Skip to content

Authentication

Jump to bottom Edit New page
akaspick edited this page Feb 2, 2011 · 1 revision

Here's a basic example of integrating authentication into your CMS.

If you current application uses basic HTTP authentication, you can easily make the CMS aware of this as well.

Open up the file app/controllers/cms/setup_controller.rb and you'll see this by default:

class Cms::SetupController < ApplicationController
  # filters and other customizations can be made here before the cms controllers are run

  # Returns the current user for the application.
  # Remove this method if your application already defines a current_user method
  # or provide valid code that returns a user object for the current user.
  def current_user
    nil
  end

  # Define your own authorization logic given one of the cms roles... :all, :cms_admin, :cms_user
  def authorize_role(role)
    authorized = case role
    when :all, :cms_admin, :cms_user
      true
    else
      false
    end

    redirect_to '/' unless authorized

    return authorized
  end
end

The applications ApplicationController has a method named authenticate which is run in a before_filter. To use this method, we first skip execution of the filter by adding skip_before_filter :authenticate to the top of the SetupController.

We then call the authenticate method directly in the authorize_role method where we used to have true. The authorize_role method must return true or false.

class Cms::SetupController < ApplicationController
  skip_before_filter :authenticate

  # filters and other customizations can be made here before the cms controllers are run

  # Returns the current user for the application.
  # Remove this method if your application already defines a current_user method
  # or provide valid code that returns a user object for the current user.
  def current_user
    nil
  end

  # Define your own authorization logic given one of the cms roles... :all, :cms_admin, :cms_user
  def authorize_role(role)
    authorized = case role
    when :all, :cms_admin, :cms_user
      authenticate
    else
      false
    end

    redirect_to '/' unless authorized

    return authorized
  end
end
Add a custom footer
Add a custom sidebar
Clone this wiki locally