authorize all requests otherwise redirect to login page.

author: mo khan <mo@mokhan.ca> 2015-02-21 12:41:44 -0700
committer: mo khan <mo@mokhan.ca> 2015-02-21 12:41:44 -0700
commit: feaf5cfae0f948ceebae4d1ff2c80d84cd76cae0 (patch)
tree: d36a0618afc8509cf6b72332b13da23ce84e1914
parent: 9c869182b649bc05c29ec703048628ee06c6f3ff (diff)
2 files changed, 14 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 84e9c93..38aeade 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -3,4 +3,16 @@ class ApplicationController < ActionController::Base
   # For APIs, you may want to use :null_session instead.
   #protect_from_forgery with: :exception
   protect_from_forgery with: :null_session
+  before_action :authorize!
+
+  private
+
+  def authorize!
+    redirect_to new_session_path if current_user.nil?
+  end
+
+  def current_user
+    return nil if session[:x].blank?
+    @current_user ||= User.find(session[:x])
+  end
 end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 42987e4..ebf0549 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,4 +1,6 @@
 class SessionsController < ApplicationController
+  skip_before_action :authorize!, only: [:new, :create]
+
   def new
     @user = User.new
   end
author	mo khan <mo@mokhan.ca>	2015-02-21 12:41:44 -0700
committer	mo khan <mo@mokhan.ca>	2015-02-21 12:41:44 -0700
commit	feaf5cfae0f948ceebae4d1ff2c80d84cd76cae0 (patch)
tree	d36a0618afc8509cf6b72332b13da23ce84e1914
parent	9c869182b649bc05c29ec703048628ee06c6f3ff (diff)