module AuthenticatedSystem protected # Returns true or false if the user

1. module AuthenticatedSystem
2. protected
3. # Returns true or false if the user is logged in.
4. # Preloads @current_user with the user model if they're logged in.
5. def logged_in?
6. !!current_user
7. end
8.  
9. # Accesses the current user from the session.
10. # Future calls avoid the database because nil is not equal to false.
11. def current_user
12. @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie) unless @current_user == false
13. end
14.  
15. # Store the given user id in the session.
16. def current_user=(new_user)
17. session[:user_id] = new_user ? new_user.id : nil
18. @current_user = new_user || false
19. end
20.  
21. # Check if the user is authorized
22. #
23. # Override this method in your controllers if you want to restrict access
24. # to only a few actions or if you want to check if the user
25. # has the correct rights.
26. #
27. # Example:
28. #
29. # # only allow nonbobs
30. # def authorized?
31. # current_user.login != "bob"
32. # end
33. def privilege_required(privilege)
34. authorized?(privilege) || access_denied
35. end
36. def authorized?(privilege)
37. user_privleges.include?(Privilege.find_by_name(privilege))
38. end
39.  
40.  
41. # Filter method to enforce a login requirement.
42. #
43. # To require logins for all actions, use this in your controllers:
44. #
45. # before_filter :login_required
46. #
47. # To require logins for specific actions, use this in your controllers:
48. #
49. # before_filter :login_required, :only => [ :edit, :update ]
50. #
51. # To skip this in a subclassed controller:
52. #
53. # skip_before_filter :login_required
54. #
55. def login_required
56. logged_in? || access_denied
57. end
58.  
59. # Redirect as appropriate when an access request fails.
60. #
61. # The default action is to redirect to the login screen.
62. #
63. # Override this method in your controllers if you want to have special
64. # behavior in case the user is not authorized
65. # to access the requested action. For example, a popup window might
66. # simply close itself.
67. def access_denied
68. respond_to do |format|
69. format.html do
70. store_location
71. redirect_to new_session_path
72. end
73. format.any do
74. request_http_basic_authentication 'Contrasena de Web'
75. end
76. end
77. end
78.  
79. # Store the URI of the current request in the session.
80. #
81. # We can return to this location by calling #redirect_back_or_default.
82. def store_location
83. session[:return_to] = request.request_uri
84. end
85.  
86. # Redirect to the URI stored by the most recent store_location call or
87. # to the passed default.
88. def redirect_back_or_default(default)
89. redirect_to(session[:return_to] || default)
90. session[:return_to] = nil
91. end
92.  
93. # Inclusion hook to make #current_user and #logged_in?
94. # available as ActionView helper methods.
95. def self.included(base)
96. base.send :helper_method, :current_user, :logged_in?
97. end
98.  
99. # Called from #current_user. First attempt to login by the user id stored in the session.
100. def login_from_session
101. self.current_user = User.find_by_id(session[:user_id]) if session[:user_id]
102. end
103.  
104. # Called from #current_user. Now, attempt to login by basic authentication information.
105. def login_from_basic_auth
106. authenticate_with_http_basic do |username, password|
107. self.current_user = User.authenticate(username, password)
108. end
109. end
110.  
111. # Called from #current_user. Finaly, attempt to login by an expiring token in the cookie.
112. def login_from_cookie
113. user = cookies[:auth_token] && User.find_by_remember_token(cookies[:auth_token])
114. if user && user.remember_token?
115. cookies[:auth_token] = { :value => user.remember_token, :expires => user.remember_token_expires_at }
116. self.current_user = user
117. end
118. end
119. end