I''m using the acts_as_authenticated plugin with a little app I wrote. Everything works fine. I''m able to "signup" and use all the little features. What I would like to do is be able to have each individual user have access only to his or her own content. I just have two models; User and Item. The User item is of course generated by the AAA plugin. class Item < ActiveRecord::Base end class User < ActiveRecord::Base # Virtual attribute for the unencrypted password attr_accessor :password #lots of omitted code end In my controller: class ItemsController < ApplicationController def new @item = Item.new end #other ommited code end How would I change my setup so that a user can only create/update/delete/view only his or her own items and not someone else''s? Any advice or resources pointed to is greatly appreciated. :) -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 2/6/07, I''m not Telling you <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > I''m using the acts_as_authenticated plugin with a little app I wrote. > Everything works fine. I''m able to "signup" and use all the little > features. What I would like to do is be able to have each individual > user have access only to his or her own content. I just have two models; > User and Item. The User item is of course generated by the AAA plugin. > > > class Item < ActiveRecord::Base > end > > class User < ActiveRecord::Base > # Virtual attribute for the unencrypted password > > attr_accessor :password > > #lots of omitted code > end > > In my controller: > > class ItemsController < ApplicationController > > def new > @item = Item.new > end > > #other ommited code > end > > How would I change my setup so that a user can only > create/update/delete/view only his or her own items and not someone > else''s? Any advice or resources pointed to is greatly appreciated. :)Check the authorization in a before filter in your controllers. AAA provides #authorized? as a hook for this. before_filter :login_required, :only => [:new, :create, :update, :edit, :destroy] def authorized? @item.editable_by? current_user end class Item < AR::Base def editable_by?(user) user && user.id == user_id # sample, replace with your own logic end end -- Rick Olson http://weblog.techno-weenie.net http://mephistoblog.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Rick Olson wrote:> On 2/6/07, I''m not Telling you <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: >> >> class ItemsController < ApplicationController >> else''s? Any advice or resources pointed to is greatly appreciated. :) > Check the authorization in a before filter in your controllers. AAA > provides #authorized? as a hook for this. > > before_filter :login_required, :only => [:new, :create, :update, > :edit, :destroy] > > def authorized? > @item.editable_by? current_user > end > > class Item < AR::Base > def editable_by?(user) > user && user.id == user_id # sample, replace with your own logic > end > end > > -- > Rick Olson > http://weblog.techno-weenie.net > http://mephistoblog.comHey Rick, I really appreciate your response. I am getting a error when I try this code however: "You have a nil object when you didn''t expect it! The error occurred while evaluating nil.editable_by?" :/ I''m a little green around the gills with ruby. However I can see what most of the code is doing. I can see that the editable_by? method in the model takes the user as an argument and then passes the output to the authorized? method in the controller. Is that correct? Any further help is once again appreciated. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---