Rails - Jan 2006 - LoginEngine / UserEngine conceptual help

All,

I have a small Intranet app I''m trying to get ready for remote access.
 (I only have 15 or so users for now and I don''t plan to be adding
very many more.).

I have installed the login engine and it seems to be working as
advertized.  (Great job!)

For my needs I don''t want random people to be able to register and get
access to my app, but I will need to register new people every once in
a while.

Using just the login engine is there someway to restrict access to the
signup page to the existing users with logins?  Or better yet just to
myself and one other person?

If not, should I consider also using the user engine and then only
providing a very basic website to anyone who registers but I have not
yet granted advanced rights to?

Thanks
Greg
--
Greg Freemyer
The Norcross Group
Forensics for the 21st Century

I needed to do basically the exact same thing - allow the creation of
users, but not let random people just register.  In my app, I create
all user accounts, so nobody actually signs up.  I started off with
the LoginEngine, but realized that it did quite a bit more than I
needed in this.

I ended up just uninstalling the engine and writing my own..which
involved setting up scaffolding for the User model, and copying the
login_system.rb file.  So not a whole lot of actual writing :)

You could also overwrite the controller to require admin rights to the
registration page.  You''d have to do this with every action you
don''t
want regular users to have access to though.  Might be a good approach
if you anticipate opening the app up to more users in the near future,
but if not, you''re probably better off just doing it yourself. 
Doesn''t take very long at all.

Pat


On 1/16/06, Greg Freemyer <greg.freemyer@gmail.com>
wrote:
> All,
>
> I have a small Intranet app I''m trying to get ready for remote
access.
>  (I only have 15 or so users for now and I don''t plan to be adding
> very many more.).
>
> I have installed the login engine and it seems to be working as
> advertized.  (Great job!)
>
> For my needs I don''t want random people to be able to register and
get
> access to my app, but I will need to register new people every once in
> a while.
>
> Using just the login engine is there someway to restrict access to the
> signup page to the existing users with logins?  Or better yet just to
> myself and one other person?
>
> If not, should I consider also using the user engine and then only
> providing a very basic website to anyone who registers but I have not
> yet granted advanced rights to?
>
> Thanks
> Greg
> --
> Greg Freemyer
> The Norcross Group
> Forensics for the 21st Century
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

I think I''ll try to keep the engine because I have no idea how much
this site will expand in the future.

Based on you comments I found the "protect" method in
user_controller.rb and simply removed "signup'' from the list of
pages
random people can get to.

Now only someone logged in can access the signup page.  I now just
need to add a link to the signup page from one of my normal pages and
I''m done.

I think the only negative with what I did is I modified the core
engine code so if I ever update it to a new version my change will be
lost.

If there is a more maintable method I''d like to hear about it.

Thanks
Greg
On 1/16/06, Pat Maddox <pergesu@gmail.com> wrote:
> I needed to do basically the exact same thing - allow the creation of
> users, but not let random people just register.  In my app, I create
> all user accounts, so nobody actually signs up.  I started off with
> the LoginEngine, but realized that it did quite a bit more than I
> needed in this.
>
> I ended up just uninstalling the engine and writing my own..which
> involved setting up scaffolding for the User model, and copying the
> login_system.rb file.  So not a whole lot of actual writing :)
>
> You could also overwrite the controller to require admin rights to the
> registration page.  You''d have to do this with every action you
don''t
> want regular users to have access to though.  Might be a good approach
> if you anticipate opening the app up to more users in the near future,
> but if not, you''re probably better off just doing it yourself.
> Doesn''t take very long at all.
>
> Pat
>
>
> On 1/16/06, Greg Freemyer <greg.freemyer@gmail.com> wrote:
> > All,
> >
> > I have a small Intranet app I''m trying to get ready for
remote access.
> >  (I only have 15 or so users for now and I don''t plan to be
adding
> > very many more.).
> >
> > I have installed the login engine and it seems to be working as
> > advertized.  (Great job!)
> >
> > For my needs I don''t want random people to be able to
register and get
> > access to my app, but I will need to register new people every once in
> > a while.
> >
> > Using just the login engine is there someway to restrict access to the
> > signup page to the existing users with logins?  Or better yet just to
> > myself and one other person?
> >
> > If not, should I consider also using the user engine and then only
> > providing a very basic website to anyone who registers but I have not
> > yet granted advanced rights to?
> >
> > Thanks
> > Greg
> > --
> > Greg Freemyer
> > The Norcross Group
> > Forensics for the 21st Century
> > _______________________________________________
> > Rails mailing list
> > Rails@lists.rubyonrails.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

