gumayunov · March 8, 2009 13:37
diff --git a/application.rb b/application.rb
 class ApplicationController < ActionController::Base
  helper :all # include all helpers, all the time

  # See ActionController::RequestForgeryProtection for details
  # Uncomment the :secret if you're not using the cookie session store
  protect_from_forgery # :secret => 'f581bdec8b45bf4e586ade3d71e25b70'
  
  # See ActionController::Base for details 
  # Uncomment this to filter the contents of submitted sensitive data parameters
  # from your application log (in this case, all fields with names like "password"). 
  # filter_parameter_logging :password
  
  filter_parameter_logging :password, :confirm_password
  helper_method :logged_as?, :logged_in?, :authorized?, :if_authorized?
  helper_method :current_user_session, :current_user, :current_user_follows

  private

  def page_404
    respond_to do |format|
      format.html { render :file=>'public/404.html', :status => 404 }
      format.js { render :text => "", :status => 404 }
    end
  end

  def access_restricted(message = nil)
    #FIXME: do preper action when access is restricted
    respond_to do |format|
      format.html do
        flash[:error] = "Неавторизованный доступ."
        redirect_to home_url
      end
      format.xml  { render :status => 403}
      format.js   { render :text => "", :status => 403 }
    end
    
  end

  def current_user_session
    return @current_user_session if defined?(@current_user_session)
    @current_user_session = UserSession.find
  end

  def current_user
    return @current_user if defined?(@current_user)
    @current_user = current_user_session && current_user_session.user
  end

  def current_user_follows
    current_user.follows
  end

  def logged_in?
    !current_user.nil?
  end

  def logged_as?(user)
    current_user && current_user.id == user.id
  end

  def if_authorized?(action, resource = nil, &block)
    if authorized?(action, resource)
      yield action, resource
    end
  end

  def authorized?(action, resource = nil)
    logged_in?
  end

  def require_user
    unless current_user
      #store_location
      flash[:error] = "Для доступа нужно указать логин и пароль"
      redirect_to new_session_url
      return false
    end
  end

  def require_no_user
    if current_user
      #store_location
      flash[:error] = "Для доступа необходимо выйти"
      redirect_to account_url
      return false
    end
  end
  
  def require_admin
    unless current_user && current_user.admin?
      redirect_to home_path
      return false
    end
  end

  #def store_location
  #  session[:return_to] = request.request_uri
  #end

  def redirect_back_or_default(default)
    redirect_to(session[:return_to] || default)
    session[:return_to] = nil
  end
  
 end
diff --git a/routes.rb b/routes.rb
 ActionController::Routing::Routes.draw do |map|

  map.resource :session, :controller => "user_sessions"
  map.resources :password_resets,  :only => [:new, :create, :update, :edit]

  map.resource :account, :controller => "users"

  #map.home '/', :controller => '', :action => ''

  map.connect ':controller/:action/:id'
  map.connect ':controller/:action/:id.:format'
 end
diff --git a/user_session.rb b/user_session.rb
 class UserSession < Authlogic::Session::Base
    find_with [:params, :session, :cookie]
 end
diff --git a/users.rb b/users.rb
 class User < ActiveRecord::Base

  acts_as_authentic_with_config(

    :login_field_validates_length_of_options => { :within => 2..32, :message => "Логин не должен быть короче двух символов" },
    :login_field_validates_format_of_options => { :with => /^[A-Za-z0-9\_\-\@]+$/, :message => "Используйте только латинские буквы, цифры и символы -_@" },

    :email_field_validates_format_of_options => { :message => "Не похож на e-mail" },
    :email_field_validates_length_of_options => { :within => 2..32, :message => "Не похоже на e-mail" },
    :email_field_validates_uniqueness_of_options => { :message => "Уже занят" },

    :password_field_validates_length_of_options => { :message => "Пароль должен быть длиннее 4х символов", :minimum => 4},
    :password_field_validates_confirmation_of_options => {:message => "Пароль для проверки не совпадает"},
    :password_confirmation_field_validates_presence_of_options => {:message => "Не указан пароль для проверки"},

    :old_password_did_not_match_message => "Неправильный старый пароль"
  )


  attr_accessor :old_password

  validates_each :old_password,
                 :on => :update, :if => :crypted_password_changed? do |record, attr, old_password|
    unless (old_password.nil? || record.valid_old_password?(old_password))
      record.errors.add attr, self.acts_as_authentic_config[:old_password_did_not_match_message]
    end
  end

  def valid_old_password?(old_password)
    params = [crypted_password_was, old_password, password_salt_was]
    self.class.acts_as_authentic_config[:crypto_provider].matches?(*params)
  end

  def deliver_password_reset_instructions!
    reset_perishable_token!
    Notifier.deliver_password_reset_instructions(self)
  end

 end
	class ApplicationController < ActionController::Base
	helper :all # include all helpers, all the time

