class ApplicationController < ActionController::Base before_filter :get_user

1. class ApplicationController < ActionController::Base
2. before_filter :get_user
3.  
4.  
5. protected
6. def get_user
7. @current_user = User.find(session[:user_id]) if session[:user_id]
8. end
9.  
10. def requires_login
11. unless @current_user
12. redirect_to :controller => :login
13. return false
14. end
15. end
16.  
17. def requires_admin
18. unless @current_user && @current_user.admin_role
19. redirect_to :controller => :questions
20. flash[:error] = "Admin Required."
21. end
22. end
23. end
24.  
25.  
26.  
27. class LoginController < ApplicationController
28.  
29. def index
30. # This renders a form, and has it post to authorize action
31. end
32.  
33. def authorize
34. session[:user_id] = nil
35. user = User.authenticate(@params["name"], @params["password"])
36.  
37. if user
38. session[:user_id] = user.id
39.  
40. redirect_to :controller => "Questions"
41.  
42. else
43. flash[:error] = 'Invalid user name and/or password.'
44. redirect_to :action => "index"
45. end
46. end
47.  
48. def new
49.  
50. end
51.  
52.  
53. # I'd comment this all out for now
54. def register
55. if (@params["name"]!='' && @params["password"]!='')
56. if !User.checkAvailability(@params["name"])
57.  
58. @user = User.new
59. @user.user_name = @params["name"]
60. @user.password = @params["password"]
61. @user.admin_role= 0
62. if @user.save
63. session[:user_id] = @user.id
64. redirect_to :controller => "Questions"
65. else
66. flash[:error] = 'Problem creating user, please try again'
67. redirect_to :action => "new"
68. end
69. else
70. flash[:error] = 'User name already exists.'
71. redirect_to :action => "new"
72. end
73. else
74. flash[:error] = 'Please make sure you have entered all parameters.'
75. redirect_to :action => "new"
76. end
77. end
78.  
79.  
80. def logout
81. reset_session
82. flash["alert"] = "Logged out"
83. redirect_to :action => :index
84. end
85. end
86.  
87.  
88.  
89.  
90. class QuestionsController < ApplicationController
91. before_filter :requires_login
92. before_filter :requires_admin, :only => [:edit]
93.  
94. def index
95. # show the secret stuff
96. end
97.  
98. def back
99. redirect_to :action => "index"
100. end
101.  
102.  
103. def edit
104. @question = Question.find(@params["id"])
105.  
106. unless @question
107. flash[:error] = 'The question ID does not exist.'
108. redirect_to :action => "index"
109. return false
110. end
111. end
112.  
113.  
114. def find
115. redirect_to :action => "index"
116. end
117.  
118. def make
119.  
120. end
121.  
122. def update
123. @question = Question.find(@params["id"])
124. @question.question = @params["question"]
125. @question.answer = @params["answer"]
126.  
127. if @question.save
128. flash[:error] = 'Update Successful'
129. redirect_to :action => "index"
130. else
131. flash[:error] = 'Problem updating question, please try again'
132. redirect_to :action => "index"
133. end
134.  
135. rescue Exception => exc
136. flash[:error] = 'The question ID does not exist.'
137. redirect_to :action => "index"
138. end
139.  
140.  
141.  
142. end
143.  
144.  
145.  
146.  
147. # This class represents the user table in the database
148. # Table has five fields: id, admin_role, user_name, password
149.  
150. class User < ActiveRecord::Base
151.  
152. validates_presence_of :user_name, :password
153. validates_uniqueness_of :user_name
154.  
155. def self.authenticate(name,password)
156. user = self.find_by_user_name(name)
157. if user
158. if user.password != password
159. user = nil
160. end
161. end
162. user
163. end
164.  
165. def self.checkAvailability(name)
166. User.find(:first,
167. :conditions => [ "user_name = '%s'", name ]
168. )
169. end
170. end