--
Greg Freemyer
The Norcross Group
Forensics for the 21st Century

Just create your own login view and don''t add a link to register. You
will
still be able to create the users. See my article on the wiki.

http://wiki.rubyonrails.com/rails/pages/HowToUseUserEngine

The method you will use for creating users is:

/user/new

Hope this works for you.


On 1/16/06 2:06 PM, "Greg Freemyer" <greg.freemyer@gmail.com>
wrote:
> All,
> 
> I have a small Intranet app I''m trying to get ready for remote
access.
>  (I only have 15 or so users for now and I don''t plan to be adding
> very many more.).
> 
> I have installed the login engine and it seems to be working as
> advertized.  (Great job!)
> 
> For my needs I don''t want random people to be able to register and
get
> access to my app, but I will need to register new people every once in
> a while.
> 
> Using just the login engine is there someway to restrict access to the
> signup page to the existing users with logins?  Or better yet just to
> myself and one other person?
> 
> If not, should I consider also using the user engine and then only
> providing a very basic website to anyone who registers but I have not
> yet granted advanced rights to?
> 
> Thanks
> Greg
> --
> Greg Freemyer
> The Norcross Group
> Forensics for the 21st Century
>

Okay newbie question.

When you say create my own view for user/login, do I do that under
vendor/plugins/....

Or do I do that in app/views/user/login.rhtml ?

I don''t currently have any user stuff in my app directory, only in the
vendor/plugins directory.

I''m concerned that any changes I make to vendor/plugins will be lost
if I upgrade the engine.

Thanks
Greg
On 1/16/06, Steve Ross <sross@calicowebdesigns.com>
wrote:
> Just create your own login view and don''t add a link to register.
You will
> still be able to create the users. See my article on the wiki.
>
> http://wiki.rubyonrails.com/rails/pages/HowToUseUserEngine
>
> The method you will use for creating users is:
>
> /user/new
>
> Hope this works for you.
>
>
> On 1/16/06 2:06 PM, "Greg Freemyer"
<greg.freemyer@gmail.com> wrote:
>
> > All,
> >
> > I have a small Intranet app I''m trying to get ready for
remote access.
> >  (I only have 15 or so users for now and I don''t plan to be
adding
> > very many more.).
> >
> > I have installed the login engine and it seems to be working as
> > advertized.  (Great job!)
> >
> > For my needs I don''t want random people to be able to
register and get
> > access to my app, but I will need to register new people every once in
> > a while.
> >
> > Using just the login engine is there someway to restrict access to the
> > signup page to the existing users with logins?  Or better yet just to
> > myself and one other person?
> >
> > If not, should I consider also using the user engine and then only
> > providing a very basic website to anyone who registers but I have not
> > yet granted advanced rights to?
> >
> > Thanks
> > Greg
> > --
> > Greg Freemyer
> > The Norcross Group
> > Forensics for the 21st Century
> >
>
>
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

--
Greg Freemyer
The Norcross Group
Forensics for the 21st Century

If you create your own /app/controllers/user_controller.rb file, and
give it the contents:

class UserController < ApplicationController
  def protect?(action)
    if [''login'',
''forgot_password''].include?(action)
      return false
    else
      return true
    end
  end
end

... this will override the equivalent method within the engine,
removing your need to edit the engine. You can see this in action in
the engines demo movie[1], or in the documentation (section ''Tweaking
Engines'' in the Engines plugin rdoc[2])

