There are a lot of things wrong with this!
On 12/07/2006, at 8:34 AM, Nick wrote:
> before_filter :login_required
> @session[''user''] ||= {''login'' =>
''guest''}
First of all, @session is deprecated. Use session instead.
Second, you can''t just substitute a hash in place of an object like
this. They don''t work the same way.
> if @session[''user''].login.downcase !=
"mohammad" || "nick"
I think you mean:
login = session[:user].login.downcase
if login != ''mohammed'' && login !=
''nick''
...
This will fail if you try putting a hash into session[:user] like you
did above, because you''d then need to do
session[:user][''login'']
rather than session[:user].login.
> redirect_to :controller => ''login''
You probably want to put a return in here to make sure the rest of
the method doesn''t get executed.
So, tying this all together and cleaning it up, you probably really
want something like:
login = session[:user] && session[:user].login.downcase
unless [''mohammed'',
''nick''].include?(login)
redirect_to :controller => ''login''
return
end
Cheers,
Pete Yandell
http://9cays.com/