Module: AccountEngine::UserAccount::ClassMethods
- Defined in:
- lib/account_engine/user_account/class_methods.rb
Overview
This module defines methods to be attached to the User class itself.
Instance Method Summary collapse
-
#authenticate(login, pass) ⇒ Object
Basic method for user authentication.
- #authenticate_by_token(id, token) ⇒ Object
-
#guest_user_authorized?(controller, action = "index") ⇒ Boolean
Check if the requested controller/action is available for guest users i.e.
Instance Method Details
#authenticate(login, pass) ⇒ Object
Basic method for user authentication.
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/account_engine/user_account/class_methods.rb', line 31 def authenticate(login, pass) # Find the user with this login name user = find(:first, :conditions => ["login = ? AND deleted = 0", login]) if user.nil? logger.info "Invalid username #{login}/#{pass}" return nil end # Check to see if the sp = UserAccount.salted_password(user.salt, UserAccount.hashed(pass)) logger.info "User not verified #{login}/#{pass}" unless (user.verified or not AccountEngine.confirm_account) logger.info "User password incorrect #{login}/#{pass}" unless user.salted_password == sp if (user.verified or not AccountEngine.confirm_account) and user.salted_password == sp return user else return nil end end |
#authenticate_by_token(id, token) ⇒ Object
53 54 55 56 57 58 59 60 |
# File 'lib/account_engine/user_account/class_methods.rb', line 53 def authenticate_by_token(id, token) # Allow logins for deleted accounts, but only via this method (and # not the regular authenticate call) u = find(:first, :conditions => ["id = ? AND security_token = ?", id, token]) return nil if u.nil? or u.token_expired? return nil if false == u.update_expiry u end |
#guest_user_authorized?(controller, action = "index") ⇒ Boolean
Check if the requested controller/action is available for guest users i.e. anyone who isn’t logged in. The ‘Guest’ user is actually a Role object held my no user. The name of this Role object is defined in AccountEngine.guest_role_name, and defaults to “Guest”. To control which actions are available to site users who are not logged in, you should modify the permissions for this role.
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
# File 'lib/account_engine/user_account/class_methods.rb', line 12 def (controller, action="index") query = <<-EOS SELECT DISTINCT #{AccountEngine.}.* FROM #{AccountEngine.}, #{AccountEngine.roles_table}, #{AccountEngine.} WHERE #{AccountEngine.roles_table}.name = :role AND #{AccountEngine.roles_table}.id = #{AccountEngine.}.role_id AND #{AccountEngine.}.permission_id = #{AccountEngine.}.id AND #{AccountEngine.}.controller = :controller AND #{AccountEngine.}.action = :action EOS result = Permission.find_by_sql([query, {:role => AccountEngine.guest_role_name, :controller => controller.to_s, :action => action.to_s}]) return (result != nil) && (!result.empty?) end |