add protected user support (temp)

1 files changed, 22 insertions, 1 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 912bbdd..0ed7cf0 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 class ApplicationController < ActionController::Base
   protect_from_forgery
-  before_filter :set_format
+  before_filter :set_format, :check_session
   after_filter :xhtml
 
   protected
@@ -13,6 +13,21 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def authorized_to_show?(user)
+    case
+    when (not user.protected?)
+      true
+    when (not session[:user_id])
+      false
+    when user.id == session[:user_id]
+      true
+    when session[:account].following?(user)
+      true
+    else
+      false
+    end
+  end
+
   private
   def set_format
     unless [:json, :html].include?(request.format.to_sym)
@@ -20,6 +35,12 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def check_session
+    if (session[:user_id] || session[:account]) and not (session[:user_id] && session[:account])
+      reset_session
+    end
+  end
+
   def xhtml
     if request.format == :html
       response.content_type = "application/xhtml+xml"