Controllers with Authentication
Clone this wiki locally
Authentication with Rails Controllers
It is possible to create ActionController’s which take advantage of the CMS authentication system. For example, run the following command:
rails g controller MyNew
Then edit the resulting controller like so:
class MyNewController < ApplicationController # This adds methods to your controller to work with the authenticated user. include Cms::Authentication::Controller def do_something_interesting # The current_user method looks up the user based on either a cookie, or session variable. user = current_user if user.guest? redirect_to "/system/access-denied" else redirect_to "/my_target/page" end end end
The current_user method is also available in Portlets, as well as in the view files for both portlets and templates.
Understanding Guest users
Many visitors to a CMS site will not be logged in. These users are considered to be members of a special group, called ‘Guest’. This group allows staff to set permissions for denying entry to specific sections. When you call the following:
user = current_user
if there the user is not logged in, a
object will be returned. This user has all the permissions of the guest group, which are usually limited to viewing public sections.