Controllers with Authentication

peakpg edited this page Apr 26, 2011 · 2 revisions

Authentication with Rails Controllers

It is possible to create ActionController’s which take advantage of the CMS authentication system. For example, run the following command:

rails g controller MyNew

Then edit the resulting controller like so:


class MyNewController < ApplicationController

  # This adds methods to your controller to work with the authenticated user.
  include Cms::Authentication::Controller

  def do_something_interesting
    # The current_user method looks up the user based on either a cookie, or session variable.
    user = current_user

    if user.guest?
      redirect_to "/system/access-denied"
    else
      redirect_to "/my_target/page"
    end
  end
end

The current_user method is also available in Portlets, as well as in the view files for both portlets and templates.

Understanding Guest users

Many visitors to a CMS site will not be logged in. These users are considered to be members of a special group, called ‘Guest’. This group allows staff to set permissions for denying entry to specific sections. When you call the following:


user = current_user

if there the user is not logged in, a

GuestUser
object will be returned. This user has all the permissions of the guest group, which are usually limited to viewing public sections.
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.