14.4 Iteration I4: Adding a Sidebar 14.2 Iteration I2: Authenticating Users
require authorization before every access
edit app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
before_filter :authorize
# ...
protected
def authorize
unless User.find_by_id(session[:user_id])
redirect_to login_url, notice: "Please log in"
end
end
end
whitelist the sessions and store controllers
edit app/controllers/sessions_controller.rb
class SessionsController < ApplicationController
skip_before_filter :authorize
edit app/controllers/store_controller.rb
class StoreController < ApplicationController
skip_before_filter :authorize
whitelist cart operations
edit app/controllers/carts_controller.rb
class CartsController < ApplicationController
skip_before_filter :authorize, only: [:create, :update, :destroy]
def invalid_cart
logger.error "Attempt to access invalid cart #{params[:id]}"
redirect_to store_url, notice: 'Invalid cart'
end
end
whitelist line_item operations
edit app/controllers/line_items_controller.rb
class LineItemsController < ApplicationController
skip_before_filter :authorize, only: :create
whitelist order operations
edit app/controllers/orders_controller.rb
class OrdersController < ApplicationController
skip_before_filter :authorize, only: [:new, :create]
Cause all tests to do an implicit login
edit test/test_helper.rb
class ActiveSupport::TestCase
# ...
# Add more helper methods to be used by all tests here...
def login_as(user)
session[:user_id] = users(user).id
end
def logout
session.delete :user_id
end
def setup
login_as :one if defined? session
end
end
Show that the now pass
rake test
Run options:
# Running tests:
.......
Finished tests in 0.208062s, 33.6438 tests/s, 134.5753 assertions/s.
7 tests, 28 assertions, 0 failures, 0 errors, 0 skips
ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-linux]
Run options:
# Running tests:
...............................................
Finished tests in 0.735493s, 63.9027 tests/s, 108.7706 assertions/s.
47 tests, 80 assertions, 0 failures, 0 errors, 0 skips
ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-linux]
Run options:
# Running tests:
...
Finished tests in 0.363993s, 8.2419 tests/s, 129.1234 assertions/s.
3 tests, 47 assertions, 0 failures, 0 errors, 0 skips
ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-linux]
14.4 Iteration I4: Adding a Sidebar 14.2 Iteration I2: Authenticating Users