def login # Check that the use is not already logged in unless session

1. def login
2. # Check that the use is not already logged in
3. unless session[:rbac_user].nil?
4. redirect_with_notice_or_render 'You are already logged in.',
5. 'active_rbac/login/already_logged_in'
6. return
7. end
8.  
9. # Set the location to redirect to in the session if it was passed in through
10. # a parameter and none is stored in the session.
11. if session[:return_to].nil? and !params[:return_to].nil?
12. session[:return_to] = params[:return_to]
13. end
14.  
15. # Simply render the login form on everything but POST.
16. logger.info "Log: " + request.method.to_s
17. return unless request.method == :post
18.  
19. # Handle the login request otherwise.
20. @errors = Array.new
21.  
22. # If login or password is missing, we can stop processing right away.
23. raise ActiveRecord::RecordNotFound if params[:login].to_s.empty? or params[:password].to_s.empty?
24.  
25. # Try to log the user in.
26. user = User.find_with_credentials(params[:login], params[:password])
27.  
28. # Check whether a user with these credentials could be found.
29. raise ActiveRecord::RecordNotFound unless not user.nil?
30.  
31. # Check that the user has the correct state
32. raise ActiveRecord::RecordNotFound unless User.state_allows_login?(user.state)
33.  
34. # Write the user into the session object.
35. write_user_to_session(user)
36.  
37. session[:return_to] = '/articles'
38.  
39. redirect_with_notice_or_render 'You have logged in successfully.',
40. 'active_rbac/login/login_success'
41. rescue ActiveRecord::RecordNotFound
42. # Add an error and let the action render normally.
43. @errors << 'Invalid user name or password!'
44. end
45.  
46. def redirect_with_notice_or_render(notice, template)
47. if session[:return_to].nil?
48. render :template => template
49. else
50. flash[:notice] = notice
51. redirect_to session[:return_to]
52. session[:return_to] = nil
53. end
54. end