Topic: Auth Plug-in - Could I have done things better?

Hi guys
I wrote a plug-in that is loosely based on Acts as Authenticated and the brilliant railscasts of ryanb on administration

My own plug-in works similar in the sense that logged in user must be flagged as admin via a boolean field in the users table in the DB in order to make changes. But it still allows for normal logged in users to access maybe a members section on the site. I place the following in a controller depending on the senario.

  before_filter :admin_access_required, :only=>[:admin_section]
  before_filter :access_required, :only=>[:member_section]

And here's my plugin
module AuthenticatedUsers

  protected

  # Returns true or false if the user is logged in.
  # Preloads @current_user with the user model if they're logged in.
  def logged_in?
    current_user != :false
  end

  # Accesses the current user from the session.
  def current_user
    @current_user ||= (session[:user_id] && User.find(session[:user_id])) || :false
  end
   
  # Store the given user in the session.
  def current_user=(new_user)
    session[:user_id] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
    @current_user = new_user
  end

  # Check if the user is authorized.
  def authorised?
    true
  end

  # Check if the user is admin.
  def admin?
    current_user.admin?
  end

  # Access is required
  def access_required
    logged_in? && authorised? ? true : access_denied
  end

  # Admin access is required
  def admin_access_required
    logged_in? && admin? ? true :access_denied
  end

  def access_denied
    store_location
    flash[:notice] = "Access denied"
    redirect_to :controller=>"login"
    false
  end

  def store_location
    session[:return_to] = request.request_uri
  end
end


This plug-in isn't 100% complete, but it's doing the job for my site is there any improvements you guys can suggest? Please feel free to use this code if you have any use for it...

Thanx everyone