Skip to content
Browse files

Lock down controllers

  • Loading branch information...
1 parent b642187 commit 39411157a2126dbf510563d9ec107500ede1ca9e @jordanbyron committed Jan 24, 2010
View
1 app/controllers/buildings_controller.rb
@@ -1,4 +1,5 @@
class BuildingsController < ApplicationController
+ before_filter :administrator_required
current_tab :settings
# GET /buildings
View
1 app/controllers/notes_controller.rb
@@ -1,4 +1,5 @@
class NotesController < ApplicationController
+ before_filter :administrator_required
# GET /notes
# GET /notes.xml
def index
View
1 app/controllers/settings_controller.rb
@@ -1,4 +1,5 @@
class SettingsController < ApplicationController
+ before_filter :administrator_required
def index
View
1 app/controllers/statuses_controller.rb
@@ -1,4 +1,5 @@
class StatusesController < ApplicationController
+ before_filter :administrator_required
current_tab :settings
# GET /statuses
View
1 app/controllers/users_controller.rb
@@ -1,4 +1,5 @@
class UsersController < ApplicationController
+ before_filter :administrator_required
current_tab :settings
def index
View
2 app/controllers/work_orders_controller.rb
@@ -1,5 +1,5 @@
class WorkOrdersController < ApplicationController
- before_filter :login_required, :except => [:new, :create, :thank_you]
+ before_filter :administrator_required, :except => [:new, :create, :thank_you]
# GET /work_orders
# GET /work_orders.xml
View
4 app/views/sessions/new.html.erb
@@ -3,6 +3,10 @@
<h1>Log In</h1>
<% end %>
+<p style="color:red;">
+<%= flash[:error] %>
+</p>
+
<% form_tag session_path do -%>
<p><%= label_tag 'login' %><br />
<%= text_field_tag 'login', @login %></p>
View
3 lib/authenticated_system.rb
@@ -36,7 +36,7 @@ def authorized?(action = action_name, resource = nil)
end
def administrator_required
- logged_in? && current_user.administrator
+ (logged_in? && current_user.administrator) || access_denied
end
# Filter method to enforce a login requirement.
@@ -69,6 +69,7 @@ def access_denied
respond_to do |format|
format.html do
store_location
+ flash[:error] = "Please login to continue."
redirect_to new_session_path
end
# format.any doesn't work in rails version < http://dev.rubyonrails.org/changeset/8987

0 comments on commit 3941115

Please sign in to comment.
Something went wrong with that request. Please try again.