class NotFound < StandardError; end class ApplicationController < ActionController::Base protect_from_forgery rescue_from(ActiveRecord::RecordNotFound) { render 'exceptions/not_found' } class Unauthorized < Exception; end class Forbiden < Exception; end rescue_from Unauthorized, :with => :unauthorized rescue_from Forbiden, :with => :forbiden helper_method :current_user def current_user @current_user ||= User.find_by_id(session[:user_id]) if session[:user_id] end def current_user=(user) if user @current_user = user session[:user_id] = user.id else @current_user = nil session[:user_id] = nil end end private def ensure_authenticated! raise Unauthorized unless current_user end def forbiden if request.xhr? render :json => "Forbiden", :status => 403 else redirect_to root_path, :alert => "This action is forbiden" end end def unauthorized if request.xhr? render :json => "Unauthorized", :status => 401 else redirect_to login_path, :notice => "Please login" end end end