- james

[1] http://rails-engines.rubyforge.org/movies/engines_intro.mov
[2] http://api.rails-engines.org/engines/

On 1/16/06, Greg Freemyer <greg.freemyer@gmail.com>
wrote:
> I think I''ll try to keep the engine because I have no idea how
much
> this site will expand in the future.
>
> Based on you comments I found the "protect" method in
> user_controller.rb and simply removed "signup'' from the list
of pages
> random people can get to.
>
> Now only someone logged in can access the signup page.  I now just
> need to add a link to the signup page from one of my normal pages and
> I''m done.
>
> I think the only negative with what I did is I modified the core
> engine code so if I ever update it to a new version my change will be
> lost.
>
> If there is a more maintable method I''d like to hear about it.
>
> Thanks
> Greg
> On 1/16/06, Pat Maddox <pergesu@gmail.com> wrote:
> > I needed to do basically the exact same thing - allow the creation of
> > users, but not let random people just register.  In my app, I create
> > all user accounts, so nobody actually signs up.  I started off with
> > the LoginEngine, but realized that it did quite a bit more than I
> > needed in this.
> >
> > I ended up just uninstalling the engine and writing my own..which
> > involved setting up scaffolding for the User model, and copying the
> > login_system.rb file.  So not a whole lot of actual writing :)
> >
> > You could also overwrite the controller to require admin rights to the
> > registration page.  You''d have to do this with every action
you don''t
> > want regular users to have access to though.  Might be a good approach
> > if you anticipate opening the app up to more users in the near future,
> > but if not, you''re probably better off just doing it
yourself.
> > Doesn''t take very long at all.
> >
> > Pat
> >
> >
> > On 1/16/06, Greg Freemyer <greg.freemyer@gmail.com> wrote:
> > > All,
> > >
> > > I have a small Intranet app I''m trying to get ready for
remote access.
> > >  (I only have 15 or so users for now and I don''t plan to
be adding
> > > very many more.).
> > >
> > > I have installed the login engine and it seems to be working as
> > > advertized.  (Great job!)
> > >
> > > For my needs I don''t want random people to be able to
register and get
> > > access to my app, but I will need to register new people every
once in
> > > a while.
> > >
> > > Using just the login engine is there someway to restrict access
to the
> > > signup page to the existing users with logins?  Or better yet
just to
> > > myself and one other person?
> > >
> > > If not, should I consider also using the user engine and then
only
> > > providing a very basic website to anyone who registers but I have
not
> > > yet granted advanced rights to?
> > >
> > > Thanks
> > > Greg
> > > --
> > > Greg Freemyer
> > > The Norcross Group
> > > Forensics for the 21st Century
> > > _______________________________________________
> > > Rails mailing list
> > > Rails@lists.rubyonrails.org
> > > http://lists.rubyonrails.org/mailman/listinfo/rails
> > >
> > _______________________________________________
> > Rails mailing list
> > Rails@lists.rubyonrails.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
>
>
> --
> Greg Freemyer
> The Norcross Group
> Forensics for the 21st Century
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

On 16 Jan ''06, at 2:34 PM, Steve Ross wrote:
> Just create your own login view and don''t add a link to register.
> You will
> still be able to create the users. See my article on the wiki.
But doesn''t that mean that anyone who can guess the URL of the  
register action can still type it in by hand and register themselves?  
Removing links doesn''t remove functionality.

Changing the permissions of the register action, so that only an  
admin can reach it, seems more secure.

--Jens
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060116/c74b73b8/attachment.html

That works perfectly.

I also created a new /app/view/user/login.rhtml and removed the link.

This is my first exposure to engines and I''m very impressed.

