changeset 7: | ac1024130232 |
author: | moriq@moriq.com |
date: | Wed Mar 05 03:57:54 2008 +0900 (16 years ago) |
permissions: | -rw-r--r-- |
description: | generate authenticated again. mercurial import したときに db/migrate lib が消えてた。orz |
1module AuthenticatedSystem2 protected3 # Returns true or false if the user is logged in.4 # Preloads @current_user with the user model if they're logged in.5 def logged_in?6 current_user != :false7 end89 # Accesses the current user from the session. Set it to :false if login fails10 # so that future calls do not hit the database.11 def current_user12 @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie || :false)13 end1415 # Store the given user id in the session.16 def current_user=(new_user)17 session[:user_id] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id18 @current_user = new_user || :false19 end2021 # Check if the user is authorized22 #23 # Override this method in your controllers if you want to restrict access24 # to only a few actions or if you want to check if the user25 # has the correct rights.26 #27 # Example:28 #29 # # only allow nonbobs30 # def authorized?31 # current_user.login != "bob"32 # end33 def authorized?34 logged_in?35 end3637 # Filter method to enforce a login requirement.38 #39 # To require logins for all actions, use this in your controllers:40 #41 # before_filter :login_required42 #43 # To require logins for specific actions, use this in your controllers:44 #45 # before_filter :login_required, :only => [ :edit, :update ]46 #47 # To skip this in a subclassed controller:48 #49 # skip_before_filter :login_required50 #51 def login_required52 authorized? || access_denied53 end5455 # Redirect as appropriate when an access request fails.56 #57 # The default action is to redirect to the login screen.58 #59 # Override this method in your controllers if you want to have special60 # behavior in case the user is not authorized61 # to access the requested action. For example, a popup window might62 # simply close itself.63 def access_denied64 respond_to do |format|65 format.html do66 store_location67 redirect_to new_session_path68 end69 format.any do70 request_http_basic_authentication 'Web Password'71 end72 end73 end7475 # Store the URI of the current request in the session.76 #77 # We can return to this location by calling #redirect_back_or_default.78 def store_location79 session[:return_to] = request.request_uri80 end8182 # Redirect to the URI stored by the most recent store_location call or83 # to the passed default.84 def redirect_back_or_default(default)85 redirect_to(session[:return_to] || default)86 session[:return_to] = nil87 end8889 # Inclusion hook to make #current_user and #logged_in?90 # available as ActionView helper methods.91 def self.included(base)92 base.send :helper_method, :current_user, :logged_in?93 end9495 # Called from #current_user. First attempt to login by the user id stored in the session.96 def login_from_session97 self.current_user = User.find_by_id(session[:user_id]) if session[:user_id]98 end99100 # Called from #current_user. Now, attempt to login by basic authentication information.101 def login_from_basic_auth102 authenticate_with_http_basic do |username, password|103 self.current_user = User.authenticate(username, password)104 end105 end106107 # Called from #current_user. Finaly, attempt to login by an expiring token in the cookie.108 def login_from_cookie109 user = cookies[:auth_token] && User.find_by_remember_token(cookies[:auth_token])110 if user && user.remember_token?111 user.remember_me112 cookies[:auth_token] = { :value => user.remember_token, :expires => user.remember_token_expires_at }113 self.current_user = user114 end115 end116end