zxiest · April 1, 2011 13:35
diff --git a/locations_controller.rb b/locations_controller.rb
 include LocationsHelper
 include SessionsHelper
  
 class LocationsController < ApplicationController
  before_filter :admin_user, :only => [:new, :create, :edit, :destroy]
  
  def new
  end
  
  def create
  end
  
 end
diff --git a/sessions_controller.rb b/sessions_controller.rb
 include SessionsHelper

 class SessionsController < ApplicationController
  def new
    @title = "Sign in"
 	
 	if !params[:flash].nil? && !params[:flash][:notice].nil?
 		flash.now[:notice] = params[:flash][:notice]
 	end
  end

  def create
    user = User.authenticate(params[:session][:email], params[:session][:password])
 	
    if (user.nil?)
      flash.now[:error] = "Invalid email/password combination"
      @title = "Sign in"
      render 'new'
    else
 		sign_in user
 		redirect_back_or root_path
    end
  end

  def destroy
    sign_out
    redirect_to root_path
  end
 end
diff --git a/sessions_helper.rb b/sessions_helper.rb
 module SessionsHelper
 	def sign_in(user)
 		cookies.permanent.signed[:remember_token] = [user.id, user.salt]
 		self.current_user = user
 	end
 	
 	def sign_out
 		cookies.delete(:remember_token)
 		self.current_user = nil
 	end
 	
 	def current_user?(user)
 		user == current_user
 	end
 	
 	def current_user
 		@current_user ||= user_from_remember_token
 	end
 	
 	def current_user=(user)
 		@current_user = user
 	end
 	
 	def signed_in?
 		!current_user.nil?
 	end
 	
 	def authenticate
 		deny_access unless signed_in?
 	end
 	
 	def deny_access
                store_location
 		notice =  current_user.nil?? "Please sign in to access this page" : "You must sign in as an admin to access this page"
 		redirect_to new_session_path(:flash => { :notice => notice } )
 	end
 	
 	def redirect_back_or(default)
 		redirect_to (session[:return_to] || default)
 		clear_return_to
 	end
 	
 	private
 		def user_from_remember_token
 			User.authenticate_with_salt(*remember_token)
 		end
 		
 		def remember_token
 			cookies.signed[:remember_token] || [nil, nil]
 		end
 		
 		def store_location
 			session[:return_to] = request.fullpath
 		end
 		
 		def clear_return_to
 			logger.debug "CLEARING SESSION RETURN TO"
 			session[:return_to] = nil
 		end
 		
 		def admin_user
 			if current_user.nil? || !current_user.admin?
 				deny_access 
 			end
 		end
 end
	include LocationsHelper
	include SessionsHelper

	class LocationsController < ApplicationController
	before_filter :admin_user, :only => [:new, :create, :edit, :destroy]

	def new
	end

	def create
	end

	end
	include SessionsHelper

	class SessionsController < ApplicationController
	def new
	@title = "Sign in"

	if !params[:flash].nil? && !params[:flash][:notice].nil?
	flash.now[:notice] = params[:flash][:notice]
	end
	end

	def create
	user = User.authenticate(params[:session][:email], params[:session][:password])

	if (user.nil?)
	flash.now[:error] = "Invalid email/password combination"
	@title = "Sign in"
	render 'new'
	else
	sign_in user
	redirect_back_or root_path
	end
	end

	def destroy
	sign_out
	redirect_to root_path
	end
	end
	module SessionsHelper
	def sign_in(user)
	cookies.permanent.signed[:remember_token] = [user.id, user.salt]
	self.current_user = user
	end

	def sign_out
	cookies.delete(:remember_token)
	self.current_user = nil
	end

	def current_user?(user)
	user == current_user
	end

	def current_user
	@current_user \|\|= user_from_remember_token
	end

	def current_user=(user)
	@current_user = user
	end

	def signed_in?
	!current_user.nil?
	end

	def authenticate
	deny_access unless signed_in?
	end

	def deny_access
	store_location
	notice = current_user.nil?? "Please sign in to access this page" : "You must sign in as an admin to access this page"
	redirect_to new_session_path(:flash => { :notice => notice } )
	end

	def redirect_back_or(default)
	redirect_to (session[:return_to] \|\| default)
	clear_return_to
	end

	private
	def user_from_remember_token
	User.authenticate_with_salt(*remember_token)
	end

	def remember_token
	cookies.signed[:remember_token] \|\| [nil, nil]
	end

	def store_location
	session[:return_to] = request.fullpath
	end

	def clear_return_to
	logger.debug "CLEARING SESSION RETURN TO"
	session[:return_to] = nil
	end

	def admin_user
	if current_user.nil? \|\| !current_user.admin?
	deny_access
	end
	end
	end