# Likewise, all the methods added will be available for all controllers.
class ApplicationController < ActionController::Base
+ layout "store"
+ before_filter :authorize, :except => :login
helper :all # include all helpers, all the time
# See ActionController::RequestForgeryProtection for details
# Uncomment the :secret if you're not using the cookie session store
- protect_from_forgery # :secret => '3060ab6e75969f85169b8c71cc8a6801'
+ protect_from_forgery :secret => 'd7e9713fb540572dab37a045152d442a'
# See ActionController::Base for details
# Uncomment this to filter the contents of submitted sensitive data parameters
# from your application log (in this case, all fields with names like "password").
# filter_parameter_logging :password
+
+ protected
+ def authorize
+ unless User.find_by_id(session[:user_id])
+ session[:original_uri] = request.request_uri
+ flash[:notice] = "Please log in"
+ redirect_to :controller => 'admin', 'action' => 'login'
+ end
+ end
end