Creating a secure area?

Hi all,

I’d like to create a /members section of my site, which will only be
viewable to members who have logged on. (These members could either be
a
new sub-category of radiant users, or could be a completely different
list,
either stored within the website database, or on the filesystem - I
don’t
really care about the admin so long as the functionality works.)

Has anyone done this? Can you give me some help or instructions to
implement the same?

Thanks a lot,

Jake.

I’m currently doing something similar, although I am using a completely
different user system to what radiant uses as default (it’s basically a
modified version of acts_as_authenticated and authorization plugins).

All I’ve done so far is create some custom tags that allow me to show
content based on a users roles…


USER TAGS

current_user ||= request.session[:user] ? 

User.find(request.session[:user]) : nil

# This creates the <r:current_user/> namespace.
tag "current_user", :for => current_user, :expose => ['username',
                                                      'email',
                                                      'fullname',
                                                      'displayname',
                                                      'fistname',
                                                      'lastname']

tag "if_current_user" do |tag|
  if current_user
    tag.expand
  end
end

tag "unless_current_user" do |tag|
  unless current_user
    tag.expand
  end
end

tag "if_user_has_role" do |tag|
  if current_user && (eval "current_user.is_#{tag.attr['role']}?")
    tag.expand
  end
end

and implement a basic login box that can be shown on all pages:


class AccountBehavior < Behavior::Base

register ‘Account System’

description %{
The Account System behaviour allows users to sign-up, login and
modify their account details
}

def find_page_by_url(url, live = true, clean = false)
@action = url.sub(@page.url, ‘’).sub(//$/, ‘’)
return @page
end

def render_page
case @action
when ‘login’
if request.post?
process_login
else
render_standard_page
end
when ‘logout’
process_logout
when ‘register’
else
render_standard_page
end
end

def render_standard_page
lazy_initialize_parser_and_context
if layout = @page.layout
parse_object(layout)
else
render_page_part(:body)
end
end

def process_login
user = User.authenticate( request.parameters[:username],
request.parameters[:password] )
if user.nil?
#flash.now[:error] = ‘Supplied username or password is incorrect’
else
request.session[:user] = user.id
render_standard_page
end
end

def process_logout
request.session[:user] = nil
render_standard_page
end

def process_register
end

define_tags do

url = request.request_uri unless request.nil?

# This is just for creating the <r:account/> namespace.
tag "account" do |tag|
  tag.expand
end

end

end

my loginbox snippet then has the following:


<r:if_current_user>

Welcome back <r:current_user:fullname />


Not <r:current_user:fullname />? Then please logout


</r:if_current_user>

<r:unless_current_user>

Existing User Login



Username


Password



Why register?





</r:unless_current_user>

I have yet to code the registration form or the ability for users to
modify their details. However, this does allow me to let admin users
login directly from any page and once logged in have a direct link to
the admin area.

Much of the above may be buggy and full of bad practices as I’m fairly
new to Ruby, Rails and especially some of the more advanced stuff that
is going on throughout radiant. I hope it provides some ideas though.

Kev

There is also a nice behaviour for password-based access control to site
pages, which unfortunately, as the mailer one, doesn’t seem to work
out-of-the box with the current radiant release. It has been coded by
Matt
McCray. Hope someone will upgrade those plugins: I’m unable to do it by
myself :frowning:
–M

Hi,
I’ve done something similar based on
auth_generatorhttp://penso.info/rails/auth_generator/,
I created behaviors for:

  • login
  • logout
  • user profile editing
  • invite a friend
  • webiste invitations for emails we already have in our DB
  • Register page
  • restricted behavior - obviously restricting entry to none registered
    users
  • and a Forums and thredas behaviors - which are the initial reason for
    all
    of this

This has entered a very small friendly users test, and hopefuly I’ll be
able
to release it in a week or so.
Dror

Hi Dror,

This sounds exactly the kind of functionality I?d be interested in. If
you
need any more testers, and can hand-hold me a little in installing, I?m
happy to help you test. We have a brand new website for a community
group
that I?m working on, so I have a free reign to work with a group of
sympathetic users. If you?re fine,

I look forward to your release!

Best regards,

Jake.

È +44 (0) 7786 808 800

: HYPER:-(IN:-| "mailto:[email protected]"[email protected]


From: [email protected]
[mailto:[email protected]] On Behalf Of dror tirosh
Sent: 06 September 2006 16:56
To: [email protected]
Subject: Re: [Radiant] Creating a secure area?

Hi,
I’ve done something similar based on HYPER:-(IN:-|
"http://penso.info/rails/auth_generator/"auth_generator, I created
behaviors
for:

  • login
  • logout
  • user profile editing
  • invite a friend
  • webiste invitations for emails we already have in our DB
  • Register page
  • restricted behavior - obviously restricting entry to none registered
    users
  • and a Forums and thredas behaviors - which are the initial reason for
    all
    of this

This has entered a very small friendly users test, and hopefuly I’ll be
able
to release it in a week or so.
Dror

On 9/6/06, Maurizio B. <HYPER:-(IN:-|
"mailto:[email protected]"[email protected]> wrote:

There is also a nice behaviour for password-based access control to site
pages, which unfortunately, as the mailer one, doesn’t seem to work
out-of-the box with the current radiant release. It has been coded by
Matt
McCray. Hope someone will upgrade those plugins: I’m unable to do it by
myself :frowning:

–M

On 9/6/06, :-|evin Ansfield <HYPER:-(IN:-|
mailto:[email protected]” \[email protected]> wrote:

I’m currently doing something similar, although I am using a completely
different user system to what radiant uses as default (it’s basically a
modified version of acts_as_authenticated and authorization plugins).

All I’ve done so far is create some custom tags that allow me to show
content based on a users roles…


Radiant mailing list
HYPER:-(IN:-|
"mailto:[email protected]"[email protected]
HYPER:-(IN:-| “http://lists.radiantcms.org/mailman/listinfo/radiant
\nhttp://lists.radiantcms.org/mailman/listinfo/radiant


No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.12.0/439 - Release Date:
06/09/2006


No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.12.0/439 - Release Date:
06/09/2006