Module: Argos::Security

Defined in:
lib/argos/security.rb

Overview

Include this module to provide a security methods #login_required and #current_user.

This methods provide the basic requirements to securing the access to the inherit controllers either by a login user (session) or by rest consume (without session) over oauth.

Example of use:

class ApplicationController < ActionController::Base
  include Argos::Security

end

and use in your own controller

class MyresourceController < ApplicationController
  before_filter :login_required

end

Instance Method Summary (collapse)

Instance Method Details

- (User?) current_user

Retrieve the user from session



45
46
47
48
# File 'lib/argos/security.rb', line 45

def current_user
  return nil unless session[:user_uid]
  @current_user ||= User.find_by_uid(session[:user_uid])
end

- (Object) login_required

Verifies that the user is logged or, in the case of REST consume from another application without human intervention, the credentials are correct. For verify credential this method use oauth 1.0. Verifying the HTTP header "Authorization"

This method is used as filter in your controllers

before_filter :login_required


33
34
35
36
37
38
39
40
41
# File 'lib/argos/security.rb', line 33

def 
  # if oauth authorization, check oauth
  # else current_user
  if rest_consumption?
    check_oauth_authorization
  else
    check_user_in_session
  end
end