From feaf5cfae0f948ceebae4d1ff2c80d84cd76cae0 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Sat, 21 Feb 2015 12:41:44 -0700
Subject: authorize all requests otherwise redirect to login page.

---
 app/controllers/application_controller.rb | 12 ++++++++++++
 app/controllers/sessions_controller.rb    |  2 ++
 2 files changed, 14 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 84e9c93..38aeade 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -3,4 +3,16 @@ class ApplicationController < ActionController::Base
   # For APIs, you may want to use :null_session instead.
   #protect_from_forgery with: :exception
   protect_from_forgery with: :null_session
+  before_action :authorize!
+
+  private
+
+  def authorize!
+    redirect_to new_session_path if current_user.nil?
+  end
+
+  def current_user
+    return nil if session[:x].blank?
+    @current_user ||= User.find(session[:x])
+  end
 end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 42987e4..ebf0549 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,4 +1,6 @@
 class SessionsController < ApplicationController
+  skip_before_action :authorize!, only: [:new, :create]
+
   def new
     @user = User.new
   end
-- 
cgit v1.2.3