Controllers with Authentication

peakpg edited this page Apr 26, 2011 · 2 revisions
Clone this wiki locally

Authentication with Rails Controllers

It is possible to create ActionController’s which take advantage of the CMS authentication system. For example, run the following command:

rails g controller MyNew

Then edit the resulting controller like so:

class MyNewController < ApplicationController

  # This adds methods to your controller to work with the authenticated user.
  include Cms::Authentication::Controller

  def do_something_interesting
    # The current_user method looks up the user based on either a cookie, or session variable.
    user = current_user

    if user.guest?
      redirect_to "/system/access-denied"
      redirect_to "/my_target/page"

The current_user method is also available in Portlets, as well as in the view files for both portlets and templates.

Understanding Guest users

Many visitors to a CMS site will not be logged in. These users are considered to be members of a special group, called ‘Guest’. This group allows staff to set permissions for denying entry to specific sections. When you call the following:

user = current_user

if there the user is not logged in, a

object will be returned. This user has all the permissions of the guest group, which are usually limited to viewing public sections.