X-Git-Url: https://git.njae.me.uk/?a=blobdiff_plain;f=app%2Fcontrollers%2Fapplication.rb;h=fe5e10108c6b113c81ebd84c398559c229a91534;hb=893fb158ba822c7ce7f5b3d011a2401e7f974f50;hp=bfb89fde9bf2e1ca70ef9e244d83eba76bec01f6;hpb=28668145b30d983f624bebb24e9ac9c23d9b13cd;p=depot.git

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index bfb89fd..fe5e101 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -2,14 +2,25 @@
 # Likewise, all the methods added will be available for all controllers.
 
 class ApplicationController < ActionController::Base
+  layout "store"
+  before_filter :authorize, :except => :login
   helper :all # include all helpers, all the time
 
   # See ActionController::RequestForgeryProtection for details
   # Uncomment the :secret if you're not using the cookie session store
-  protect_from_forgery # :secret => '3060ab6e75969f85169b8c71cc8a6801'
+  protect_from_forgery :secret => 'd7e9713fb540572dab37a045152d442a'
   
   # See ActionController::Base for details 
   # Uncomment this to filter the contents of submitted sensitive data parameters
   # from your application log (in this case, all fields with names like "password"). 
   # filter_parameter_logging :password
+
+  protected
+  def authorize
+    unless User.find_by_id(session[:user_id])
+      session[:original_uri] = request.request_uri
+      flash[:notice] = "Please log in"
+      redirect_to :controller => 'admin', 'action' => 'login'
+    end
+  end
 end