Greg

On 1/16/06, James Adam <james.adam@gmail.com>
wrote:
> If you create your own /app/controllers/user_controller.rb file, and
> give it the contents:
>
> class UserController < ApplicationController
>   def protect?(action)
>     if [''login'',
''forgot_password''].include?(action)
>       return false
>     else
>       return true
>     end
>   end
> end
>
> ... this will override the equivalent method within the engine,
> removing your need to edit the engine. You can see this in action in
> the engines demo movie[1], or in the documentation (section
''Tweaking
> Engines'' in the Engines plugin rdoc[2])
>
> - james
>
> [1] http://rails-engines.rubyforge.org/movies/engines_intro.mov
> [2] http://api.rails-engines.org/engines/
>
> On 1/16/06, Greg Freemyer <greg.freemyer@gmail.com> wrote:
> > I think I''ll try to keep the engine because I have no idea
how much
> > this site will expand in the future.
> >
> > Based on you comments I found the "protect" method in
> > user_controller.rb and simply removed "signup'' from the
list of pages
> > random people can get to.
> >
> > Now only someone logged in can access the signup page.  I now just
> > need to add a link to the signup page from one of my normal pages and
> > I''m done.
> >
> > I think the only negative with what I did is I modified the core
> > engine code so if I ever update it to a new version my change will be
> > lost.
> >
> > If there is a more maintable method I''d like to hear about
it.
> >
> > Thanks
> > Greg
> > On 1/16/06, Pat Maddox <pergesu@gmail.com> wrote:
> > > I needed to do basically the exact same thing - allow the
creation of
> > > users, but not let random people just register.  In my app, I
create
> > > all user accounts, so nobody actually signs up.  I started off
with
> > > the LoginEngine, but realized that it did quite a bit more than I
> > > needed in this.
> > >
> > > I ended up just uninstalling the engine and writing my own..which
> > > involved setting up scaffolding for the User model, and copying
the
> > > login_system.rb file.  So not a whole lot of actual writing :)
> > >
> > > You could also overwrite the controller to require admin rights
to the
> > > registration page.  You''d have to do this with every
action you don''t
> > > want regular users to have access to though.  Might be a good
approach
> > > if you anticipate opening the app up to more users in the near
future,
> > > but if not, you''re probably better off just doing it
yourself.
> > > Doesn''t take very long at all.
> > >
> > > Pat
> > >
> > >
> > > On 1/16/06, Greg Freemyer <greg.freemyer@gmail.com> wrote:
> > > > All,
> > > >
> > > > I have a small Intranet app I''m trying to get ready
for remote access.
> > > >  (I only have 15 or so users for now and I don''t
plan to be adding
> > > > very many more.).
> > > >
> > > > I have installed the login engine and it seems to be working
as
> > > > advertized.  (Great job!)
> > > >
> > > > For my needs I don''t want random people to be able
to register and get
> > > > access to my app, but I will need to register new people
every once in
> > > > a while.
> > > >
> > > > Using just the login engine is there someway to restrict
access to the
> > > > signup page to the existing users with logins?  Or better
yet just to
> > > > myself and one other person?
> > > >
> > > > If not, should I consider also using the user engine and
then only
> > > > providing a very basic website to anyone who registers but I
have not
> > > > yet granted advanced rights to?
> > > >
> > > > Thanks
> > > > Greg
> > > > --
> > > > Greg Freemyer
> > > > The Norcross Group
> > > > Forensics for the 21st Century
> > > > _______________________________________________
> > > > Rails mailing list
> > > > Rails@lists.rubyonrails.org
> > > > http://lists.rubyonrails.org/mailman/listinfo/rails
> > > >
> > > _______________________________________________
> > > Rails mailing list
> > > Rails@lists.rubyonrails.org
> > > http://lists.rubyonrails.org/mailman/listinfo/rails
> > >
> >
> >
> > --
> > Greg Freemyer
> > The Norcross Group
> > Forensics for the 21st Century
> > _______________________________________________
> > Rails mailing list
> > Rails@lists.rubyonrails.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

--
Greg Freemyer
The Norcross Group
Forensics for the 21st Century

It should be noted that these instructions apply to the UserEngine,
which works above the LoginEngine, and of course won''t work with just
the LoginEngine installed.

For the particular problem Greg was dicussing, the LoginEngine (or
generator) provides sufficient restriction to do what he wants.

