zxiest/locations_controller.rb

## locations_controller.rb
include LocationsHelper
include SessionsHelper

class LocationsController < ApplicationController
  before_filter :admin_user, :only => [:new, :create, :edit, :destroy]

  def new
  end

  def create
  end

end

## sessions_controller.rb
include SessionsHelper

class SessionsController < ApplicationController
  def new
    @title = "Sign in"

	if !params[:flash].nil? && !params[:flash][:notice].nil?
		flash.now[:notice] = params[:flash][:notice]
	end
  end

  def create
    user = User.authenticate(params[:session][:email], params[:session][:password])

    if (user.nil?)
      flash.now[:error] = "Invalid email/password combination"
      @title = "Sign in"
      render 'new'
    else
		sign_in user
		redirect_back_or root_path
    end
  end

  def destroy
    sign_out
    redirect_to root_path
  end
end

## sessions_helper.rb
module SessionsHelper
	def sign_in(user)
		cookies.permanent.signed[:remember_token] = [user.id, user.salt]
		self.current_user = user
	end

	def sign_out
		cookies.delete(:remember_token)
		self.current_user = nil
	end

	def current_user?(user)
		user == current_user
	end

	def current_user
		@current_user ||= user_from_remember_token
	end

	def current_user=(user)
		@current_user = user
	end

	def signed_in?
		!current_user.nil?
	end

	def authenticate
		deny_access unless signed_in?
	end

	def deny_access
                store_location
		notice =  current_user.nil?? "Please sign in to access this page" : "You must sign in as an admin to access this page"
		redirect_to new_session_path(:flash => { :notice => notice } )
	end

	def redirect_back_or(default)
		redirect_to (session[:return_to] || default)
		clear_return_to
	end

	private
		def user_from_remember_token
			User.authenticate_with_salt(*remember_token)
		end

		def remember_token
			cookies.signed[:remember_token] || [nil, nil]
		end

		def store_location
			session[:return_to] = request.fullpath
		end

		def clear_return_to
			logger.debug "CLEARING SESSION RETURN TO"
			session[:return_to] = nil
		end

		def admin_user
			if current_user.nil? || !current_user.admin?
				deny_access
			end
		end
end
	include LocationsHelper
	include SessionsHelper

	class LocationsController < ApplicationController
	before_filter :admin_user, :only => [:new, :create, :edit, :destroy]

	def new
	end

	def create
	end

	end
	include SessionsHelper

	class SessionsController < ApplicationController
	def new
	@title = "Sign in"

	if !params[:flash].nil? && !params[:flash][:notice].nil?
	flash.now[:notice] = params[:flash][:notice]
	end
	end

	def create
	user = User.authenticate(params[:session][:email], params[:session][:password])

	if (user.nil?)
	flash.now[:error] = "Invalid email/password combination"
	@title = "Sign in"
	render 'new'
	else
	sign_in user
	redirect_back_or root_path
	end
	end

	def destroy
	sign_out
	redirect_to root_path
	end
	end
	module SessionsHelper
	def sign_in(user)
	cookies.permanent.signed[:remember_token] = [user.id, user.salt]
	self.current_user = user
	end

	def sign_out
	cookies.delete(:remember_token)
	self.current_user = nil
	end

	def current_user?(user)
	user == current_user
	end

	def current_user
	@current_user \|\|= user_from_remember_token
	end

	def current_user=(user)
	@current_user = user
	end

	def signed_in?
	!current_user.nil?
	end

	def authenticate
	deny_access unless signed_in?
	end

	def deny_access
	store_location
	notice = current_user.nil?? "Please sign in to access this page" : "You must sign in as an admin to access this page"
	redirect_to new_session_path(:flash => { :notice => notice } )
	end

	def redirect_back_or(default)
	redirect_to (session[:return_to] \|\| default)
	clear_return_to
	end

	private
	def user_from_remember_token
	User.authenticate_with_salt(*remember_token)
	end

	def remember_token
	cookies.signed[:remember_token] \|\| [nil, nil]
	end

	def store_location
	session[:return_to] = request.fullpath
	end

	def clear_return_to
	logger.debug "CLEARING SESSION RETURN TO"
	session[:return_to] = nil
	end

	def admin_user
	if current_user.nil? \|\| !current_user.admin?
	deny_access
	end
	end
	end