I have created a ''admin'' controller and all the necessary
definitions
and templates to delete, update and edit records and this is working OK,
but how do I effectively restrict access to these defs'' from all but
the
admin user (called admin)?
Currently I am just using if statements within the defs'' to check if it
is the admin user logged in e.g;
def index
if (@session[:user].login == ''admin'')
#perform actions
end
end
but this produces horrible error messages if accidentally navigated to.
Is there a cleaner way of doing this?
Thanks in advance. Alex.
--
Posted via http://www.ruby-forum.com/.
You need to make use of filters, by using before_filter, and giving it a set of functions you''d like to filter. You can use the :except clause to filter everything but some function, typically index. Thanks. On 5/13/06, Digital Pardoe <digital.pardoe@gmail.com> wrote:> > I have created a ''admin'' controller and all the necessary definitions > and templates to delete, update and edit records and this is working OK, > but how do I effectively restrict access to these defs'' from all but the > admin user (called admin)? > > Currently I am just using if statements within the defs'' to check if it > is the admin user logged in e.g; > > def index > if (@session[:user].login == ''admin'') > #perform actions > end > end > > but this produces horrible error messages if accidentally navigated to. > Is there a cleaner way of doing this? > > Thanks in advance. Alex. > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060513/8f5a04fd/attachment.html
Bryan Duxbury
2006-May-14 02:05 UTC
[Rails] Re: login_generator Restricting Specific Users
If you define an "authorize" function in the admin controller, you can use it to choose if the user is allowed to see the action they''ve requested. If you return true, they''re authorized, false otherwise. For instance: def authorize session[:user].is_admin? end -- Posted via http://www.ruby-forum.com/.
Digital Pardoe
2006-May-14 15:17 UTC
[Rails] Re: login_generator Restricting Specific Users
Bryan Duxbury wrote:> If you define an "authorize" function in the admin controller, you can > use it to choose if the user is allowed to see the action they''ve > requested. If you return true, they''re authorized, false otherwise. For > instance: > > def authorize > session[:user].is_admin? > endHi, Thanks for the quick response, I was wondering if you could give me a more complete example with how to implement your idea with regards to protecting an ''index'' function perhaps because I can''t get it to work at all. Alex -- Posted via http://www.ruby-forum.com/.