redirect_to :controller => "login", :action => "login"
end
end
+
+ def manager
+ user = User.find_by_id(session[:user_id])
+ unless user and user.manager
+ flash[:notice] = "You must be a manager to access this page"
+ redirect_to :controller => "login", :action => "index"
+ end
+ end
end
class CoitemController < ApplicationController
+
+ # Make sure that the user has logged in before they can take any
+ # action on checked out items
+ before_filter :authorize
+
def index
list
render :action => 'list'
class CustomerController < ApplicationController
+
+ # Make sure that the user has logged in before they can take any action
+ before_filter :authorize
+
def index
list
render :action => 'list'
class GameController < ApplicationController
+
+ # Make sure that the user has logged in before they can take any action
+ before_filter :authorize
+
def index
list
render :action => 'list'
class GamePolicyController < ApplicationController
+
+ # Make sure that the user has logged in before they can take any action
+ before_filter :authorize, :only => [:index, :list, :show]
+
+ # Make sure the user is a manager if they want to modify data
+ before_filter :manager, :only => [:new, :create, :edit, :update, :destroy]
+
def index
list
render :action => 'list'
class GamegenreController < ApplicationController
+
+ # Make sure that a user logs in before doing any action here
+ before_filter :authorize
+
def index
list
render :action => 'list'
class GameplatformController < ApplicationController
+
+ # Make sure that a user logs in before doing any action here
+ before_filter :authorize
+
def index
list
render :action => 'list'
layout "admin"
# Make sure that a user logs in before doing any action here
- before_filter :authorize, :except => :login
+ before_filter :authorize, :only => :index
+
+ # Only managers can do the following actions
+ before_filter :manager, :only => [:add_user, :delete_user, :list_users]
def add_user
@user = User.new(params[:user])
def list_users
@all_users = User.find(:all)
end
+
end
class MediaController < ApplicationController
+
+ # Make sure that a user logs in before doing any action here
+ before_filter :authorize
+
def index
list
render :action => 'list'
class MerchandiseController < ApplicationController
+
+ # Make sure that a user logs in before doing any action here
+ before_filter :authorize
+
def index
list
render :action => 'list'
class PurchaseController < ApplicationController
+ # Make sure that a user logs in before doing any action here
+ before_filter :authorize
+
def index
redirect_to :action => :begin
end
class RentableController < ApplicationController
+
+ # Make sure that a user logs in before doing any action here
+ before_filter :authorize
+
def index
list
render :action => 'list'
class RentablePolicyController < ApplicationController
+
+ # Make sure that a user logs in before doing any action here
+ before_filter :authorize, :only => [:index, :list, :show]
+
+ # Make sure the user is a manager before doing any action specified
+ before_filter :manager, :only => [:new, :create, :edit, :update, :destroy]
+
def index
list
render :action => 'list'
class VideoController < ApplicationController
+
+ # Make sure that a user logs in before doing any action here
+ before_filter :authorize, :except => :login
+
def index
list
render :action => 'list'
class VideoPolicyController < ApplicationController
+
+ # Make sure that a user logs in before doing any action here
+ before_filter :authorize, :only => [:index, :list, :show]
+
+ # Only managers can do the following actions
+ before_filter :manager, :only => [:new, :create, :edit, :update, :destroy]
+
def index
list
render :action => 'list'
class VideogenreController < ApplicationController
+
+ # Make sure that a user logs in before doing any action here
+ before_filter :authorize
+
def index
list
render :action => 'list'
end
def after_destroy
- if User.count.zero?
- raise "Can't delete last user"
+ # We can't delete all of the managers, nor all of the users
+ managers = User.find_all_by_manager(true)
+ if managers.length.zero? or User.count.zero?
+ raise "Can't delete last manager"
end
end
# You can have the root of your site routed by hooking up ''
# -- just remember to delete public/index.html.
- # map.connect '', :controller => "welcome"
+ map.connect '', :controller => "login"
# Allow downloading Web Service WSDL as a file with an extension
# instead of a file named 'wsdl'