+++ /dev/null
-module LoginEngine
- module AuthenticatedSystem
-
- protected
-
- # overwrite this if you want to restrict access to only a few actions
- # or if you want to check if the user has the correct rights
- # example:
- #
- # # only allow nonbobs
- # def authorize?(user)
- # user.login != "bob"
- # end
- def authorize?(user)
- true
- end
-
- # overwrite this method if you only want to protect certain actions of the controller
- # example:
- #
- # # don't protect the login and the about method
- # def protect?(action)
- # if ['action', 'about'].include?(action)
- # return false
- # else
- # return true
- # end
- # end
- def protect?(action)
- true
- end
-
- # login_required filter. add
- #
- # before_filter :login_required
- #
- # if the controller should be under any rights management.
- # for finer access control you can overwrite
- #
- # def authorize?(user)
- #
- def login_required
- if not protect?(action_name)
- return true
- end
-
- if user? and authorize?(session[:user])
- return true
- end
-
- # store current location so that we can
- # come back after the user logged in
- store_location
-
- # call overwriteable reaction to unauthorized access
- access_denied
- end
-
- # overwrite if you want to have special behavior in case the user is not authorized
- # to access the current operation.
- # the default action is to redirect to the login screen
- # example use :
- # a popup window might just close itself for instance
- def access_denied
- redirect_to :controller => "/user", :action => "login"
- end
-
- # store current uri in the session.
- # we can return to this location by calling return_location
- def store_location
- session['return-to'] = request.request_uri
- end
-
- # move to the last store_location call or to the passed default one
- def redirect_to_stored_or_default(default=nil)
- if session['return-to'].nil?
- redirect_to default
- else
- redirect_to_url session['return-to']
- session['return-to'] = nil
- end
- end
-
- def redirect_back_or_default(default=nil)
- if request.env["HTTP_REFERER"].nil?
- redirect_to default
- else
- redirect_to(request.env["HTTP_REFERER"]) # same as redirect_to :back
- end
- end
-
- def user?
- # First, is the user already authenticated?
- return true if not session[:user].nil?
-
- # If not, is the user being authenticated by a token?
- id = params[:user_id]
- key = params[:key]
- if id and key
- session[:user] = User.authenticate_by_token(id, key)
- return true if not session[:user].nil?
- end
-
- # Everything failed
- return false
- end
-
- # Returns the current user from the session, if any exists
- def current_user
- session[:user]
- end
- end
-end