Rails - Sep 2007 - privacy settings validation problem

Hi

I am trying to give privacy settings to my users, I created a
privacy_settings table and model with the following fields:
id
user_id
setting

where setting has three options: public, private and friends and the
user can select an option.

if the user selects, say for example private, then any other user cannot
view his profile.

Another expert helped me with the below methods to accomplish this,
still inspite of the perfectly seeming logic, the validation is not
working and the access is being given to users  irrespective of what the
privacy settings of the user are...


class UserController
    before_filter :verify_privacy, :only => :show

   4. # (...actions code...)

    private
    def verify_privacy
      @user = User.find(params[:id], :include => :privacy_setting)
      return true if @user.privacy_setting.setting = "public"
     return false if @user.privacy_setting.setting = "private"
     if @user.privacy_setting.setting = "friends" and
!@user.is_friends_with?(current_user)
      return false
    end
  end

  class User
    has_one :privacy_setting
    has_many :friendships
    has_many :friends, :through => :friendships #or however you solved
that

  def is_friends_with?(user)
    friends.find(user.id)
 end

  end


Could anyone please guide me on this issue...


Cheers

Cass
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On 9/26/07, Cass Amino
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
>
> Hi
>
> I am trying to give privacy settings to my users, I created a
> privacy_settings table and model with the following fields:
> id
> user_id
> setting
>
> where setting has three options: public, private and friends and the
> user can select an option.
>
> if the user selects, say for example private, then any other user cannot
> view his profile.
>
> Another expert helped me with the below methods to accomplish this,
> still inspite of the perfectly seeming logic, the validation is not
> working and the access is being given to users  irrespective of what the
> privacy settings of the user are...
>
>
> class UserController
>     before_filter :verify_privacy, :only => :show
>
>    4. # (...actions code...)
>
>     private
>     def verify_privacy
>       @user = User.find(params[:id], :include => :privacy_setting)
>       return true if @user.privacy_setting.setting = "public"
This is always true, since you''re doing assignment instead of
comparison. You want ==, not =. The rest of the code will never be
run.
>      return false if @user.privacy_setting.setting = "private"
>      if @user.privacy_setting.setting = "friends" and
> !@user.is_friends_with?(current_user)
>       return false
>     end
>   end
This code is messy. I would suggest pulling this logic into a model
method and creating some proper unit tests. You have many branches
here, so you need to do some testing. For instance, what does this
code do if privacy_setting is blank? Is that what you intend it to do?

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---