diff options
| author | mo khan <mo@mokhan.ca> | 2015-02-21 12:41:44 -0700 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2015-02-21 12:41:44 -0700 |
| commit | feaf5cfae0f948ceebae4d1ff2c80d84cd76cae0 (patch) | |
| tree | d36a0618afc8509cf6b72332b13da23ce84e1914 | |
| parent | 9c869182b649bc05c29ec703048628ee06c6f3ff (diff) | |
authorize all requests otherwise redirect to login page.
| -rw-r--r-- | app/controllers/application_controller.rb | 12 | ||||
| -rw-r--r-- | app/controllers/sessions_controller.rb | 2 |
2 files changed, 14 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 84e9c93..38aeade 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,4 +3,16 @@ class ApplicationController < ActionController::Base # For APIs, you may want to use :null_session instead. #protect_from_forgery with: :exception protect_from_forgery with: :null_session + before_action :authorize! + + private + + def authorize! + redirect_to new_session_path if current_user.nil? + end + + def current_user + return nil if session[:x].blank? + @current_user ||= User.find(session[:x]) + end end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 42987e4..ebf0549 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,4 +1,6 @@ class SessionsController < ApplicationController + skip_before_action :authorize!, only: [:new, :create] + def new @user = User.new end |