ogredude/application_controller.rb

## application_controller.rb
class ApplicationController < ActionController::Base
  protect_from_forgery
  before_filter :find_states
  helper_method :current_user

  rescue_from CanCan::AccessDenied do |exception|
    flash[:error] = exception.message
    redirect_to root_url
  end

  private
  def current_user_session
    return @current_user_session if defined?(@current_user_session)
    @current_user_session = UserSession.find
  end

  def current_user
    @current_user = current_user_session && current_user_session.record
  end

  def require_user
    unless current_user
      render :nothing => true, :status => 401 and return if request.xhr?
      store_location
      flash[:error] = "You must be logged in to access this page."
      redirect_to login_url
      return false
    end
  end

  def require_no_user
    if current_user
      store_location
      flash[:error] = "You must be logged out to access this page"
      redirect_to user_url(:current)
    end
  end

  def authorize_admin!
    store_location
    unless current_user.admin?
      flash[:alert] = "You must be an admin to do that."
      redirect_back_or_default
    end
  end

  def store_location
    session[:return_to] = request.fullpath
  end

  def redirect_back_or_default(default)
    redirect_to(session[:return_to] || default)
    session[:return_to] = nil
  end

  def find_states
    @states = State.all
  end

end

## files_controller.rb
class FilesController < ApplicationController
  before_filter :require_user

  def show
    asset = Asset.find(params[:id])
    send_file asset.asset.path, :filename => asset.asset_file_name, :content_type => asset.asset_content_type
  end
end

## files_controller_spec.rb
require 'spec_helper'

describe FilesController do
  let(:ticket) { Fabricate(:ticket) }
  let(:user) { Fabricate(:user) }
  let(:path) { Rails.root + "spec/fixtures/speed.txt" }
  let(:asset) { ticket.assets.create(:asset => File.open(path)) }

  before(:each) do
    activate_authlogic
  end

  context "logged out user" do

    it "cannot access assets in a ticket" do
      get "show", :id => asset.id
      response.should redirect_to(login_path)
      flash[:error].should eql("You must be logged in to access this page.")
    end
  end

  context "logged in user" do
    before(:each) do
      sign_in user
    end

    it "can access assets in a ticket" do
      get "show", :id => asset.id
      response.body.should eql(File.read(path))
    end
  end

end
	class ApplicationController < ActionController::Base
	protect_from_forgery
	before_filter :find_states
	helper_method :current_user

	rescue_from CanCan::AccessDenied do \|exception\|
	flash[:error] = exception.message
	redirect_to root_url
	end

	private
	def current_user_session
	return @current_user_session if defined?(@current_user_session)
	@current_user_session = UserSession.find
	end

	def current_user
	@current_user = current_user_session && current_user_session.record
	end

	def require_user
	unless current_user
	render :nothing => true, :status => 401 and return if request.xhr?
	store_location
	flash[:error] = "You must be logged in to access this page."
	redirect_to login_url
	return false
	end
	end

	def require_no_user
	if current_user
	store_location
	flash[:error] = "You must be logged out to access this page"
	redirect_to user_url(:current)
	end
	end

	def authorize_admin!
	store_location
	unless current_user.admin?
	flash[:alert] = "You must be an admin to do that."
	redirect_back_or_default
	end
	end

	def store_location
	session[:return_to] = request.fullpath
	end

	def redirect_back_or_default(default)
	redirect_to(session[:return_to] \|\| default)
	session[:return_to] = nil
	end

	def find_states
	@states = State.all
	end

	end
	class FilesController < ApplicationController
	before_filter :require_user

	def show
	asset = Asset.find(params[:id])
	send_file asset.asset.path, :filename => asset.asset_file_name, :content_type => asset.asset_content_type
	end
	end
	require 'spec_helper'

	describe FilesController do
	let(:ticket) { Fabricate(:ticket) }
	let(:user) { Fabricate(:user) }
	let(:path) { Rails.root + "spec/fixtures/speed.txt" }
	let(:asset) { ticket.assets.create(:asset => File.open(path)) }

	before(:each) do
	activate_authlogic
	end

	context "logged out user" do

	it "cannot access assets in a ticket" do
	get "show", :id => asset.id
	response.should redirect_to(login_path)
	flash[:error].should eql("You must be logged in to access this page.")
	end
	end

	context "logged in user" do
	before(:each) do
	sign_in user
	end

	it "can access assets in a ticket" do
	get "show", :id => asset.id
	response.body.should eql(File.read(path))
	end
	end

	end