I''ve created an array of hashes in UserController#initialize to
describe
a menu:
@menu_array = [
{:menu => ''home'', :controller =>
''home'', :action => ''send_home''},
{:menu => ''user list'', :action =>
''list''},
{:menu => ''login'', :controller =>
''/user'', :action => ''login''},
{:menu => ''logout'', :controller =>
''/user'', :action => ''logout''}
]
These are cobbled together in my application_helper.rb as:
def construct_horizontal_menu(menu_array)
menu_strings = []
menu_array.each do |menu_item|
menu_text, throw_away = menu_item.delete(:menu)
menu_strings << link_if_authorized(menu_text, menu_item)
end
menu_strings.delete_if{|x| x.strip == ''''}
menu_strings.delete_if {|item| item =~ (user? ? /login/ :
/logout/)}
menu_strings.join('' | '')
end
I don''t have a before_filter in application.rb so nothing is protected
by default. In my UserController, I added:
before_filter :login_required, :except => [:login, :go_home]
The :login action is linked to when a user is not logged in, but not
:go_home. Any idea why?
On a side note, there is a database hit for each of the
link_if_authorized calls. Two questions: 1) is there any way to specify
what role a user must have? 2) is there any way to cache enough
information to reduce redundant database hits?
Thanks for a great plugin!
--
Posted via http://www.ruby-forum.com/.
Does any of the Roles which your logged-in user has have permission to go to the login action? You''ll want to check the database, but i think the default is no for the User role. - james On 1/7/06, Steve Ross <cwdinfo@gmail.com> wrote:> I''ve created an array of hashes in UserController#initialize to describe > a menu: > > @menu_array = [ > {:menu => ''home'', :controller => ''home'', :action => ''send_home''}, > {:menu => ''user list'', :action => ''list''}, > {:menu => ''login'', :controller => ''/user'', :action => ''login''}, > {:menu => ''logout'', :controller => ''/user'', :action => ''logout''} > ] > > These are cobbled together in my application_helper.rb as: > > def construct_horizontal_menu(menu_array) > menu_strings = [] > menu_array.each do |menu_item| > menu_text, throw_away = menu_item.delete(:menu) > menu_strings << link_if_authorized(menu_text, menu_item) > end > menu_strings.delete_if{|x| x.strip == ''''} > menu_strings.delete_if {|item| item =~ (user? ? /login/ : > /logout/)} > menu_strings.join('' | '') > end > > I don''t have a before_filter in application.rb so nothing is protected > by default. In my UserController, I added: > > before_filter :login_required, :except => [:login, :go_home] > > The :login action is linked to when a user is not logged in, but not > :go_home. Any idea why? > > On a side note, there is a database hit for each of the > link_if_authorized calls. Two questions: 1) is there any way to specify > what role a user must have? 2) is there any way to cache enough > information to reduce redundant database hits? > > Thanks for a great plugin! > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
It appears the problem is in the permissions_roles relation. I guess there is a HABTM relationship and I don''t see any implementation that suggests to me how I can modify the roles that have permissions for a given action. I basically want almost everything on this site to be visible to the casual visitor. There is a "membership" area and an "admin" area (which correspond to registered users and admins). When I create action ''foo'' in my controller, what do I do to announce to the user engine that you have do be an "admin" to call foo? Thanks --steve -- Posted via http://www.ruby-forum.com/.
By the default Roles/Permissions that are created, if you login as the default administrator user and go to http://yousite/role/list, you should then see links to edit each Role. Editing the ''User'' Role (the one which is given to new users by default) will then let you modify the permissions associated with that role. The implementation is in the user engine''s permission and role controllers and associated views. To give you some more context: the authorisation mechanism used by the user engine is ''positive permissions''. Each user can have any number of Roles, and associated with each role are a number of Permission objects. Each Permission object represents a particular controller action (generated and updatable by a rake task, or using Permission.sync in your environment.rb). The presents of a relationship between a particular Permission and Role indicates that users with that Role should be allowed to perform the given action. If there is no relationship defined between a Permission and *any* of the Roles of the current user, they are denied access to this action. Thus, by default Users will NOT have permission to perform actions. Each action must be specifically granted. - james On 1/7/06, Steve Ross <cwdinfo@gmail.com> wrote:> It appears the problem is in the permissions_roles relation. I guess > there is a HABTM relationship and I don''t see any implementation that > suggests to me how I can modify the roles that have permissions for a > given action. > > I basically want almost everything on this site to be visible to the > casual visitor. There is a "membership" area and an "admin" area (which > correspond to registered users and admins). When I create action ''foo'' > in my controller, what do I do to announce to the user engine that you > have do be an "admin" to call foo? > > Thanks > > --steve > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >