module Hobo::Controller::AuthenticationSupport

Public Instance Methods

authorized?() click to toggle source

Check if the user is authorized.

Override this method in your controllers if you want to restrict access to only a few actions or if you want to check if the user has the correct rights.

Example:

# only allow nonbobs
def authorize?
  current_user.login != "bob"
end
# File lib/hobo/controller/authentication_support.rb, line 23
def authorized?
  true
end
logged_in?() click to toggle source

Filter method to enforce a login requirement.

# File lib/hobo/controller/authentication_support.rb, line 6
def logged_in?
  not current_user.guest?
end
login_required(user_model=nil) click to toggle source

To require logins for all actions, use this in your controllers:

before_filter :login_required

To require logins for specific actions, use this in your controllers:

before_filter :login_required, :only => [ :edit, :update ]

To skip this in a subclassed controller:

skip_before_filter :login_required
# File lib/hobo/controller/authentication_support.rb, line 40
def login_required(user_model=nil)
  auth_model = user_model || Hobo::Model::UserBase.default_user_model
  if current_user.guest?
    username, passwd = get_auth_data
    self.current_user = auth_model.authenticate(username, passwd) || nil if username && passwd && auth_model
  end
  if logged_in? && authorized? && (user_model.nil? || current_user.is_a?(user_model))
    true
  else
    access_denied(auth_model)
  end
end
redirect_back_or_default(default) click to toggle source

Redirect to the URI stored by the most recent #store_location call or to the passed default.

# File lib/hobo/controller/authentication_support.rb, line 63
def redirect_back_or_default(default)
  session[:return_to] ? redirect_to(session[:return_to]) : redirect_to(default)
  session[:return_to] = nil
end
store_location() click to toggle source

Store the URI of the current request in the session.

We can return to this location by calling redirect_back_or_default.

# File lib/hobo/controller/authentication_support.rb, line 57
def store_location
  session[:return_to] = request.fullpath
end