Hi, I ask your advice in the following. I have some scaffolded components and I want group them into an admin page where user must log in first to access these pages. I''ve made my login controller. My question is how to integrate authorization check to the existing scaffold pages (without much modifications)? Is there a general way to include user pre-check function into them? Thanks in advance, Gábor
On Sat, Apr 23, 2005 at 12:25:20PM +0200, Gábor SEBESTYÉN wrote:> Hi, > > I ask your advice in the following. I have some scaffolded components > and I want group them into an admin page where user must log in first > to access these pages. > > I''ve made my login controller. My question is how to integrate > authorization check to the existing scaffold pages (without much > modifications)? Is there a general way to include user pre-check > function into them?I use the before_filter method to set this up. I have the following in my application.rb. This will do authentication for every method on all controllers except #list, #index and #login --------- class ApplicationController < ActionController::Base model :person before_filter :setup_user before_filter :authorize, :except => [ :list, :index, :login ]; def setup_user @user = @session[:user] end def authorize return true if @user flash[:notice] = "You need to log in for this action" # forward to the current action if login is successful @session[:after_login] = [ :controller => controller_name, :action => action_name, ] redirect_to({ :controller => "person", :action => "login" }) end end ----------- This works for me, and it''s pretty clean, but I''m new to Rails (and Ruby) so there might be a better way. Joost.
I think the simplest and quickest way would be to just use HTTP basic authentication. You could require the /admin path and everything under it, to be authenticated. You might also want to check out this link: http://blogs.23.nu/c0re/stories/7409/ I''ve been meaning to try out what''s described at that link but haven''t had time. There is also a login helper available. On 23-Apr-05, at 4:25 AM, Gábor SEBESTYÉN wrote:> Hi, > > I ask your advice in the following. I have some scaffolded components > and I want group them into an admin page where user must log in first > to access these pages. > > I''ve made my login controller. My question is how to integrate > authorization check to the existing scaffold pages (without much > modifications)? Is there a general way to include user pre-check > function into them? > Thanks in advance, > > Gábor_______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
On 2005.04.23., at 14:34, Joost Diepenmaat wrote:> I use the before_filter method to set this up. >This way was the winner, thanks! Gábor PS.: HTTP based auth did not match. Superadmin must be able to edit admin users (rights, etc.). _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails