Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class ApplicationController < ActionController::Base
- before_filter :get_user
- protected
- def get_user
- @current_user = User.find(session[:user_id]) if session[:user_id]
- end
- def requires_login
- unless @current_user
- redirect_to :controller => :login
- return false
- end
- end
- def requires_admin
- unless @current_user && @current_user.admin_role
- redirect_to :controller => :questions
- flash[:error] = "Admin Required."
- end
- end
- end
- class LoginController < ApplicationController
- def index
- # This renders a form, and has it post to authorize action
- end
- def authorize
- session[:user_id] = nil
- user = User.authenticate(@params["name"], @params["password"])
- if user
- session[:user_id] = user.id
- redirect_to :controller => "Questions"
- else
- flash[:error] = 'Invalid user name and/or password.'
- redirect_to :action => "index"
- end
- end
- def new
- end
- # I'd comment this all out for now
- def register
- if (@params["name"]!='' && @params["password"]!='')
- if !User.checkAvailability(@params["name"])
- @user = User.new
- @user.user_name = @params["name"]
- @user.password = @params["password"]
- @user.admin_role= 0
- if @user.save
- session[:user_id] = @user.id
- redirect_to :controller => "Questions"
- else
- flash[:error] = 'Problem creating user, please try again'
- redirect_to :action => "new"
- end
- else
- flash[:error] = 'User name already exists.'
- redirect_to :action => "new"
- end
- else
- flash[:error] = 'Please make sure you have entered all parameters.'
- redirect_to :action => "new"
- end
- end
- def logout
- reset_session
- flash["alert"] = "Logged out"
- redirect_to :action => :index
- end
- end
- class QuestionsController < ApplicationController
- before_filter :requires_login
- before_filter :requires_admin, :only => [:edit]
- def index
- # show the secret stuff
- end
- def back
- redirect_to :action => "index"
- end
- def edit
- @question = Question.find(@params["id"])
- unless @question
- flash[:error] = 'The question ID does not exist.'
- redirect_to :action => "index"
- return false
- end
- end
- def find
- redirect_to :action => "index"
- end
- def make
- end
- def update
- @question = Question.find(@params["id"])
- @question.question = @params["question"]
- @question.answer = @params["answer"]
- if @question.save
- flash[:error] = 'Update Successful'
- redirect_to :action => "index"
- else
- flash[:error] = 'Problem updating question, please try again'
- redirect_to :action => "index"
- end
- rescue Exception => exc
- flash[:error] = 'The question ID does not exist.'
- redirect_to :action => "index"
- end
- end
- # This class represents the user table in the database
- # Table has five fields: id, admin_role, user_name, password
- class User < ActiveRecord::Base
- validates_presence_of :user_name, :password
- validates_uniqueness_of :user_name
- def self.authenticate(name,password)
- user = self.find_by_user_name(name)
- if user
- if user.password != password
- user = nil
- end
- end
- user
- end
- def self.checkAvailability(name)
- User.find(:first,
- :conditions => [ "user_name = '%s'", name ]
- )
- end
- end
Add Comment
Please, Sign In to add comment