class HomeController < ApplicationController before_filter :login, :except

1. class HomeController < ApplicationController
2.  
3. before_filter :login, :except => [:authenticate, :logout]
4.  
5. def initialize
6. @superadmins = ["mike","art"]
7. @regularadmins = ["jon"]
8. @superusers = ["cody","josh"]
9. @regularusers = ["patty"]
10. end
11.  
12. def index
13. case
14. when superadmin?(@myuser)
15. render superadmin
16. when regularadmin?(@myuser)
17. render regularadmin
18. when superuser?(@myuser) else
19. render regularuser
20. end
21. end
22.  
23. def login
24. # set the controller instance_var @myuser to the session[:user]
25. # if nil, create a new user object and
26. # store it in the controller instance_var @myuser
27. @myuser = session[:user] ? session[:user] : Myuser.new
28. if ! logged_in? then
29. login_form
30. end
31.  
32. end
33.  
34. def logout
35. session[:user] = nil
36. render :text =>"logged out"
37. end
38.  
39. def authenticate(user="test",password="testpass")
40. # If the @myuser controller instance_var is nil, then create a new
41. # use the Myuser model to create a new user if the user/pass pair is valid
42. # Myuser.authenticate returns nil if the pair is invalid
43. @myuser ||= Myuser.authenticate(user,password)
44. # for testing, lets set the instance_var to something specific
45. # @myuser.name = "mike"
46. session[:user] = @myuser
47. render :text => "Logged in"
48. end
49.  
50. protected
51.  
52. def logged_in?
53. # define a controller method to make working with the model easier.
54. # This also allows us to change the way we validate logged in
55. # thus abstracting it from the model.
56. # @muser should be a Myuser object
57. @myuser.logged_in?
58. end
59.  
60. def login_form
61. #We don't want to accidentally log the user out if they come to the login
62. #form inappropriately. We use ||= to accomplish this.
63. #Use = to force a logout
64. @myuser ||= Myuser.new
65. render :text => "Made it to the login form"
66. end
67.  
68. # user is a Myuser object
69. def superadmin?(user)
70. @superadmins.include?(user.name)
71. end
72.  
73. def regularadmin?(user)
74. @regularadmins.include?(user.name)
75. end
76.  
77. def superuser?(user)
78. @superusers.include?(user.name)
79. end
80.  
81. def regularuser?(user)
82. @regularusers.include?(user.name)
83. end
84.  
85. def superadmin
86. render :text => "You are a super admin!"
87. end
88.  
89. def regularadmin
90. render :text => "You are an admin."
91. end
92.  
93. def superuser
94. render :text => "Just below admin status"
95. end
96.  
97. def regularuser
98. render :text => "Hello use end
99. end
100.  
101.  
102. end
103.  
104. class Myuser < ActiveRecord::Base
105. attr_accessor :logged_in, :name
106.  
107. def initialize
108. @logged_in = false
109. end
110.  
111. def logged_in?
112. @logged_in
113. end
114.  
115. def self.authenticate(user="",password="")
116. user = self.new
117. # we are just setting the user true because we haven't done the real
118. # authentication routine
119. user.logged_in = true
120. # We want to be sure that the user object is returned so is reference
121. # it as the last entry.
122. # The current thinking is to return nil if the user cannot authenticate
123. user
124. end
125.  
126. end