Changesets can be listed by changeset number.
The Git repository is here.
- Revision:
- 206
- Log:
Initial import of Gullery, an open source photo gallery:
http://nubyonrails.com/pages/gullery
- Author:
- rool
- Date:
- Sun May 20 19:05:59 +0100 2007
- Size:
- 3049 Bytes
1 | module AuthenticatedSystem |
2 | |
3 | protected |
4 | |
5 | def logged_in? |
6 | current_user.nil? ? false : true |
7 | end |
8 | |
9 | # accesses the current user from the session. |
10 | # overwrite this to set how the current user is retrieved from the session. |
11 | # To store just the whole user model in the session: |
12 | # |
13 | # def current_user |
14 | # session[:user] |
15 | # end |
16 | # |
17 | def current_user |
18 | @current_user ||= session[:user] ? User.find_by_id(session[:user]) : nil |
19 | end |
20 | |
21 | # store the given user in the session. overwrite this to set how |
22 | # users are stored in the session. To store the whole user model, do: |
23 | # |
24 | # def current_user=(new_user) |
25 | # session[:user] = new_user |
26 | # end |
27 | # |
28 | def current_user=(new_user) |
29 | session[:user] = new_user.nil? ? nil : new_user.id |
30 | @current_user = new_user |
31 | end |
32 | |
33 | # overwrite this if you want to restrict access to only a few actions |
34 | # or if you want to check if the user has the correct rights |
35 | # example: |
36 | # |
37 | # # only allow nonbobs |
38 | # def authorize?(user) |
39 | # user.login != "bob" |
40 | # end |
41 | def authorized?(user) |
42 | true |
43 | end |
44 | |
45 | # overwrite this method if you only want to protect certain actions of the controller |
46 | # example: |
47 | # |
48 | # # don't protect the login and the about method |
49 | # def protect?(action) |
50 | # if ['action', 'about'].include?(action) |
51 | # return false |
52 | # else |
53 | # return true |
54 | # end |
55 | # end |
56 | def protect?(action) |
57 | true |
58 | end |
59 | |
60 | # To require logins, use: |
61 | # |
62 | # before_filter :login_required # restrict all actions |
63 | # before_filter :login_required, :only => [:edit, :update] # only restrict these actions |
64 | # |
65 | # To skip this in a subclassed controller: |
66 | # |
67 | # skip_before_filter :login_required |
68 | # |
69 | def login_required |
70 | # skip login check if action is not protected |
71 | return true unless protect?(action_name) |
72 | |
73 | # check if user is logged in and authorized |
74 | return true if logged_in? and authorized?(current_user) |
75 | |
76 | # store current location so that we can |
77 | # come back after the user logged in |
78 | store_location |
79 | |
80 | # call overwriteable reaction to unauthorized access |
81 | access_denied and return false |
82 | end |
83 | |
84 | # overwrite if you want to have special behavior in case the user is not authorized |
85 | # to access the current operation. |
86 | # the default action is to redirect to the login screen |
87 | # example use : |
88 | # a popup window might just close itself for instance |
89 | def access_denied |
90 | redirect_to :controller=>"/account", :action =>"login" |
91 | end |
92 | |
93 | # store current uri in the session. |
94 | # we can return to this location by calling return_location |
95 | def store_location |
96 | session[:return_to] = request.request_uri |
97 | end |
98 | |
99 | # move to the last store_location call or to the passed default one |
100 | def redirect_back_or_default(default) |
101 | session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default) |
102 | session[:return_to] = nil |
103 | end |
104 | |
105 | # adds ActionView helper methods |
106 | def self.included(base) |
107 | base.send :helper_method, :current_user, :logged_in? |
108 | end |
109 | end |