photomix/app/controllers/application_controller.rb

# Filters added to this controller apply to all controllers in the application.
# Likewise, all the methods added will be available for all controllers.

class ApplicationController < ActionController::Base
  helper :all # include all helpers, all the time
  protect_from_forgery # See ActionController::RequestForgeryProtection for details

  filter_parameter_logging :password, :password_confirmation
  helper_method :current_user, :current_user_session

  
  private
  
    def check_public_access
      require_user unless APP_CONFIG[:public]
    end

    def current_user_session
      return @current_user_session if defined?(@current_user_session)
      @current_user_session = UserSession.find
    end

    def current_user
      return @current_user if defined?(@current_user)
      @current_user = current_user_session && current_user_session.user
    end

    def require_role(roles = [])
      unless current_user && current_user.in_role?(*roles)
        store_location
        flash[:notice] = "You must have permission to access this page"
        redirect_to account_path
        return false
      end
      return true
    end

    def require_role_admin
      return false if !require_user
      return require_role("admin")
    end
    
    def require_permission(permissions = [])
      return false if !require_user
      unless current_user && current_user.has_permission?(*permissions)
        store_location
        flash[:notice] = "You must have permission to access this page"
        redirect_to account_path
        return false
      end
      return true
    end

    def require_user
      unless current_user
        store_location
        flash[:notice] = "You must be logged in to access this page"
        redirect_to login_path
        return false
      end
      return true
    end
 
    def require_no_user
      if current_user
        store_location
        flash[:notice] = "Already logged in. Please logout"
        redirect_to account_path
        return false
      end
      return true
    end
    
    def store_location
      session[:return_to] = request.request_uri
    end
    
    def redirect_back_or_default(default)
      redirect_to(session[:return_to] || default)
      session[:return_to] = nil
    end  
end