Module: AccountEngine::UserAccount::ClassMethods

Defined in:

lib/account_engine/user_account/class_methods.rb

Overview

This module defines methods to be attached to the User class itself.

Instance Method Summary

• #authenticate(login, pass) ⇒ Object

  Basic method for user authentication.

• #authenticate_by_token(id, token) ⇒ Object
• #guest_user_authorized?(controller, action = "index") ⇒ Boolean

  Check if the requested controller/action is available for guest users i.e.

Instance Method Details

#authenticate(login, pass) ⇒ Object

Basic method for user authentication.

# File 'lib/account_engine/user_account/class_methods.rb', line 31

def authenticate(login, pass)
  # Find the user with this login name
  user = find(:first, :conditions => ["login = ? AND deleted = 0", login])

  if user.nil?
    logger.info "Invalid username #{login}/#{pass}"
    return nil
  end

  # Check to see if the 
  sp = UserAccount.salted_password(user.salt, UserAccount.hashed(pass))

  logger.info "User not verified #{login}/#{pass}" unless (user.verified or not AccountEngine.confirm_account)
  logger.info "User password incorrect #{login}/#{pass}" unless user.salted_password == sp

  if (user.verified or not AccountEngine.confirm_account) and user.salted_password == sp
    return user
  else
    return nil
  end
end

#authenticate_by_token(id, token) ⇒ Object

# File 'lib/account_engine/user_account/class_methods.rb', line 53

def authenticate_by_token(id, token)
  # Allow logins for deleted accounts, but only via this method (and
  # not the regular authenticate call)
  u = find(:first, :conditions => ["id = ? AND security_token = ?", id, token])
  return nil if u.nil? or u.token_expired?
  return nil if false == u.update_expiry
  u
end

#guest_user_authorized?(controller, action = "index") ⇒ Boolean

Check if the requested controller/action is available for guest users i.e. anyone who isn’t logged in. The ‘Guest’ user is actually a Role object held my no user. The name of this Role object is defined in AccountEngine.guest_role_name, and defaults to “Guest”. To control which actions are available to site users who are not logged in, you should modify the permissions for this role.

Returns:

• (Boolean)

# File 'lib/account_engine/user_account/class_methods.rb', line 12

def guest_user_authorized?(controller, action="index")
  query = <<-EOS
SELECT DISTINCT #{AccountEngine.permissions_table}.* 
FROM #{AccountEngine.permissions_table}, #{AccountEngine.roles_table}, 
     #{AccountEngine.permissions_roles_table}
WHERE #{AccountEngine.roles_table}.name = :role
AND #{AccountEngine.roles_table}.id = #{AccountEngine.permissions_roles_table}.role_id
AND #{AccountEngine.permissions_roles_table}.permission_id = #{AccountEngine.permissions_table}.id
AND #{AccountEngine.permissions_table}.controller = :controller
AND #{AccountEngine.permissions_table}.action = :action
EOS

  result = Permission.find_by_sql([query, {:role => AccountEngine.guest_role_name, 
                                           :controller => controller.to_s, :action => action.to_s}])    

  return (result != nil) && (!result.empty?)
end