Rails - Jul 2006 - Nil.

before_filter :login_required
@session[''user''] ||= {''login'' =>
''guest''}
if @session[''user''].login.downcase != "mohammad" ||
"nick"
  redirect_to :controller => ''login''
end

what''s wrong with this I need this is an admin area is there an eaiser 
way to do this? Or an error proof way.

-- 
Posted via http://www.ruby-forum.com/.

There are a lot of things wrong with this!

On 12/07/2006, at 8:34 AM, Nick wrote:
> before_filter :login_required
> @session[''user''] ||= {''login'' =>
''guest''}
First of all, @session is deprecated. Use session instead.

Second, you can''t just substitute a hash in place of an object like  
this. They don''t work the same way.

> if @session[''user''].login.downcase !=
"mohammad" || "nick"
I think you mean:

   login = session[:user].login.downcase
   if login != ''mohammed'' && login !=
''nick''
     ...

This will fail if you try putting a hash into session[:user] like you  
did above, because you''d then need to do
session[:user][''login'']
rather than session[:user].login.

>   redirect_to :controller => ''login''
You probably want to put a return in here to make sure the rest of  
the method doesn''t get executed.


So, tying this all together and cleaning it up, you probably really  
want something like:

   login = session[:user] && session[:user].login.downcase
   unless [''mohammed'',
''nick''].include?(login)
     redirect_to :controller => ''login''
     return
   end


Cheers,

Pete Yandell
http://9cays.com/