	# See ActionController::RequestForgeryProtection for details
	# Uncomment the :secret if you're not using the cookie session store
	protect_from_forgery # :secret => 'f581bdec8b45bf4e586ade3d71e25b70'

	# See ActionController::Base for details
	# Uncomment this to filter the contents of submitted sensitive data parameters
	# from your application log (in this case, all fields with names like "password").
	# filter_parameter_logging :password

	filter_parameter_logging :password, :confirm_password
	helper_method :logged_as?, :logged_in?, :authorized?, :if_authorized?
	helper_method :current_user_session, :current_user, :current_user_follows

	private

	def page_404
	respond_to do \|format\|
	format.html { render :file=>'public/404.html', :status => 404 }
	format.js { render :text => "", :status => 404 }
	end
	end

	def access_restricted(message = nil)
	#FIXME: do preper action when access is restricted
	respond_to do \|format\|
	format.html do
	flash[:error] = "Неавторизованный доступ."
	redirect_to home_url
	end
	format.xml { render :status => 403}
	format.js { render :text => "", :status => 403 }
	end

	end

	def current_user_session
	return @current_user_session if defined?(@current_user_session)
	@current_user_session = UserSession.find
	end

	def current_user
	return @current_user if defined?(@current_user)
	@current_user = current_user_session && current_user_session.user
	end

	def current_user_follows
	current_user.follows
	end

	def logged_in?
	!current_user.nil?
	end

	def logged_as?(user)
	current_user && current_user.id == user.id
	end

	def if_authorized?(action, resource = nil, &block)
	if authorized?(action, resource)
	yield action, resource
	end
	end

	def authorized?(action, resource = nil)
	logged_in?
	end

	def require_user
	unless current_user
	#store_location
	flash[:error] = "Для доступа нужно указать логин и пароль"
	redirect_to new_session_url
	return false
	end
	end

	def require_no_user
	if current_user
	#store_location
	flash[:error] = "Для доступа необходимо выйти"
	redirect_to account_url
	return false
	end
	end

	def require_admin
	unless current_user && current_user.admin?
	redirect_to home_path
	return false
	end
	end

	#def store_location
	# session[:return_to] = request.request_uri
	#end

	def redirect_back_or_default(default)
	redirect_to(session[:return_to] \|\| default)
	session[:return_to] = nil
	end

	end
	ActionController::Routing::Routes.draw do \|map\|

	map.resource :session, :controller => "user_sessions"
	map.resources :password_resets, :only => [:new, :create, :update, :edit]

	map.resource :account, :controller => "users"

	#map.home '/', :controller => '', :action => ''

	map.connect ':controller/:action/:id'
	map.connect ':controller/:action/:id.:format'
	end
	class UserSession < Authlogic::Session::Base
	find_with [:params, :session, :cookie]
	end
	class User < ActiveRecord::Base

	acts_as_authentic_with_config(

	:login_field_validates_length_of_options => { :within => 2..32, :message => "Логин не должен быть короче двух символов" },
	:login_field_validates_format_of_options => { :with => /^[A-Za-z0-9\_\-\@]+$/, :message => "Используйте только латинские буквы, цифры и символы -_@" },

	:email_field_validates_format_of_options => { :message => "Не похож на e-mail" },
	:email_field_validates_length_of_options => { :within => 2..32, :message => "Не похоже на e-mail" },
	:email_field_validates_uniqueness_of_options => { :message => "Уже занят" },

	:password_field_validates_length_of_options => { :message => "Пароль должен быть длиннее 4х символов", :minimum => 4},
	:password_field_validates_confirmation_of_options => {:message => "Пароль для проверки не совпадает"},
	:password_confirmation_field_validates_presence_of_options => {:message => "Не указан пароль для проверки"},

	:old_password_did_not_match_message => "Неправильный старый пароль"
	)


	attr_accessor :old_password

	validates_each :old_password,
	:on => :update, :if => :crypted_password_changed? do \|record, attr, old_password\|
	unless (old_password.nil? \|\| record.valid_old_password?(old_password))
	record.errors.add attr, self.acts_as_authentic_config[:old_password_did_not_match_message]
	end
	end

	def valid_old_password?(old_password)
	params = [crypted_password_was, old_password, password_salt_was]
	self.class.acts_as_authentic_config[:crypto_provider].matches?(*params)
	end

	def deliver_password_reset_instructions!
	reset_perishable_token!
	Notifier.deliver_password_reset_instructions(self)
	end

	end