Sessions_Controller- login method: Incorrect handling of Authoization level

[mlbriel]

Sessions_controller: login()

I see multiple version of this method depending on where I look.

The version in the master branch does not redirect the user to the correct page based on AuthorizationLevel. All users are incorrectly redirected to "\documents"

The version showing on the git-hub documentation page does correct redirection for Public, Student, and Teacher. However, the administrator is always sent to the teacher page rather than an admin specific one.

The master branch and the documentation page need to be the same.

[dmeese]

The deployed branch is release, not master.

\documents shows different things based on login context and the redirection back to documents is correct behavior. It's a safe landing page, and was picked because it's assumed that the viewer wants to see the content available to her. Even for admins, it's assumed that they want to see content, not users.

Every single view on the application is dynamically generated. Rails doesn't work in the way I think your are assuming it does.

[mlbriel]

There is no "deployed" branch that I can see. The version I am referring to has redirect_to '/documents' for all AuthorizationLevel values

[mlbriel]

Here is the code segment I am referring to:

if user && user.authenticate(params[:session][:password])

session[:remember_token] = user.id if user.authorizationlevel == 1 redirect_to '/documents' elsif user.authorizationlevel == 2 redirect_to '/documents' elsif user.authorizationlevel > 2 redirect_to '/documents' else redirect_to '/' end

It looks to me like all of the users get sent to the same page regardless of authorization level.

[dmeese]

The name of the branch is "Release", not "deployed", but it has the same code. It is left over from when we did it another way, and we haven't gotten around to refactoring it yet. Partially because we're considering using it as a framework for a future feature. We need to discuss it amopngst the team.

Thanks