Hi, I have created an application with two different types of people that may login: students and administrators. I have created a login that redirects users that have logged in depending on their role (student or administrator) to certain pages. How could I now disallow students to simply change the URL and get to the administrator pages? The only way that I could imagine now is to check in every action if session[:me].role == "Administrator" and destroy the session in the other case. Yet again I don''t know that much about Ruby on Rails yet to know about a better way. Thanks for thinking about it! Christoph --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Would this be something I can accomplish with "before_filter"? Christoph --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 8 Feb., 14:28, "ceicke" <e...-eRAwczMsB8g@public.gmane.org> wrote:> Would this be something I can accomplish with "before_filter"? > Christophexactly. add a before_filter to all controllers/actions only admins should be able to access. class Admin < ActionController before_filter :check_authorization (... you actions and stuff) private def check_authorization reditect_to(:controller => "Errors" :action => "not_authorized") unless session[:me].role = "Administrator" end end of course you would have to create an Errors Controller and a not_authorized action with a corresponding view. but maybe you have another action to point to already, for general errors or whatever.... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---