This article is for adding a simple security into your administrative namespace. You will have to do step one for each of the controllers in your admin namespace.
This is also where you set up the entry point where your client will log in to the administrative area of your web app.
1 open app/controllers/admin/pages_controller.rb
put this line of code at the top of the class definition
verify :session => :admin, :add_flash => {:notice => “Invalid Access”}, :redirect_to => :admin_users_path
2 run this code in your terminal, in your project directory:
script/generate controller admin/users
3 open the file called app/controllers/admin/users_controller.rb
*Note: You will need to make a separate layout file for the login screen, one that does not have the menu items at the top; the instructions for this point are later in this blog entry.
Put this code into the controller:
#administrative layout designation:
layout “users”
def create
if params[:username] == ‘admin’ && params[:password] == ‘MyPassword’
flash[:notice] = ‘Login successful.’
redirect_to admin_pages_path
session[:admin] = true
else
session[:admin] = nil
flash[:notice] = ‘Login unsuccessful.’
render :action => ‘index’
end
end
def show
flash[:notice] = ‘You have logged out successfully.’
session[:admin] = nil
redirect_to admin_users_path
end
4 create the file app/views/layouts/users.html.erb
Put this into the file:
<%=yield %>
This is the bare minimum that one can put into a layout file, once your public layout is designed, you can copy that layout and build it around the above yield statement, so that your login page looks good.
4 go into this file: app/views/admin/pages/index.html.erb
Make sure this line of code is somewhere near the top of the page. This allows for messages to be passed to the Pages controller from the admin controller–or from any controller to the Pages controller.
<font color=”red”><%= flash[:notice] %></font><br>
5 open up, or create this file: app/views/admin/users/index.html.erb
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″ />
<link rel=”stylesheet” type=”text/css” href=”/stylesheets/admin.css”>
<title>My Company::Administration:Login</title>
</head>
<body>
<h1>My company Administration Login</h1>
<font color=”red”><%= flash[:notice] %></font>
<p>Type your user name and password:</p>
<%=form_tag(‘/admin/users’, :method => :post)%>
<table border=”0″ cellpadding=”0″ cellspacing=”0″>
<tr><td>
<label>User Name:</label></td><td> <%=text_field_tag “username” %></td></tr>
<tr><td><label>Password:</label></td><td> <%=password_field_tag “password” %></td></tr>
<tr><td colspan=”2″ align=”left”><label> </label><%= submit_tag “Log In” %> </td></tr>
</table>
</form>
</body>
</html>
6 open up config/routes.rb
add the following line of code inside the admin namespace, look for this section of routes.rb:
“map.namespace :admin do |admin|”
admin.resources :users
if the user tries to get to /admin/pages without logging in properly, it will redirect the user to /admin/users with a message “Invalid Access”.
7 The path to the login page is:
http://localhost:3000/admin/users
This is an excercise in learning Rails. The seemingly “understood” factor of the flash[:notice] variable being available in the view is a feature of Rails.
Also, the statement “=yield” in Ruby code allowing you to pull html from another view file is a feature of Rails. These are things about Rails that you cannot see objectively, but learn from experience or reading good books.
Enjoy! Let me know if there are any questions or problems using this guide.
