Topic: Auth Plug-in - Could I have done things better?
My own plug-in works similar in the sense that logged in user must be flagged as admin via a boolean field in the users table in the DB in order to make changes. But it still allows for normal logged in users to access maybe a members section on the site. I place the following in a controller depending on the senario.
before_filter :admin_access_required, :only=>[:admin_section]
before_filter :access_required, :only=>[:member_section]
And here's my plugin
# Returns true or false if the user is logged in.
# Preloads @current_user with the user model if they're logged in.
current_user != :false
# Accesses the current user from the session.
@current_user ||= (session[:user_id] && User.find(session[:user_id])) || :false
# Store the given user in the session.
session[:user_id] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
@current_user = new_user
# Check if the user is authorized.
# Check if the user is admin.
# Access is required
logged_in? && authorised? ? true : access_denied
# Admin access is required
logged_in? && admin? ? true :access_denied
flash[:notice] = "Access denied"
session[:return_to] = request.request_uri
This plug-in isn't 100% complete, but it's doing the job for my site is there any improvements you guys can suggest? Please feel free to use this code if you have any use for it...