projects
/
cs356-p2-videostore.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add required authorization to all pages
[cs356-p2-videostore.git]
/
app
/
controllers
/
login_controller.rb
diff --git
a/app/controllers/login_controller.rb
b/app/controllers/login_controller.rb
index
9352437
..
f557c3e
100644
(file)
--- a/
app/controllers/login_controller.rb
+++ b/
app/controllers/login_controller.rb
@@
-2,7
+2,10
@@
class LoginController < ApplicationController
layout "admin"
# Make sure that a user logs in before doing any action here
layout "admin"
# Make sure that a user logs in before doing any action here
- before_filter :authorize, :except => :login
+ before_filter :authorize, :only => :index
+
+ # Only managers can do the following actions
+ before_filter :manager, :only => [:add_user, :delete_user, :list_users]
def add_user
@user = User.new(params[:user])
def add_user
@user = User.new(params[:user])
@@
-51,4
+54,5
@@
class LoginController < ApplicationController
def list_users
@all_users = User.find(:all)
end
def list_users
@all_users = User.find(:all)
end
+
end
end