| Module | AuthenticatedSystem |
| In: |
lib/authenticated_system.rb
|
Inclusion hook to make current_user and logged_in? available as ActionView helper methods.
# File lib/authenticated_system.rb, line 117
117: def self.included(base)
118: base.send :helper_method, :current_user, :logged_in?, :is_admin? #, :can_edit_info?, :can_create_info?
119: end
Redirect as appropriate when an access request fails.
The default action is to redirect to the login screen.
Override this method in your controllers if you want to have special behavior in case the user is not authorized to access the requested action. For example, a popup window might simply close itself.
# File lib/authenticated_system.rb, line 63
63: def access_denied
64: # respond_to do |format|
65: # format.html do
66: # store_location
67: # redirect_to new_session_path
68: # end
69: # format.any do
70: # request_http_basic_authentication 'Web Password'
71: # end
72: # end
73: # HTTP_ACCEPT header IE7 sends is anything but HTML, so it propts the http basic authentication
74: # instead of redirect to login. This is a temporary hack
75: store_location
76: # respond_to do |format|
77: # format.js do
78: # render :update do |page|
79: # page.redirect_to new_session_path
80: # end
81: # end
82: # format.any do
83: redirect_to new_session_path
84: # end
85: # end
86: end
# File lib/authenticated_system.rb, line 148
148: def admin_required
149: unless (logged_in? && is_admin?)
150: flash[:notice] = t('no_tienes_permiso')
151: access_denied
152: end
153: end
Check if the user is authorized
Override this method in your controllers if you want to restrict access to only a few actions or if you want to check if the user has the correct rights.
Example:
# only allow nonbobs def authorized? current_user.login != "bob" end
# File lib/authenticated_system.rb, line 33
33: def authorized?
34: logged_in?
35: end
Accesses the current user from the session. Set it to :false if login fails so that future calls do not hit the database.
# File lib/authenticated_system.rb, line 11
11: def current_user
12: @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie || :false)
13: end
Store the given user id in the session.
# File lib/authenticated_system.rb, line 16
16: def current_user=(new_user)
17: session[:user_id] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
18: @current_user = new_user || :false
19: end
Esti
# File lib/authenticated_system.rb, line 144
144: def is_admin?
145: logged_in? && current_user.is_admin?
146: end
Returns true or false if the user is logged in. Preloads @current_user with the user model if they’re logged in.
# File lib/authenticated_system.rb, line 5 5: def logged_in? 6: current_user != :false 7: end
Called from current_user. Now, attempt to login by basic authentication information.
# File lib/authenticated_system.rb, line 127
127: def login_from_basic_auth
128: authenticate_with_http_basic do |username, password|
129: self.current_user = User.authenticate(username, password)
130: end
131: end
Called from current_user. Finaly, attempt to login by an expiring token in the cookie.
# File lib/authenticated_system.rb, line 134
134: def login_from_cookie
135: user = cookies[:auth_token] && User.find_by_remember_token(cookies[:auth_token])
136: if user && user.remember_token?
137: user.remember_me
138: cookies[:auth_token] = { :value => user.remember_token, :expires => user.remember_token_expires_at }
139: self.current_user = user
140: end
141: end
Called from current_user. First attempt to login by the user id stored in the session.
# File lib/authenticated_system.rb, line 122
122: def login_from_session
123: self.current_user = User.find(session[:user_id]) if session[:user_id]
124: end
Filter method to enforce a login requirement.
To require logins for all actions, use this in your controllers:
before_filter :login_required
To require logins for specific actions, use this in your controllers:
before_filter :login_required, :only => [ :edit, :update ]
To skip this in a subclassed controller:
skip_before_filter :login_required
# File lib/authenticated_system.rb, line 51
51: def login_required
52: authorized? || access_denied
53: end
Redirect to the URI stored by the most recent store_location call or to the passed default.
# File lib/authenticated_system.rb, line 110
110: def redirect_back_or_default(default)
111: redirect_to(params[:return_to] || session[:return_to] || default)
112: session[:return_to] = nil
113: end
Store the URI of the current request in the session.
We can return to this location by calling redirect_back_or_default.
# File lib/authenticated_system.rb, line 91
91: def store_location
92: # if request.request_uri.match(/(update_nota_bloque|update_nota_item|update_nota_padres_item|update_obs_bloque|update_obs_padres_bloque)/)
93: # # Si se intenta ir a estas acciones directamente despues del login da error
94: # # porque no pasa los parametros, pero el usuario no se da cuenta porque es XHR, por eso
95: # # guardamos en la session la pantalla anterior
96: # session[:return_to] = request.env['HTTP_REFERER']
97: # else
98: session[:return_to] = request.request_uri
99: # end
100: end