diff options
author | Luke Shumaker <shumakl@purdue.edu> | 2014-04-04 20:35:16 -0400 |
---|---|---|
committer | Luke Shumaker <shumakl@purdue.edu> | 2014-04-04 20:35:16 -0400 |
commit | bcfa571b0328a4b3e94479a31c027621ceb86ad5 (patch) | |
tree | ac662a6e8e6be36b311652520b8bcc2a1511741d /app/controllers/sessions_controller.rb | |
parent | d6009eddd6f67a9414ff7d707ae82c053e6653ad (diff) |
Implement the new security mechanism
Diffstat (limited to 'app/controllers/sessions_controller.rb')
-rw-r--r-- | app/controllers/sessions_controller.rb | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 1bae258..a0390ad 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,5 +1,4 @@ class SessionsController < ApplicationController - before_action :set_session, only: [:destroy] # GET /sessions/new def new @@ -41,11 +40,16 @@ class SessionsController < ApplicationController private # Use callbacks to share common setup or constraints between actions. def set_session - #@session = Session.find(cookies[:remember_token]) + @token = Session.hash_token(cookies[:remember_token]) + @session = Session.find_by(token: @token) end # Never trust parameters from the scary internet, only allow the white list through. def session_params params.require(:session).permit(:session_email, :session_user_name, :session_password) end + + def is_owner?(object) + object.user == current_user + end end |