Agile Web Development with Rails, Edition 4

13.3 Iteration H3: Limiting Access 13.1 Iteration H1: Adding Users

13.2 Iteration H2: Authenticating Users

rails generate controller sessions new create destroy

DEPRECATION WARNING: railtie_name is deprecated and has no effect. (called from /home/rubys/.rvm/gems/ruby-1.8.8-r28169/gems/will_paginate-3.0.pre/lib/will_paginate/railtie.rb:6)

      create  app/controllers/sessions_controller.rb

       route  get "sessions/destroy"

       route  get "sessions/create"

       route  get "sessions/new"

      invoke  erb

      create    app/views/sessions

      create    app/views/sessions/new.html.erb

      create    app/views/sessions/create.html.erb

      create    app/views/sessions/destroy.html.erb

      invoke  test_unit

      create    test/functional/sessions_controller_test.rb

      invoke  helper

      create    app/helpers/sessions_helper.rb

      invoke    test_unit

      create      test/unit/helpers/sessions_helper_test.rb

rails generate controller admin index

DEPRECATION WARNING: railtie_name is deprecated and has no effect. (called from /home/rubys/.rvm/gems/ruby-1.8.8-r28169/gems/will_paginate-3.0.pre/lib/will_paginate/railtie.rb:6)

      create  app/controllers/admin_controller.rb

       route  get "admin/index"

      invoke  erb

      create    app/views/admin

      create    app/views/admin/index.html.erb

      invoke  test_unit

      create    test/functional/admin_controller_test.rb

      invoke  helper

      create    app/helpers/admin_helper.rb

      invoke    test_unit

      create      test/unit/helpers/admin_helper_test.rb

edit app/controllers/sessions_controller.rb

class SessionsController < ApplicationController

  def new

end

  def create

    if user = User.authenticate(params[:name], params[:password])

      session[:user_id] = user.id

      redirect_to admin_url

    else

      redirect_to login_url, :alert => "Invalid user/password combination"

end

end

  def destroy

    session[:user_id] = nil

    redirect_to store_url, :notice => "Logged out"

end

end

edit app/views/sessions/new.html.erb

<div class="depot_form">

  <%= form_tag do %>

    <fieldset>

      <legend>Please Log In</legend>

      <div>

        <label for="name">Name:</label>

        <%= text_field_tag :name, params[:name] %>

      </div>

      <div>

        <label for="password">Password:</label>

        <%= password_field_tag :password, params[:password] %>

      </div>

      <div>

        <%= submit_tag "Login" %>

      </div>

    </fieldset>

  <% end %>

</div>

edit app/views/admin/index.html.erb

<h1>Welcome</h1>

It's <%= Time.now %>

We have <%= pluralize(@total_orders, "order") %>.

edit app/controllers/admin_controller.rb

class AdminController < ApplicationController

  def index

    @total_orders = Order.count

end

end

edit config/routes.rb

Depot::Application.routes.draw do |map|

  get 'admin' => 'admin#index'

  controller :sessions do

    get  'login' => :new

    post 'login' => :create

    delete 'logout' => :destroy

end

  resources :users

  resources :orders

  resources :line_items

  resources :carts

  get "store/index"

  resources :products do

    get :who_bought, :on => :member

end

  # ...

  # You can have the root of your site routed with "root"

  # just remember to delete public/index.html.

  # root :to => "welcome#index"

  root :to => 'store#index', :as => 'store'

  # ...

end

get /login

Home
Questions
News
Contact

post /login

name => dave
password => secret

You are being redirected.

get http://localhost:3000/admin

Home
Questions
News
Contact

Welcome

It's Sun Jun 06 09:00:23 -0400 2010 We have 101 orders.

13.3 Iteration H3: Limiting Access 13.1 Iteration H1: Adding Users