## application.rb
def authorise
unless User.find_by_id(session[:user_id])
flash[:notice] = "Please log in"
redirect_to :controller => :account, :action => :login
end
end
def fetch_user_details
begin
# Only attempt to fetch user object if user_id is valid:
if User.find_by_id(session[:user_id])
@user = User.find(session[:user_id])
end
rescue Exception => ex
@user = nil
end
end
## (controllers/account_controller.rb)
class AccountController < ApplicationController
# Before filter
before_filter :authorise, :except => [:registration, :login]
# Allows the blog owner to login
def login
# Has the form been posted yet?
if request.post?
# Check if the user details are valid:
user = User.authenticate(params[:username], params[:password])
# Check if current user has their account locked:
user_locked = AccessLock.is_account_locked?(request.remote_ip)
# Valid user object returned?
if user and !user_locked
# Store the user's id in a session variable:
session[:user_id] = user.id
# Ensure that the account lock is clean:
AccessLock.clear_account request.remote_ip
# Redirect to the main page
redirect_to :controller => :post, :action => :view
else
# Want to increase the login attempt count, three attempts and the
# user is locked out.
if AccessLock.update_login_attempt(request.remote_ip)
# The user has been locked for a short while...
flash.now[:notice] = "Account has been locked."
else
flash.now[:notice] = "Invalid username or password, please try again."
end
end
end
end
end
## (controllers/post_controller.rb)
class PostController < ApplicationController
# Setup filter
before_filter :fetch_user_details
before_filter :authorise, :only => [:create, :edit, :view, :preview]
# #####################################################################################
# Allows user to view all posts
# #####################################################################################
def view
@all_posts = Post.paginate :page => params[:page], :per_page => 5, :order => "created_at DESC"
@all_categories = Category.find(:all)
end
end
## (views/account/login.rhtml)
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<%= stylesheet_link_tag 'admin_master' %>
<title>96 Methods - User Login</title>
</head>
<body>
<div id="wrapper">
<div id="branding">
<h1><span></span>96 methods</h1>
<ul></ul>
</div>
<div id="content">
<h2>Login</h2>
<% if flash[:notice] -%>
<p class="warning"><%= flash[:notice] %></p>
<% end -%>
<% form_tag do %>
<p>
<label for="username">Username:</label>
<%= text_field_tag :username, params[:username], :class => 'textfield' %>
</p>
<p>
<label for="password">Password:</label>
<%= password_field_tag :password, nil, :class => 'textfield' %>
</p>
<p>
<%= submit_tag 'Login' %>
</p>
<% end %>
<p class="last"></p>
</div>
<div id="sideContent">
<!--<h2></h2>-->
<p class="info">You are currently logged out</p>
<p class="last"></p>
</div>
</div> <!-- wrapper -->
</body>
</html>
## (views/post/view.rhtml) - uses admin_layout (below)
<% @title = "View Posts" %>
<div id="content">
<h2>All Posts</h2>
<% if flash[:notice] %>
<div id="notice">
<%= flash[:notice] %>
</div>
<% end %>
<table>
<thead>
<tr>
<th class="title">Title</th>
<th class="category">Categories</th>
<th class="status">Status</th>
<th class="date">Date</th>
<th colspan="2" class="comment">Comments Waiting</th>
<th colspan="2" class="action">Actions</th>
</tr>
</thead>
<tbody>
<% for post in @all_posts %>
<tr class="<%= cycle('odd', 'even') %>">
<td class="title"><%= h(post.title)%></td>
<td><%= post.categories.collect(&:title).join(", ") %></td>
<% if post.published %>
<td>PUBLISHED</td>
<% else %>
<td>DRAFT</td>
<% end %>
<td><%= post.get_formatted_creation_date %></td>
<td><%= post.get_count_of_pending_comments %></td>
<td><%= link_to "View", :controller => :comment, :action => :view, :post_id => post %></td>
<td><%= link_to "Edit", :controller => :post, :action => :edit, :post_id => post %></td>
<td><%= link_to "Preview", :controller => :post, :action => :preview, :post_id => post %></td>
</tr>
<% end %>
</tbody>
</table>
<%= will_paginate @all_posts %>
<p class="last"></p>
</div> <!-- content -->
## The layout used by view.rhtml (views/layouts/admin_layout.rhtml)
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<%= stylesheet_link_tag 'admin_master' %>
<title>96 Methods - <%= @title %></title>
</head>
<body>
<div id="wrapper">
<div id="branding">
<h1><span></span>96 methods</h1>
<ul>
<li><a href="/admin/blog" class="menu1test"><span></span>BLOG</a></li>
<li><a href="/admin/news" class="menu2test"><span></span>NEWS</a></li>
<li><a href="#" class="menu3test"><span></span>ABOUT</a></li>
</ul>
</div>
<%= yield :layout %>
<div id="sideContent">
<h2><span></span>Actions</h2>
<ul>
<li><%= link_to "Write a new post",
:controller => :post,
:action => :create %></li>
<li><%= link_to "Create a new category",
:controller => :category,
:action => :create %></li>
</ul>
<p></p>
<ul>
<li><%= link_to "Logout",
:controller => :account,
:action => :logout %></li>
</ul>
<p class="last"></p>
</div>
</div> <!-- wrapper -->
</body>
</html>
## config/routes.rb
ActionController::Routing::Routes.draw do |map|
# The priority is based upon order of creation: first created -> highest priority.
map.connect "blog", :controller => "post", :action => "view_recent_posts"
map.connect "blog/category/:id", :controller => "post", :action => "view_by_category", :id => /\d+/
map.connect "blog/:id", :controller => "post", :action => "view_post"
map.connect "admin/blog", :controller => "post", :action => "view"
map.connect "admin/blog/edit/:post_id", :controller => "post", :action => "edit"
map.connect "admin/blog/preview/:post_id", :controller => "post", :action => "preview"
map.connect "admin/blog/comment/view/:post_id", :controller => "comment", :action => "view"
map.connect "admin/blog/comment/add/:post_id", :controller => "comment", :action => "add"
map.connect "admin/news", :controller => "news", :action => "view"
map.connect "admin/news/edit/:article_id", :controller => "news", :action => "edit"
map.connect "admin/new/preview/:article_id", :controller => "news", :action => "preview"
map.connect "account/registration", :controller => "account", :action => "registration"
map.connect "account/login", :controller => "account", :action => "login"
map.connect "account/logout", :controller => "account", :action => "logout"
map.connect "news", :controller => "news", :action => "view_recent_articles"
map.connect "news/:id", :controller => "news", :action => "view_article"
map.connect "about", :controller => "about", :action => "about"
map.connect "post/create", :controller => "post", :action => "create"
map.connect "category/create", :controller => "category", :action => "create"
map.connect '', :controller => "post" , :action => "view_recent_posts"
end