6

How do you add authentication checks on the /editor/.* routes in Mercury via the mercury-rails gem?

I mean, I know you can:

  • hide the link to the editor when not authenticated.
  • refuse updates from the editor when not authenticated.

But I'd prefer the user be kicked out of the editor incase he/she has a bookmark to the editor and isn't logged in.

PS: Can someone create a mercury-editor tag for this? Otherwise searching for mercury-editor is neigh impossible.

Scott Bartell
  • 2,801
  • 3
  • 24
  • 36
docwhat
  • 11,435
  • 6
  • 55
  • 54

2 Answers2

7

A before_filter method is probably what you would want to use.

You could just add your own controller than inherits from the MercuryController and point the routes to your controller:

In config/routes.rb:

...
match '/editor(/*requested_uri)' => "my_mercury#edit", :as => :mercury_editor
Mercury::Engine.routes
...

And app/controllers/my_mercury_controller.rb

class MyMercuryController < MercuryController
    before_filter :login_required
    def login_required
        ...
    end
end
Will Clark
  • 71
  • 1
3

Looks like now the mercury-rails installer will ask you if you want them to add some authentication code, and if you do it creates

lib/mercury/authentication.rb

module Mercury
  module Authentication

    def can_edit?
      true # check here to see if the user is logged in/has access
    end
  end
end

Where you can run your check code in there. Maybe something like "if user_signed_in? && current_user.admin?"

Josh Crews
  • 779
  • 2
  • 11
  • 21