3 files changed, 26 insertions, 10 deletions

diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index 507b62f..c3342f3 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -4,14 +4,31 @@ module ControllerExtension::Authentication
   private
 
   included do
-    helper_method :current_user
+    helper_method :current_user, :logged_in?, :admin?
   end
 
   def current_user
     @current_user ||= User.find(session[:user_id]) if session[:user_id]
   end
 
+  def logged_in?
+    !!current_user
+  end
+
   def authorize
-    redirect_to login_url, :alert => "Not authorized" if current_user.nil?
+    access_denied unless logged_in?
   end
+
+  def access_denied
+    redirect_to login_url, :alert => "Not authorized"
+  end
+
+  def admin?
+    current_user && current_user.is_admin?
+  end
+
+  def authorize_admin
+    access_denied unless admin?
+  end
+
 end
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index a06893f..0f5d650 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -66,13 +66,9 @@ class User < CouchRest::Model::Base
     login
   end
 
-=begin
-  def self.current
-    Thread.current[:user]
+  # Since we are storing admins by login, we cannot allow admins to change their login.
+  def is_admin?
+    APP_CONFIG['admins'].include? self.login
   end
-  def self.current=(user)
-    Thread.current[:user] = user
-  end
-=end
 
 end
diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml
index a5397bd..204ba88 100644
--- a/users/app/views/sessions/_nav.html.haml
+++ b/users/app/views/sessions/_nav.html.haml
@@ -1,6 +1,9 @@
-- if current_user
+- if logged_in?
   %li
+    = 'logged in as ' + current_user.login
     = link_to t(:logout), logout_path
+    - if admin?
+      = 'ADMIN' # obviously not like this
 - else
   %li
     = link_to t(:login), login_path