Hello ! I know about the LoginGenerator but I want to write my own login mechanism because I don''t need something powerful and I''m sure that if I write my own login system it''ll fit better my needs ... So I need to be able to use some methods (loggued?, owner? and admin?) everywhere on my website. With these methods I''m able to know if I''ve got to display given things or not or if the user is authorised to perform a given action. My question is where should I put those methods ? What is the best place to use ? I''ve got to use it everywhere in my code ... Those methods only read @session and return true or false, that all. The login is handle by my Members controller. Thank you for help, have a good day ! -- Nicolas Cavigneaux | GPG KeyID : CFE76D24 nico-DRabjd/C3MEdnm+yROfE0A@public.gmane.org | http://www.bounga.org _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
On Jul 4, 2005, at 1:44 PM, Nicolas Cavigneaux wrote:> Hello ! > > I know about the LoginGenerator but I want to write my own login > mechanism because I don''t need something powerful and I''m sure that > if I > write my own login system it''ll fit better my needs ... > > So I need to be able to use some methods (loggued?, owner? and admin?) > everywhere on my website. With these methods I''m able to know if I''ve > got to display given things or not or if the user is authorised to > perform a given action. > My question is where should I put those methods ? What is the best > place > to use ? I''ve got to use it everywhere in my code ... Those methods > only > read @session and return true or false, that all. The login is > handle by > my Members controller. >Sounds to me like the best place for those is in the model. That way, your controller and views (and models) would all have access to the methods. If I were you, I would store the "currently logged-in user" in a session variable: @session[:user] = User.find(id_of_the_user) And then you''d be able to access those methods like this: @session[:user].loggued? @session[:user].admin? etc. The only two caveates are these: 1. Make sure you put the line model :user in your controller (or application controller) or else keeping a User object in the session won''t work. 2. If you try to access those methods without having first set the @session[:user] to something then you''ll get an error saying that the method admin? was not part of NilClass or something like that. To get around it, either make sure you always have a User object in your session, or else set a template object (such as @user = @session [:user] || User.new) in your controller, then access @user in your views and controllers. Duane Johnson (canadaduane) _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
> > 1. Make sure you put the line > model :user > in your controller (or application controller) or else keeping a User > object in the session won''t work. >Can you elaborate on why this is necessary? David
On Jul 4, 2005, at 4:34 PM, David Corbin wrote:>> >> 1. Make sure you put the line >> model :user >> in your controller (or application controller) or else keeping a User >> object in the session won''t work. >> >> > > Can you elaborate on why this is necessary?I can make an educated guess on this one, but I''d appreciate anyone who''s in the know to confirm or correct this. From what I understand, the session objects are re-instantiated before the controller classes are loaded (except the application controller?) and therefore have no class definition in memory at that point unless explicitly declared. Can anyone confirm this or perhaps elaborate? Duane Johnson (canadaduane) _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
> Can you elaborate on why this is necessary? > > I can make an educated guess on this one, but I''d appreciate anyone who''s in > the know to confirm or correct this.You''re basically right, except for the controller mentions. When the session is trying to construct the thingy stored in ''user'', it knows it needs to create a new User (you can use anything for the key). However, if you haven''t added model :user, then your code doesn''t know what User it needs to construct. This may be fixable, it''s being discussed in the ''corridors of power''. ;)> From what I understand, the session objects are re-instantiated before the > controller classes are loaded (except the application controller?) and > therefore have no class definition in memory at that point unless explicitly > declared. > > Can anyone confirm this or perhaps elaborate? > > > Duane Johnson > (canadaduane) > > > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails > > >-- Cheers Koz
On Monday 04 July 2005 07:49 pm, Michael Koziarski wrote:> > Can you elaborate on why this is necessary? > > > > I can make an educated guess on this one, but I''d appreciate anyone who''s > > in the know to confirm or correct this. > > You''re basically right, except for the controller mentions. When the > session is trying to construct the thingy stored in ''user'', it knows > it needs to create a new User (you can use anything for the key). > > However, if you haven''t added model :user, then your code doesn''t > know what User it needs to construct. This may be fixable, it''s > being discussed in the ''corridors of power''. ;) >I take it this is only an issue in a FastCGI (or similar setup where the sessions might be restored in a process other than that which created it)?
Le lundi 04 juillet 2005 à 16:02 -0600, Duane Johnson a écrit :> Sounds to me like the best place for those is in the model. That way, > your controller and views (and models) would all have access to the > methods. If I were you, I would store the "currently logged-in user" > in a session variable: > > > @session[:user] = User.find(id_of_the_user) > > > And then you''d be able to access those methods like this: > > > @session[:user].loggued? > @session[:user].admin? > > > etc.Thanks a lot, I''m gonna try this way :-) Bye. -- Nicolas Cavigneaux | GPG KeyID : CFE76D24 nico-DRabjd/C3MEdnm+yROfE0A@public.gmane.org | http://www.bounga.org _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails