diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d83690e..211d2bc 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,4 +2,10 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception + before_action :load_user + + private + def load_user + @user = User.find_by(id: session[:user_id]) if session[:user_id] + end end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 7d1cb8c..90da18a 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -20,9 +20,9 @@ class UsersController < ApplicationController render 'login' and return end - allow_non_corp = AdminSettings.get_bool(:allow_non_corp) + allow_non_corp = AdminSetting.get_bool(:allow_non_corp) if !allow_non_corp && !user.in_corp? && !user.admin? - corp_name = AdminSettings.get_bool(:corp_name) + corp_name = AdminSetting.get_bool(:corp_name) flash[:alert] = "You are not a member of #{corp_name}, and access to "\ "this site is disallowed for non-corp members." redirect_to root_url and return @@ -36,7 +36,8 @@ class UsersController < ApplicationController def logout if request.post? - # do user logout logic + session.delete(:user_id) + flash[:notice] = 'Logout successful!' redirect_to root_url end end diff --git a/app/models/user.rb b/app/models/user.rb index 75c5e6b..7db5d34 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -14,7 +14,7 @@ class User < ActiveRecord::Base end def in_corp? - member_of? AdminSettings.get(:corp_id).to_i + member_of? AdminSetting.get(:corp_id).to_i end def member_of?(corp_id) diff --git a/app/views/shared/_header.html.erb b/app/views/shared/_header.html.erb index 6a6c3ed..2be0a09 100644 --- a/app/views/shared/_header.html.erb +++ b/app/views/shared/_header.html.erb @@ -7,9 +7,16 @@