sirbrillig/application_controller.rb

## application_controller.rb
class ApplicationController < ActionController::Base
  protect_from_forgery

  private
  def current_user
    @current_user ||= User.find(session[:user_id]) if session[:user_id]
  end

  helper_method :current_user

  def authenticate_user
    return redirect_to root_url unless current_user
  end
end

## create_users.rb
class CreateUsers < ActiveRecord::Migration
  def change
    create_table :users do |t|
      t.string :email
      t.string :password_digest
      t.timestamps
      add_column :items, :user_id, :integer
    end
  end
end

## items_controller.rb
class ItemsController < ApplicationController
  before_filter :authenticate_user
  ...
  def edit
    @item = Item.where(id: params[:id], user_id: current_user.id).first
  end
  ...
end

## routes.rb
...
resources :users do
    collection do
      get 'login'
      post 'login'
      get 'logout'
    end
  end
end
...

## user.rb
class User < ActiveRecord::Base
  attr_accessible :email, :password, :password_confirmation
  has_secure_password

  validates :password, :presence => { :on => :create }
  validates :email, :presence => { :on => :create }, :uniqueness => { :case_sensitive => false }

  has_many :items, :dependent => :destroy
end

## users_controller.rb
class UsersController < ApplicationController
  before_filter :authenticate_user, except: [:new, :create, :login]

  def new
    @user = User.new

    respond_to do |format|
      format.html
      format.json { render json: @user }
    end
  end

  def create
    @user = User.new(params[:user])

    respond_to do |format|
      if @user.save
        session[:user_id] = @user.id
        format.html { redirect_to root_url, notice: 'User was successfully created.' }
        format.json { render json: @user, status: :created }
      else
        format.html { render action: "new" }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end

  def edit
    @user = User.find(params[:id])
  end

  def update
    @user = User.find(params[:id])

    respond_to do |format|
      if @user.update_attributes(params[:user])
        format.html { redirect_to root_url, notice: 'User was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end
  def login
    if request.post?
      user = User.find_by_email(params[:user][:email])
      if user && user.authenticate(params[:user][:password])
        session[:user_id] = user.id
        redirect_to root_url, :notice => "You are now logged in!"
      else
        flash.now[:error] = "Invalid email or password."
        @user = User.new
        respond_to do |format|
          format.html
        end
      end
    else
      @user = User.new
      respond_to do |format|
        format.html
      end
    end
  end

  def logout
    session[:user_id] = nil
    redirect_to root_url, :notice => "You are now logged out."
  end
end
	class ApplicationController < ActionController::Base
	protect_from_forgery

	private
	def current_user
	@current_user \|\|= User.find(session[:user_id]) if session[:user_id]
	end

	helper_method :current_user

	def authenticate_user
	return redirect_to root_url unless current_user
	end
	end
	class CreateUsers < ActiveRecord::Migration
	def change
	create_table :users do \|t\|
	t.string :email
	t.string :password_digest
	t.timestamps
	add_column :items, :user_id, :integer
	end
	end
	end
	class ItemsController < ApplicationController
	before_filter :authenticate_user
	...
	def edit
	@item = Item.where(id: params[:id], user_id: current_user.id).first
	end
	...
	end
	...
	resources :users do
	collection do
	get 'login'
	post 'login'
	get 'logout'
	end
	end
	end
	...
	class User < ActiveRecord::Base
	attr_accessible :email, :password, :password_confirmation
	has_secure_password

	validates :password, :presence => { :on => :create }
	validates :email, :presence => { :on => :create }, :uniqueness => { :case_sensitive => false }

	has_many :items, :dependent => :destroy
	end
	class UsersController < ApplicationController
	before_filter :authenticate_user, except: [:new, :create, :login]

	def new
	@user = User.new

	respond_to do \|format\|
	format.html
	format.json { render json: @user }
	end
	end

	def create
	@user = User.new(params[:user])

	respond_to do \|format\|
	if @user.save
	session[:user_id] = @user.id
	format.html { redirect_to root_url, notice: 'User was successfully created.' }
	format.json { render json: @user, status: :created }
	else
	format.html { render action: "new" }
	format.json { render json: @user.errors, status: :unprocessable_entity }
	end
	end
	end

	def edit
	@user = User.find(params[:id])
	end

	def update
	@user = User.find(params[:id])

	respond_to do \|format\|
	if @user.update_attributes(params[:user])
	format.html { redirect_to root_url, notice: 'User was successfully updated.' }
	format.json { head :no_content }
	else
	format.html { render action: "edit" }
	format.json { render json: @user.errors, status: :unprocessable_entity }
	end
	end
	end
	def login
	if request.post?
	user = User.find_by_email(params[:user][:email])
	if user && user.authenticate(params[:user][:password])
	session[:user_id] = user.id
	redirect_to root_url, :notice => "You are now logged in!"
	else
	flash.now[:error] = "Invalid email or password."
	@user = User.new
	respond_to do \|format\|
	format.html
	end
	end
	else
	@user = User.new
	respond_to do \|format\|
	format.html
	end
	end
	end

	def logout
	session[:user_id] = nil
	redirect_to root_url, :notice => "You are now logged out."
	end
	end