| blob | 49b2377d0f4388dd3e7541450aca81ad3324828b |
2 <!DOCTYPE html
3 PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
7 <head>
13 // <![CDATA[
15 function popupCode( url ) {
16 window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
17 }
19 function toggleCode( id ) {
20 if ( document.getElementById )
21 elem = document.getElementById( id );
22 else if ( document.all )
23 elem = eval( "document.all." + id );
24 else
25 return false;
27 elemStyle = elem.style;
29 if ( elemStyle.display != "block" ) {
30 elemStyle.display = "block"
31 } else {
32 elemStyle.display = "none"
33 }
35 return true;
36 }
38 // Make codeblocks hidden by default
41 // ]]>
42 </script>
44 </head>
45 <body>
54 </tr>
57 <td>
59 lib/authenticated_system.rb
60 </a>
61 <br />
62 </td>
63 </tr>
65 </table>
66 </div>
67 <!-- banner header -->
77 </div>
94 </div>
95 </div>
97 </div>
100 <!-- if includes -->
111 <!-- if method_list -->
121 </a>
122 </div>
125 <p>
126 Inclusion hook to make <a
129 ActionView helper methods.
130 </p>
134 <pre>
136 106: <span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">included</span>(<span class="ruby-identifier">base</span>)
137 107: <span class="ruby-identifier">base</span>.<span class="ruby-identifier">send</span> <span class="ruby-identifier">:helper_method</span>, <span class="ruby-identifier">:current_user</span>, <span class="ruby-identifier">:logged_in?</span>, <span class="ruby-identifier">:offline?</span>
139 </pre>
140 </div>
141 </div>
142 </div>
152 </a>
153 </div>
156 <p>
157 Redirect as appropriate when an access request fails.
158 </p>
159 <p>
160 The default action is to redirect to the login screen.
161 </p>
162 <p>
163 Override this method in your controllers if you want to have special
164 behavior in case the user is not authorized to access the requested action.
165 For example, a popup window might simply close itself.
166 </p>
170 <pre>
173 76: <span class="ruby-identifier">respond_to</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">accepts</span><span class="ruby-operator">|</span>
174 77: <span class="ruby-identifier">accepts</span>.<span class="ruby-identifier">html</span> <span class="ruby-keyword kw">do</span>
176 79: <span class="ruby-identifier">redirect_to</span> <span class="ruby-identifier">:controller</span> =<span class="ruby-operator">></span> <span class="ruby-value str">'sessions'</span>, <span class="ruby-identifier">:action</span> =<span class="ruby-operator">></span> <span class="ruby-value str">'new'</span>
178 81: <span class="ruby-identifier">accepts</span>.<span class="ruby-identifier">xml</span> <span class="ruby-keyword kw">do</span>
179 82: <span class="ruby-identifier">headers</span>[<span class="ruby-value str">"Status"</span>] = <span class="ruby-value str">"Unauthorized"</span>
180 83: <span class="ruby-identifier">headers</span>[<span class="ruby-value str">"WWW-Authenticate"</span>] = <span class="ruby-value str">%(Basic realm="Web Password")</span>
181 84: <span class="ruby-identifier">render</span> <span class="ruby-identifier">:text</span> =<span class="ruby-operator">></span> <span class="ruby-value str">"Couldn't authenticate you"</span>, <span class="ruby-identifier">:status</span> =<span class="ruby-operator">></span> <span class="ruby-value str">'401 Unauthorized'</span>
186 </pre>
187 </div>
188 </div>
189 </div>
197 </a>
198 </div>
201 <p>
202 Check if the user is authorized.
203 </p>
204 <p>
205 Override this method in your controllers if you want to restrict access to
206 only a few actions or if you want to check if the user has the correct
207 rights.
208 </p>
209 <p>
210 Example:
211 </p>
212 <pre>
213 # only allow nonbobs
214 def authorize?
216 end
217 </pre>
221 <pre>
226 </pre>
227 </div>
228 </div>
229 </div>
237 </a>
238 </div>
241 <p>
242 Accesses the current user from the session.
243 </p>
247 <pre>
251 15: <span class="ruby-ivar">@current_user</span> <span class="ruby-operator">||=</span> <span class="ruby-constant">User</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">:first</span>) <span class="ruby-operator">||</span> <span class="ruby-identifier">:false</span>
253 17: <span class="ruby-ivar">@current_user</span> <span class="ruby-operator">||=</span> (<span class="ruby-identifier">session</span>[<span class="ruby-identifier">:user</span>] <span class="ruby-operator">&&</span> <span class="ruby-constant">User</span>.<span class="ruby-identifier">find_by_id</span>(<span class="ruby-identifier">session</span>[<span class="ruby-identifier">:user</span>])) <span class="ruby-operator">||</span> <span class="ruby-identifier">:false</span>
256 </pre>
257 </div>
258 </div>
259 </div>
267 </a>
268 </div>
271 <p>
272 Store the given user in the session.
273 </p>
277 <pre>
279 22: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">current_user=</span>(<span class="ruby-identifier">new_user</span>)
281 24: <span class="ruby-ivar">@current_user</span> = <span class="ruby-identifier">new_user</span>
283 26: <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:user</span>] = (<span class="ruby-identifier">new_user</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">new_user</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Symbol</span>)) <span class="ruby-operator">?</span> <span class="ruby-keyword kw">nil</span> <span class="ruby-operator">:</span> <span class="ruby-identifier">new_user</span>.<span class="ruby-identifier">id</span>
284 27: <span class="ruby-ivar">@current_user</span> = <span class="ruby-identifier">new_user</span>
287 </pre>
288 </div>
289 </div>
290 </div>
298 </a>
299 </div>
302 <p>
303 Returns true or false if the user is logged in. Preloads @<a
305 model if they’re logged in.