- james

On 1/16/06, Steve Ross <sross@calicowebdesigns.com>
wrote:
> Just create your own login view and don''t add a link to register.
You will
> still be able to create the users. See my article on the wiki.
>
> http://wiki.rubyonrails.com/rails/pages/HowToUseUserEngine
>
> The method you will use for creating users is:
>
> /user/new
>
> Hope this works for you.
>
>
> On 1/16/06 2:06 PM, "Greg Freemyer"
<greg.freemyer@gmail.com> wrote:
>
> > All,
> >
> > I have a small Intranet app I''m trying to get ready for
remote access.
> >  (I only have 15 or so users for now and I don''t plan to be
adding
> > very many more.).
> >
> > I have installed the login engine and it seems to be working as
> > advertized.  (Great job!)
> >
> > For my needs I don''t want random people to be able to
register and get
> > access to my app, but I will need to register new people every once in
> > a while.
> >
> > Using just the login engine is there someway to restrict access to the
> > signup page to the existing users with logins?  Or better yet just to
> > myself and one other person?
> >
> > If not, should I consider also using the user engine and then only
> > providing a very basic website to anyone who registers but I have not
> > yet granted advanced rights to?
> >
> > Thanks
> > Greg
> > --
> > Greg Freemyer
> > The Norcross Group
> > Forensics for the 21st Century
> >
>
>
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

Do it in your app/view/user/login.rhtml. You''ll have to mirror the one
that
is in the plugin''s directory, but take out what you don''t
want.

You''re right, it''s not a good idea to mess with the
plugin''s code lest your
work be lost in an upgrade.


On 1/16/06 2:41 PM, "Greg Freemyer" <greg.freemyer@gmail.com>
wrote:
> Okay newbie question.
> 
> When you say create my own view for user/login, do I do that under
> vendor/plugins/....
> 
> Or do I do that in app/views/user/login.rhtml ?
> 
> I don''t currently have any user stuff in my app directory, only in
the
> vendor/plugins directory.
> 
> I''m concerned that any changes I make to vendor/plugins will be
lost
> if I upgrade the engine.
> 
> Thanks
> Greg
> On 1/16/06, Steve Ross <sross@calicowebdesigns.com> wrote:
>> Just create your own login view and don''t add a link to
register. You will
>> still be able to create the users. See my article on the wiki.
>> 
>> http://wiki.rubyonrails.com/rails/pages/HowToUseUserEngine
>> 
>> The method you will use for creating users is:
>> 
>> /user/new
>> 
>> Hope this works for you.
>> 
>> 
>> On 1/16/06 2:06 PM, "Greg Freemyer"
<greg.freemyer@gmail.com> wrote:
>> 
>>> All,
>>> 
>>> I have a small Intranet app I''m trying to get ready for
remote access.
>>>  (I only have 15 or so users for now and I don''t plan to
be adding
>>> very many more.).
>>> 
>>> I have installed the login engine and it seems to be working as
>>> advertized.  (Great job!)
>>> 
>>> For my needs I don''t want random people to be able to
register and get
>>> access to my app, but I will need to register new people every once
in
>>> a while.
>>> 
>>> Using just the login engine is there someway to restrict access to
the
>>> signup page to the existing users with logins?  Or better yet just
to
>>> myself and one other person?
>>> 
>>> If not, should I consider also using the user engine and then only
>>> providing a very basic website to anyone who registers but I have
not
>>> yet granted advanced rights to?
>>> 
>>> Thanks
>>> Greg
>>> --
>>> Greg Freemyer
>>> The Norcross Group
>>> Forensics for the 21st Century
>>> 
>> 
>> 
>> _______________________________________________
>> Rails mailing list
>> Rails@lists.rubyonrails.org
>> http://lists.rubyonrails.org/mailman/listinfo/rails
>> 
> 
> 
> --
> Greg Freemyer
> The Norcross Group
> Forensics for the 21st Century
>

Good point. See James?s post earlier. In addition, you can override login in
your /app/controllers/user_controller.rb to

flash[:error] = ?no way, dude?
redirect_to :action => ?index?

