-
Notifications
You must be signed in to change notification settings - Fork 3
Authentication
akaspick edited this page Feb 2, 2011
·
1 revision
Here's a basic example of integrating authentication into your CMS.
If you current application uses basic HTTP authentication, you can easily make the CMS aware of this as well.
Open up the file app/controllers/cms/setup_controller.rb
and you'll see this by default:
class Cms::SetupController < ApplicationController
# filters and other customizations can be made here before the cms controllers are run
# Returns the current user for the application.
# Remove this method if your application already defines a current_user method
# or provide valid code that returns a user object for the current user.
def current_user
nil
end
# Define your own authorization logic given one of the cms roles... :all, :cms_admin, :cms_user
def authorize_role(role)
authorized = case role
when :all, :cms_admin, :cms_user
true
else
false
end
redirect_to '/' unless authorized
return authorized
end
end
The applications ApplicationController has a method named authenticate
which is run in a before_filter. To use this method, we first skip execution of the filter by adding skip_before_filter :authenticate
to the top of the SetupController.
We then call the authenticate method directly in the authorize_role
method where we used to have true
. The authorize_role
method must return true or false.
class Cms::SetupController < ApplicationController
skip_before_filter :authenticate
# filters and other customizations can be made here before the cms controllers are run
# Returns the current user for the application.
# Remove this method if your application already defines a current_user method
# or provide valid code that returns a user object for the current user.
def current_user
nil
end
# Define your own authorization logic given one of the cms roles... :all, :cms_admin, :cms_user
def authorize_role(role)
authorized = case role
when :all, :cms_admin, :cms_user
authenticate
else
false
end
redirect_to '/' unless authorized
return authorized
end
end