306 </p>
310 <pre>
313 9: <span class="ruby-identifier">current_user</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">:false</span>
315 </pre>
316 </div>
317 </div>
318 </div>
326 </a>
327 </div>
330 <p>
331 When called with before_filter :<a
333 for an :auth_token cookie and log the user back in if apropriate
334 </p>
338 <pre>
340 112: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">login_from_cookie</span>
341 113: <span class="ruby-keyword kw">return</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">cookies</span>[<span class="ruby-identifier">:auth_token</span>] <span class="ruby-operator">&&</span> <span class="ruby-operator">!</span><span class="ruby-identifier">logged_in?</span>
342 114: <span class="ruby-identifier">user</span> = <span class="ruby-constant">User</span>.<span class="ruby-identifier">find_by_remember_token</span>(<span class="ruby-identifier">cookies</span>[<span class="ruby-identifier">:auth_token</span>])
343 115: <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">user</span> <span class="ruby-operator">&&</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">remember_token?</span>
345 117: <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">current_user</span> = <span class="ruby-identifier">user</span>
346 118: <span class="ruby-identifier">cookies</span>[<span class="ruby-identifier">:auth_token</span>] = { <span class="ruby-identifier">:value</span> =<span class="ruby-operator">></span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">current_user</span>.<span class="ruby-identifier">remember_token</span> , <span class="ruby-identifier">:expires</span> =<span class="ruby-operator">></span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">current_user</span>.<span class="ruby-identifier">remember_token_expires_at</span> }
347 119: <span class="ruby-identifier">flash</span>[<span class="ruby-identifier">:notice</span>] = <span class="ruby-value str">"Logged in successfully"</span>
350 </pre>
351 </div>
352 </div>
353 </div>
361 </a>
362 </div>
365 <p>
366 Filter method to enforce a login requirement.
367 </p>
368 <p>
369 To require logins for all actions, use this in your controllers:
370 </p>
371 <pre>
372 before_filter :login_required
373 </pre>
374 <p>
375 To require logins for specific actions, use this in your controllers:
376 </p>
377 <pre>
378 before_filter :login_required, :only => [ :edit, :update ]
379 </pre>
380 <p>
381 To skip this in a subclassed controller:
382 </p>
383 <pre>
384 skip_before_filter :login_required
385 </pre>
389 <pre>
391 61: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">login_required</span>
392 62: <span class="ruby-identifier">username</span>, <span class="ruby-identifier">passwd</span> = <span class="ruby-identifier">get_auth_data</span>
393 63: <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">current_user</span> <span class="ruby-operator">||=</span> <span class="ruby-constant">User</span>.<span class="ruby-identifier">authenticate</span>(<span class="ruby-identifier">username</span>, <span class="ruby-identifier">passwd</span>) <span class="ruby-operator">||</span> <span class="ruby-identifier">:false</span> <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">username</span> <span class="ruby-operator">&&</span> <span class="ruby-identifier">passwd</span>
394 64: <span class="ruby-identifier">logged_in?</span> <span class="ruby-operator">&&</span> <span class="ruby-identifier">authorized?</span> <span class="ruby-value">? </span><span class="ruby-keyword kw">true</span> <span class="ruby-operator">:</span> <span class="ruby-identifier">access_denied</span>
396 </pre>
397 </div>
398 </div>
399 </div>
407 </a>
408 </div>
414 <pre>
417 4: (<span class="ruby-constant">ENV</span>[<span class="ruby-value str">'OFFLINE_MODE'</span>]) <span class="ruby-operator">?</span> (<span class="ruby-constant">ENV</span>[<span class="ruby-value str">'OFFLINE_MODE'</span>] <span class="ruby-operator">==</span> <span class="ruby-value str">'true'</span>) <span class="ruby-operator">:</span> <span class="ruby-keyword kw">false</span>
419 </pre>
420 </div>
421 </div>
422 </div>
429 <span class="method-name">redirect_back_or_default</span><span class="method-args">(default)</span>
430 </a>
431 </div>
434 <p>
435 Redirect to the URI stored by the most recent <a
437 passed default.
438 </p>
442 <pre>
444 99: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">redirect_back_or_default</span>(<span class="ruby-identifier">default</span>)
445 100: <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:return_to</span>] <span class="ruby-operator">?</span> <span class="ruby-identifier">redirect_to</span>(<span class="ruby-identifier">session</span>[<span class="ruby-identifier">:return_to</span>]) <span class="ruby-operator">:</span> <span class="ruby-identifier">redirect_to</span>(<span class="ruby-identifier">default</span>)
446 101: <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:return_to</span>] = <span class="ruby-keyword kw">nil</span>
448 </pre>
449 </div>
450 </div>
451 </div>
459 </a>
460 </div>
463 <p>
464 Store the URI of the current request in the session.
465 </p>
466 <p>
467 We can return to this location by calling <a
469 </p>
473 <pre>
475 93: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">store_location</span>
476 94: <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:return_to</span>] = <span class="ruby-identifier">request</span>.<span class="ruby-identifier">request_uri</span>
478 </pre>
479 </div>
480 </div>
481 </div>
484 </div>
487 </div>
492 </div>
494 </body>
495 </html>