Comatose, Authlogic and FCKEditor

2 Aug 2009, by Michael Cindrić

Ok so we are using comatose and Authlogic for an app we are building for a client. We also wanted to use FCKEditor for comatose to give it a little more buzz.

Firstly you need to install Comatose. Go to your project root directory in terminal and type the following.

./script/plugin source http://mattmccray.com/svn/rails/plugins
./script/plugin install comatose
./script/generate comatose_migration
rake migrate

Then you need to install fckEditor. To do so go to the root of your app in terminal and type the following

ruby script/plugin install svn://rubyforge.org//var/svn/fckeditorp/trunk/fckeditor

In the Comatose _form.html.erb page you need to change

<%= f.text_area :body, :rows=>20, :tabindex=>2 %>

to this so that the fckeditor appears when creating and editing pages.

<%= fckeditor_textarea('page', 'body', :width => '100%', :height => '500px') %>

Once you have Comatose and FCKEditor installed and running the final step is to get it all working with Authlogic.

So in your environment.rb file you need to add the following.

Comatose.configure do |config|
  #Custom class we wrote to handle current_user etc 
  config.admin_includes << :user_methodss
  # Calls :login_required as a before_filter
    config.admin_authorization = :require_user
end

This will force comatose to have require a user to be logged in to use the system. The :user_methodss class is a class we wrote to handle the login methods of Autlogic. You can replace this with your own if you want ill include the class we created below.

module UserMethods
  module ClassMethods
    def permission_required(permission_name,actions, notice=nil)
      notice ||= "You don't have access to that part of the site."
      actions = [actions].flatten
      before_filter(:only => actions) { |controller| require_or_redirect(permission_name, controller, notice) }
    end

    def require_or_redirect(permission_name, controller, notice)
      user = controller.send(:current_user)

      if !user.can?(permission_name)
        # @permission_missing is used for should_require_permission test
        controller.instance_variable_set("@permission_missing", true)
        controller.send(:redirect_back_or_to, "/", notice)
      end
    end
  end

  def self.included(base)
    base.extend(ClassMethods)
  end

  protected 

  # Redirects back or if that fails, redirects to the supplied path
  # Also accepts a notice if you want to flash something
  def redirect_back_or_to(path, notice=nil)
    flash[:notice] = notice unless notice.blank?
    begin
      redirect_to :back
    rescue ActionController::RedirectBackError
      redirect_to path
    end
  end

  # Returns the param to use in a find command for objects with a 
  # possible cross-db sort
  def cross_database_order(order, direction, sort_methods_allowed)
    return "#{ order } #{ direction }" if !cross_database_sort?(order, sort_methods_allowed)
  end

  # Returns true if the given order looks like a cross db sort
  # Allowed_methods should be an array of association objects to
  # methods allowed to be called on them.
  def cross_database_sort?(order, allowed_methods)
    return allowed_methods.include?(order)
  end

  # Performs a sort on the given objects by calling methods rather than
  # using a db lookup.
  def cross_database_sort(objects_to_sort, order, direction, sort_methods_allowed)
    if cross_database_sort?(order, sort_methods_allowed)
      methods = order.split(".")
      association_name, method = order.split(".")
      objects_to_sort = objects_to_sort.sort_by do |object| 
        methods.each do |meth|
          next if object.nil?
          object = object.send(meth)
        end
        "#{ object }"
      end
      objects_to_sort.reverse! if direction == "desc"
    end

    return objects_to_sort
  end

  private

  # ActionMailer views don't have access to the request, so we need
  # to set these variables manually.
  def setup_host_for_mail
    ActionMailer::Base.default_url_options[:host] = request.host_with_port
  end

  def logout
    current_user_session.destroy if current_user_session
  end

  def current_user_session
    return @current_user_session if defined?(@current_user_session)
    @current_user_session = UserSession.find
  end

  def current_user
    return @current_user if defined?(@current_user)
    @current_user = current_user_session && current_user_session.user
  end

  def require_user
    unless current_user
      store_location
      flash[:notice] = "You must be logged in to access this page"
      redirect_to new_user_session_url
      return false
    end
  end

  def require_no_user
    if current_user
      store_location
      flash[:notice] = "You must be logged out to access this page"
      redirect_to "/"
      return false
    end
  end

  def store_location
    session[:return_to] = request.request_uri
  end

  def redirect_back_or_default(default)
    redirect_to(session[:return_to] || default)
    session[:return_to] = nil
  end
end

Worth noting the "ss" in user_methodss is not a mistake. Because of the way Comatose handles the string/symbol you pass in it wouldn't render :user_methods but instead looked for :users_methods which was incorrect so this was our little hack to get around that.


Cookies help us deliver our services. By using our services, you agree to our use of cookies.