| Module | AuthenticatedSystem |
| In: |
lib/authenticated_system.rb
|
Inclusion hook to make current_user and logged_in? available as ActionView helper methods.
# File lib/authenticated_system.rb, line 115
115: def self.included(base)
116: base.send :helper_method, :current_user, :logged_in?
117: end
Redirect as appropriate when an access request fails.
The default action is to redirect to the login screen.
Override this method in your controllers if you want to have special behavior in case the user is not authorized to access the requested action. For example, a popup window might simply close itself.
# File lib/authenticated_system.rb, line 90
90: def access_denied
91: if logged_in?
92: flash[:warning] = 'You are not allowed to do that, you might need to log in as a different user'
93: else
94: flash[:warning] = 'You need to log in to be allowed to do that'
95: end
96: redirect_to :controller => '/users', :action => 'login'
97: end
Check if the user is authorized.
Override this method in your controllers if you want to restrict access to only a few actions or if you want to check if the user has the correct rights.
Example:
# only allow nonbobs def authorize?(user) user.login != "bob" end
# File lib/authenticated_system.rb, line 30
30: def authorized?(user)
31: true
32: end
Accesses the current user from the session.
# File lib/authenticated_system.rb, line 8
8: def current_user
9: @current_user ||= session[:user] ? User.find_by_id(session[:user]) : nil
10: end
Store the given user in the session.
# File lib/authenticated_system.rb, line 13
13: def current_user=(new_user)
14: session[:user] = new_user.nil? ? nil : new_user.id
15: @current_user = new_user
16: end
Filter method to enforce a login requirement.
To require logins for all actions, use this in your controllers:
before_filter :login_required
To require logins for specific actions, use this in your controllers:
before_filter :login_required, :only => [ :edit, :update ]
To skip this in a subclassed controller:
skip_before_filter :login_required
# File lib/authenticated_system.rb, line 67
67: def login_required
68: # Skip this filter if the requested action is not protected
69: return true unless protect?(action_name)
70:
71: # Check if user is logged in and authorized
72: return true if logged_in? and authorized?(current_user)
73:
74: # Store current location so that we can redirect back after login
75: store_location
76:
77: # Call access_denied for an appropriate redirect and stop the filter
78: # chain here
79: access_denied and return false
80: end
Check whether or not to protect an action.
Override this method in your controllers if you only want to protect certain actions.
Example:
# don't protect the login and the about method
def protect?(action)
if ['action', 'about'].include?(action)
return false
else
return true
end
end
# File lib/authenticated_system.rb, line 49
49: def protect?(action)
50: true
51: end
Redirect to the URI stored by the most recent store_location call or to the passed default.
# File lib/authenticated_system.rb, line 108
108: def redirect_back_or_default(default)
109: session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
110: session[:return_to] = nil
111: end
Store the URI of the current request in the session.
We can return to this location by calling redirect_back_or_default.
# File lib/authenticated_system.rb, line 102
102: def store_location
103: session[:return_to] = request.request_uri
104: end