1.2. Authors
1.1 Creation, Edition
Before writing documents and sort them into categories we need some authors to write them. So we will first create the Author model, and the author controller. So use the generate command :
%: ruby script/generate model Author
%: ruby script/generate controller authorWe will use, for the moment, some scaffolding methods. So, in the author controller file put these lines in the class :
model :author
scaffold :author- firstname : johnathan
- name : doe
- nickname : john
- contact : john@foo
- password : test
- description : what you want
Click on the create button.
You should be now on the http://howto/author/list page, and you should see your new author. If you click on the show link you’ll go on the http://howto/author/show/1 page and see all the author info. Good.
There is a Edit link. Well I suppose you don’t want anybody to edit your account, right ? So we are going to setup some authentification.
1.2 Authenticate
require 'author'
Add the following to lines in the class :
include ApplicationHelper
before_filter :authenticate
Add the following methods to the class :
protected
def secure?
false
end
private
def authenticate
if secure? && @session["author_id"].nil?
@session["return_to"] = @request.request_uri
redirect_to :controller => "login"
return false
end
end
Now edit the app/models/author.rb file and add the following method :
def self.authenticate(nickname, password)
find_first( [ "nickname = '%s' AND password = '%s'", nickname, password ] )
end
or you can use the new dynamic find_by syntax:
def self.authenticate(nickname, password)
find_by_nickname_and_password(nickname,password)
end
This is the authentification method, as you should have guessed we will recognize the authors with the (nickname, password) couple.
Now open (or go back to) the author controller file. Here we are going to define which methods will need authentication. How ? Simply by adding the following method :
protected
def secure?
["new", "edit", "add_item", "destroy" ]. include?(action_name)
end
Between the brackets is the list of all the methods that need authentification. For the moment just leave the edit method in the list. Hey ? Is it finished ? Well not yet, we just have something missing.
The login controller
We need a controller to handle the things about login. So let’s create it :
%: ruby script/generate controller login
Now edit this new controller and replace the all thing by :
require 'author'
class LoginController < ActionController::Base
def index
# show login screen
end
def authenticate
if @author = Author.authenticate(@params["nickname"], @params["password"])
@session["author_id"] = @author.id
if @session["return_to"]
redirect_to_path(@session["return_to"])
@session["return_to"] = url_for(:controller => "author", :action => "edit", :id => @author.id)
else
redirect_to(:controller => "author", :action => "edit", :id => @author.id)
end
else
flash["alert"] = "Login failed!"
redirect_to :action => "index"
end
end
def logout
reset_session
flash["alert"] = "Logged out"
redirect_to :action => "index"
end
end
If the user is authentified it returns to the page edit page for the author prefs. In fact it open the edit page for the author who just log in. If not, well it goes back to the login page/form.
So now we have to create the index view it will need to display the form. So create the app/views/login/index.rhtml file and paste these lines :
<%= form_tag(:action => "authenticate") %>
Login : <input id="name" name="nickname" size="15" type="text" value="" /><br />;
Password : <input id="password" name="password" size="15" type="password" value="" />
<input type="submit" value="Login" />;
<%= end_form_tag %>
Now if you go back to the http://howto/author/list page and click on the edit link you should be redirected to the http://howto/login/ page. Enter john as login and test as password. And it should worl. In my case I had to restart apache, I don’t know why but until I restarted apache the app keep telling me there were no author.authenticate method.
So now we can authenticate authors, good. Next point : creating documents.