.env == 'development'
@target = site.full_subdomain
else
@target = site.domains_without_subdomain.first || site.full_subdomain
end
current_locomotive_account.reset_switch_site_token!
else
redirect_to admin_pages_path
end
end
def create
if account = Account.find_using_switch_site_token(params[:token])
account.reset_switch_site_token!
sign_in(account)
redirect_to admin_pages_path
else
redirect_to new_admin_session_path, :alert => t('flash.locomotive.cross_domain_sessions.create.alert')
end
end
end
end