Right?


On 1/16/06 2:43 PM, "Jens Alfke" <jens@mooseyard.com> wrote:
> 
> On 16 Jan ''06, at 2:34 PM, Steve Ross wrote:
> 
>> 
>> Just create your own login view and don''t add a link to
register. You will
>>  
>> 
>> still be able to create the users. See my article on the wiki.
>>  
> 
> But doesn''t that mean that anyone who can guess the URL of the
register action
> can still type it in by hand and register themselves? Removing links
doesn''t
> remove functionality.
> 
> Changing the permissions of the register action, so that only an admin can
> reach it, seems more secure.
> 
> --Jens
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060116/caa482d1/attachment.html

Greg Freemyer wrote:
> All,
> 
> I have a small Intranet app I''m trying to get ready for remote
access.
>  (I only have 15 or so users for now and I don''t plan to be adding
> very many more.).
> 
> I have installed the login engine and it seems to be working as
> advertized.  (Great job!)
> 
> For my needs I don''t want random people to be able to register and
get
> access to my app, but I will need to register new people every once in
> a while.
> 
> Using just the login engine is there someway to restrict access to the
> signup page to the existing users with logins?  Or better yet just to
> myself and one other person?
> 
> If not, should I consider also using the user engine and then only
> providing a very basic website to anyone who registers but I have not
> yet granted advanced rights to?
> 
> Thanks
> Greg
> --
> Greg Freemyer
> The Norcross Group
> Forensics for the 21st Century
Why not just remove the controller and associated views? or simply
comment the controller out?

just an idea

-A

-- 
Posted via http://www.ruby-forum.com/.

or set up roles a la 
http://wiki.rubyonrails.com/rails/pages/LoginGeneratorAccessControlList

-A

-- 
Posted via http://www.ruby-forum.com/.

James Adam wrote:
> If you create your own /app/controllers/user_controller.rb file, and
> give it the contents:
> 
> class UserController < ApplicationController
>   def protect?(action)
>     if [''login'',
''forgot_password''].include?(action)
>       return false
>     else
>       return true
>     end
>   end
> end
> 
> ... this will override the equivalent method within the engine,
> removing your need to edit the engine. You can see this in action in
> the engines demo movie[1], or in the documentation (section
''Tweaking
> Engines'' in the Engines plugin rdoc[2])
> 
> - james
> 
> [1] http://rails-engines.rubyforge.org/movies/engines_intro.mov
> [2] http://api.rails-engines.org/engines/
I see that this worked for Greg, but it isn''t working for me.  If I cut
and paste the UserController code above into the named file I can still 
get to the signup form and submit it (when not logged in).  Is there 
something I can to to try and figure out why my user_controller.rb is 
not being mixed in with the one from the plugin?

The log includes:
requiring file 
''./script/../config/../app/controllers/user_controller.rb''
detected RAILS_ROOT, rewriting to
''app/controllers/user_controller.rb''
checking ''login_engine'' for 
./script/../config/../vendor/plugins/login_engine/app/controllers/user_controller.rb
--> found, loading from engine ''login_engine''
finally loading from application: ''user_api.rb''
finally loading from application: 
''./script/../config/../app/controllers/user_controller.rb''

It sure looks like my user_controller.rb file is read, but I certainly 
get to http://localhost:3000/user/signup when I doe not believe that I 
should.  I have tripple checked the file names, the locations of the 
files, the content of the files and restarted WEBrick numerous times to 
no avail.

TIA,
Scott

-- 
Posted via http://www.ruby-forum.com/.

Scott Eade wrote:
> It sure looks like my user_controller.rb file is read, but I certainly 
> get to http://localhost:3000/user/signup when I doe not believe that I 
> should.  I have tripple checked the file names, the locations of the 
> files, the content of the files and restarted WEBrick numerous times to 
> no avail.
> 
> TIA,
> Scott
Does your user.rb file include the LoginEngine and UserEngine libs?

_Kevin

-- 
Posted via http://www.ruby-forum.com/.

