Module UserSupport
In: lib/user_support.rb

UserSupport provides methods are intended to be included by ApplicationController to support the user system across the entire application. They are companions to the User model.

The HTTP authorization code is derived from an example published by Maximillian Dornseif at blogs.23.nu/c0re/stories/7409/ which was released for use under any license.

Methods

admin?   require_admin   require_login   user_setup  

Included Modules

Modal

Public Instance methods

admin?()

Return true if the currently-logged-in user is the administrator.

require_admin()

This is meant to be used as a before_filter. It requires an administrative login, putting up a login panel if the administrator isn’t currently logged in. Once the administrator logs in, it resumes the action it was protecting.

require_login()

This is meant to be used as a before_filter. It requires a login, putting up a login panel if the session isn’t currently logged in. Once a user logs in, it resumes the action it was protecting.

user_setup()

This is a before filter for the entire application, used to set up the current user from the session or from various forms of authentication. It’s mandiatory that your application declare this filter if it’s using the User model, as this is responsible for maintaining the application’s idea of the currently-logged-in user.

It will always return true, and thus will not block your actions. Use require_login or require_admin if you want to block actions.

This filter must be called before require_login, require_admin, security tests of ModelSecurity that are based on User, or anything that expects login information.

[Validate]