Working login, logout.

9 years ago · 02fd2fe0d6
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -2,4 +2,10 @@ class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
  before_action :load_user

  private
  def load_user
    @user = User.find_by(id: session[:user_id]) if session[:user_id]
  end
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -20,9 +20,9 @@ class UsersController < ApplicationController
        render 'login' and return
      end

      allow_non_corp = AdminSettings.get_bool(:allow_non_corp)
      allow_non_corp = AdminSetting.get_bool(:allow_non_corp)
      if !allow_non_corp && !user.in_corp? && !user.admin?
        corp_name = AdminSettings.get_bool(:corp_name)
        corp_name = AdminSetting.get_bool(:corp_name)
        flash[:alert] = "You are not a member of #{corp_name}, and access to "\
                        "this site is disallowed for non-corp members."
        redirect_to root_url and return
@@ -36,7 +36,8 @@ class UsersController < ApplicationController

  def logout
    if request.post?
      # do user logout logic
      session.delete(:user_id)
      flash[:notice] = 'Logout successful!'
      redirect_to root_url
    end
  end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -14,7 +14,7 @@ class User < ActiveRecord::Base
  end

  def in_corp?
    member_of? AdminSettings.get(:corp_id).to_i
    member_of? AdminSetting.get(:corp_id).to_i
  end

  def member_of?(corp_id)
--- a/app/views/shared/_header.html.erb
+++ b/app/views/shared/_header.html.erb
@@ -7,9 +7,16 @@
  </div>
  <nav>
    <ul>
      <li><%= link_to 'Signup', controller: 'users', action: 'signup' %></li>
      <li><%= link_to 'Login', controller: 'users', action: 'login' %></li>
      <li><%= link_to 'Admin', controller: 'admin', action: 'index' %></li>
      <% if @user %>
        <li><%= @user.name %></li>
        <% if @user.admin? %>
          <li><%= link_to 'Admin', controller: 'admin', action: 'index' %></li>
        <% end %>
        <li><%= link_to 'Logout', {controller: 'users', action: 'logout'}, method: :post %></li>
      <% else %>
        <li><%= link_to 'Login', controller: 'users', action: 'login' %></li>
        <li><%= link_to 'Signup', controller: 'users', action: 'signup' %></li>
      <% end %>
    </ul>
  </nav>
 </header>