Kevin Olbrich wrote:
> Scott Eade wrote:
>> It sure looks like my user_controller.rb file is read, but I certainly 
>> get to http://localhost:3000/user/signup when I doe not believe that I 
>> should.  I have tripple checked the file names, the locations of the 
>> files, the content of the files and restarted WEBrick numerous times to
>> no avail.
>> 
>> TIA,
>> Scott
> 
> Does your user.rb file include the LoginEngine and UserEngine libs?
> 
> _Kevin
I''m just using the user model supplied by LoginEngine, to my knowledge 
it should not be necessary for me to define my own user model in order 
achieve the desired effect - i.e. it works now, but I want to override 
the protect? method so that I can restrict access even further.

Scott

-- 
Posted via http://www.ruby-forum.com/.

In case anyone''s still having problems with controllers/helpers not
being loaded as expected, please try using the latest Engines plugin
release branch version:

  http://opensvn.csie.org/rails_engines/engines/branches/rb_1.0

...give me feedback on the relevant thread on engines-developers, if
you''re having problems. Cheers!

- james

On 1/23/06, Scott Eade <seade@backstagetech.com.au>
wrote:
> Kevin Olbrich wrote:
> > Scott Eade wrote:
> >> It sure looks like my user_controller.rb file is read, but I
certainly
> >> get to http://localhost:3000/user/signup when I doe not believe
that I
> >> should.  I have tripple checked the file names, the locations of
the
> >> files, the content of the files and restarted WEBrick numerous
times to
> >> no avail.
> >>
> >> TIA,
> >> Scott
> >
> > Does your user.rb file include the LoginEngine and UserEngine libs?
> >
> > _Kevin
>
> I''m just using the user model supplied by LoginEngine, to my
knowledge
> it should not be necessary for me to define my own user model in order
> achieve the desired effect - i.e. it works now, but I want to override
> the protect? method so that I can restrict access even further.
>
> Scott
>
> --
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

I was also unable to override the protect? method in the user
controller. I have been successful in overriding other methods for
example the home method. This would lead me to believe that the user
controller that I created is being read in. Any suggestions?

Thanks,
Lorne

On 1/22/06, Scott Eade <seade@backstagetech.com.au>
wrote:
> James Adam wrote:
> > If you create your own /app/controllers/user_controller.rb file, and
> > give it the contents:
> >
> > class UserController < ApplicationController
> >   def protect?(action)
> >     if [''login'',
''forgot_password''].include?(action)
> >       return false
> >     else
> >       return true
> >     end
> >   end
> > end
> >
> > ... this will override the equivalent method within the engine,
> > removing your need to edit the engine. You can see this in action in
> > the engines demo movie[1], or in the documentation (section
''Tweaking
> > Engines'' in the Engines plugin rdoc[2])
> >
> > - james
> >
> > [1] http://rails-engines.rubyforge.org/movies/engines_intro.mov
> > [2] http://api.rails-engines.org/engines/
>
> I see that this worked for Greg, but it isn''t working for me.  If
I cut
> and paste the UserController code above into the named file I can still
> get to the signup form and submit it (when not logged in).  Is there
> something I can to to try and figure out why my user_controller.rb is
> not being mixed in with the one from the plugin?
>
> The log includes:
> requiring file
>
''./script/../config/../app/controllers/user_controller.rb''
> detected RAILS_ROOT, rewriting to
''app/controllers/user_controller.rb''
> checking ''login_engine'' for
>
./script/../config/../vendor/plugins/login_engine/app/controllers/user_controller.rb
> --> found, loading from engine ''login_engine''
> finally loading from application: ''user_api.rb''
> finally loading from application:
>
''./script/../config/../app/controllers/user_controller.rb''
>
> It sure looks like my user_controller.rb file is read, but I certainly
> get to http://localhost:3000/user/signup when I doe not believe that I
> should.  I have tripple checked the file names, the locations of the
> files, the content of the files and restarted WEBrick numerous times to
> no avail.
>
> TIA,
> Scott
>
> --
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>