app/controllers/kblog/articles_controller.rb in kblog-0.0.2 vs app/controllers/kblog/articles_controller.rb in kblog-0.0.3

@@ -1,19 +1,17 @@
 require_dependency "kblog/application_controller"
 
 module Kblog
-  class ArticlesController < ApplicationController
+  class ArticlesController < ::ApplicationController
+	layout 'kblog/kblog'
    before_filter :set_blog_user
 	before_filter :set_article, only: [:show, :edit, :update, :destroy]
 	before_filter :authenticate, only: [:edit, :update, :create, :destroy] 
 
 	if Kblog.auth_type == 'basic'
 		http_basic_authenticate_with :name => Kblog.authname, :password => Kblog.authpassword, :except => [:index,:show]
 	end
-	if Kblog.auth_type == 'role'
-		
-	end
 
     # GET /articles
     def index
       @articles = Article.order("created_at DESC").paginate(:page => params[:page], :per_page => 3)
     end
@@ -62,11 +60,12 @@
       def set_article
         @article = Article.find(params[:id])
       end
 
 		def set_blog_user
-			if current_user
+			logger.debug("#{self.class.name}#set_blog_user - start")
+			if defined?(current_user)
 				@blog_user = current_user
 			end
 		end
 
       # Never trust parameters from the scary internet, only allow the white list through.
@@ -74,9 +73,17 @@
 			params[:article]
         #params.require(:article).permit(:title, :content)
       end
 		
 		def authenticate
-			render :status => :forbidden and return unless Article.user_rights(@blog_user)
+			if Kblog.auth_type == 'basic'
+				http_basic_authenticate_with :name => Kblog.authname, :password => Kblog.authpassword, :except => [:index,:show]
+			end
+			if Kblog.auth_type == 'role'
+				unless  Kblog::Article.user_rights(current_user)
+					logger.warn("#{self.class.name}#authenticate - insufficient rights: user: #{current_user}")
+					redirect_to :back, :notice => 'forbidden'
+				end
+			end
 		end	
 	end
 end