object Login {
def login() = {
val from = S.referer.openOr("/")
User.currentUser match {
case Full(_) => // do nothing
case _ =>
def testPwd(user: User, pwd: String): Can[Boolean] =
if (user.password.match_?(pwd)) {
if (user.invalid_?) Failure(user.invalidReason, Empty, Nil)
else {User.logUserIn(user); Full(true)}
//Full(true)
} else Failure("Password mis-match", Empty, Nil)
(for (email <- S.param("username") ?~ "No Username";
pwd <- S.param("password") ?~ "No Password";
user <- User.find(By(User.email, email)) ?~ "User Not Found";
success <- testPwd(user, pwd)) yield {
user
}) match {
case Full(user) => S.notice("Welcome: "+user.niceName)
if (!user.validated) {
S.notice("Until your registration is confirmed, you cannot edit
pages in the wiki")
}
case Failure(msg, _, _) => S.error(msg)
case _ => S.error("Not logged In")
}
}
Full(RedirectResponse(from))
}
def logout() = {
val from = S.referer.openOr("/")
User.logoutCurrentUser
S.notice("Logged Out")
Full(RedirectResponse(from))
}
}
On Tue, Oct 21, 2008 at 2:05 PM, Derek Chen-Becker <[EMAIL PROTECTED]>wrote:
> A followup question. If I want to redirect back to the original page that
> prompted the login redirect, how would I get that? I know I can get use
> S.uri to get everything but the query string, but do I need to dig deeper
> into the actual HttpServletRequest to get at everything after the host
> portion?
>
> Thanks,
>
> Derek
>
>
> On Tue, Oct 21, 2008 at 2:21 PM, Derek Chen-Becker <[EMAIL PROTECTED]>wrote:
>
>> OK, that makes sense. Sometimes when you have a hammer everything looks
>> like a nail :)
>>
>>
>> On Tue, Oct 21, 2008 at 2:05 PM, David Pollak <
>> [EMAIL PROTECTED]> wrote:
>>
>>> SessionVars are not available during URL rewriting. URL rewriting takes
>>> place before the session is obtained. This is deliberate because the URL
>>> rewriting takes place before the sessionless dispatch is consulted. This
>>> happens before the session is retrieved/created and the regular flow
>>> happens.
>>>
>>> Access control on an HTML page level should be done in SiteMap.
>>>
>>>
>>> On Tue, Oct 21, 2008 at 1:00 PM, Derek Chen-Becker <
>>> [EMAIL PROTECTED]> wrote:
>>>
>>>> I could have sworn this had been covered recently on the list but I
>>>> can't seem to find it. I'd like to have a rewrite function that checks to
>>>> see if someone is logged in and in the proper role before allowing them to
>>>> get to the page. I had wanted to do this using LiftRules.addRewriteBefore
>>>> combined with two SessionVars that would hold the user name and their roles
>>>> (if logged in). Unfortunately, it looks like SessionVars don't seem to be
>>>> usable inside the rewrite function because the LiftSession hasn't been set
>>>> up yet at that point. I'm I missing something obvious, or does anyone have
>>>> some suggestions for doing it in a different/better way?
>>>>
>>>> Thanks,
>>>>
>>>> Derek
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Lift, the simply functional web framework http://liftweb.net
>>> Collaborative Task Management http://much4.us
>>> Follow me: http://twitter.com/dpp
>>> Git some: http://github.com/dpp
>>>
>>>
>>>
>>
>
> >
>
--
Lift, the simply functional web framework http://liftweb.net
Collaborative Task Management http://much4.us
Follow me: http://twitter.com/dpp
Git some: http://github.com/dpp
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---
