Finished chapter 11

[depot.git] / app / controllers / application.rb

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 8dfb326615c1fcb91584d95547e664b886173461..fe5e10108c6b113c81ebd84c398559c229a91534 100644 (file)
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -2,14 +2,25 @@
 # Likewise, all the methods added will be available for all controllers.
 
 class ApplicationController < ActionController::Base
+  layout "store"
+  before_filter :authorize, :except => :login
   helper :all # include all helpers, all the time
 
   # See ActionController::RequestForgeryProtection for details
   # Uncomment the :secret if you're not using the cookie session store
-  protect_from_forgery # :secret => 'd7e9713fb540572dab37a045152d442a'
+  protect_from_forgery :secret => 'd7e9713fb540572dab37a045152d442a'
   
   # See ActionController::Base for details 
   # Uncomment this to filter the contents of submitted sensitive data parameters
   # from your application log (in this case, all fields with names like "password"). 
   # filter_parameter_logging :password
+
+  protected
+  def authorize
+    unless User.find_by_id(session[:user_id])
+      session[:original_uri] = request.request_uri
+      flash[:notice] = "Please log in"
+      redirect_to :controller => 'admin', 'action' => 'login'
+    end
+  end
 end