You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
peakpg edited this page Apr 26, 2011
·
2 revisions
Authentication with Rails Controllers
It is possible to create ActionController’s which take advantage of the CMS authentication system. For example, run the following command:
rails g controller MyNew
Then edit the resulting controller like so:
class MyNewController < ApplicationController
# This adds methods to your controller to work with the authenticated user.
include Cms::Authentication::Controller
def do_something_interesting
# The current_user method looks up the user based on either a cookie, or session variable.
user = current_user
if user.guest?
redirect_to "/system/access-denied"
else
redirect_to "/my_target/page"
end
end
end
The current_user method is also available in Portlets, as well as in the view files for both portlets and templates.
Understanding Guest users
Many visitors to a CMS site will not be logged in. These users are considered to be members of a special group, called ‘Guest’. This group allows staff to set permissions for denying entry to specific sections. When you call the following:
user = current_user
if there the user is not logged in, a
GuestUser
object will be returned. This user has all the permissions of the guest group, which are usually limited to viewing public sections.