@@ -2,4 +2,10 @@ class ApplicationController < ActionController::Base | |||||
# Prevent CSRF attacks by raising an exception. | # Prevent CSRF attacks by raising an exception. | ||||
# For APIs, you may want to use :null_session instead. | # For APIs, you may want to use :null_session instead. | ||||
protect_from_forgery with: :exception | protect_from_forgery with: :exception | ||||
before_action :load_user | |||||
private | |||||
def load_user | |||||
@user = User.find_by(id: session[:user_id]) if session[:user_id] | |||||
end | |||||
end | end |
@@ -20,9 +20,9 @@ class UsersController < ApplicationController | |||||
render 'login' and return | render 'login' and return | ||||
end | end | ||||
allow_non_corp = AdminSettings.get_bool(:allow_non_corp) | |||||
allow_non_corp = AdminSetting.get_bool(:allow_non_corp) | |||||
if !allow_non_corp && !user.in_corp? && !user.admin? | if !allow_non_corp && !user.in_corp? && !user.admin? | ||||
corp_name = AdminSettings.get_bool(:corp_name) | |||||
corp_name = AdminSetting.get_bool(:corp_name) | |||||
flash[:alert] = "You are not a member of #{corp_name}, and access to "\ | flash[:alert] = "You are not a member of #{corp_name}, and access to "\ | ||||
"this site is disallowed for non-corp members." | "this site is disallowed for non-corp members." | ||||
redirect_to root_url and return | redirect_to root_url and return | ||||
@@ -36,7 +36,8 @@ class UsersController < ApplicationController | |||||
def logout | def logout | ||||
if request.post? | if request.post? | ||||
# do user logout logic | |||||
session.delete(:user_id) | |||||
flash[:notice] = 'Logout successful!' | |||||
redirect_to root_url | redirect_to root_url | ||||
end | end | ||||
end | end | ||||
@@ -14,7 +14,7 @@ class User < ActiveRecord::Base | |||||
end | end | ||||
def in_corp? | def in_corp? | ||||
member_of? AdminSettings.get(:corp_id).to_i | |||||
member_of? AdminSetting.get(:corp_id).to_i | |||||
end | end | ||||
def member_of?(corp_id) | def member_of?(corp_id) | ||||
@@ -7,9 +7,16 @@ | |||||
</div> | </div> | ||||
<nav> | <nav> | ||||
<ul> | <ul> | ||||
<li><%= link_to 'Signup', controller: 'users', action: 'signup' %></li> | |||||
<li><%= link_to 'Login', controller: 'users', action: 'login' %></li> | |||||
<li><%= link_to 'Admin', controller: 'admin', action: 'index' %></li> | |||||
<% if @user %> | |||||
<li><%= @user.name %></li> | |||||
<% if @user.admin? %> | |||||
<li><%= link_to 'Admin', controller: 'admin', action: 'index' %></li> | |||||
<% end %> | |||||
<li><%= link_to 'Logout', {controller: 'users', action: 'logout'}, method: :post %></li> | |||||
<% else %> | |||||
<li><%= link_to 'Login', controller: 'users', action: 'login' %></li> | |||||
<li><%= link_to 'Signup', controller: 'users', action: 'signup' %></li> | |||||
<% end %> | |||||
</ul> | </ul> | ||||
</nav> | </nav> | ||||
</header> | </header> | ||||