Rails - Oct 2007 - Administrative user

I was just wondering if anyone has a simplier way on how to handle admin
like functionality. In my app of have many users, but a single user can
be choosen to handle and/or modify user profiles that are associated to
them. The problem is that I actually have some really good security
measures in place, such as :before_filters, that catch any unautorized
users from accesing another account. So to handle this admin like
functionality, I am constantly passing a value along that identifies
this person as an admin. Is there a better way to this? Thanks,

-S
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

In Rails 2.0 preview release, it is easy to have basic http
authentication for admin related pages.

On Oct 25, 10:05 am, Shandy Nantz
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
> I was just wondering if anyone has a simplier way on how to handle admin
> like functionality. In my app of have many users, but a single user can
> be choosen to handle and/or modify user profiles that are associated to
> them. The problem is that I actually have some really good security
> measures in place, such as :before_filters, that catch any unautorized
> users from accesing another account. So to handle this admin like
> functionality, I am constantly passing a value along that identifies
> this person as an admin. Is there a better way to this? Thanks,
>
> -S
> --
> Posted viahttp://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On 10/25/07, Shandy Nantz
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
>
> I was just wondering if anyone has a simplier way on how to handle admin
> like functionality. In my app of have many users, but a single user can
> be choosen to handle and/or modify user profiles that are associated to
> them. The problem is that I actually have some really good security
> measures in place, such as :before_filters, that catch any unautorized
> users from accesing another account. So to handle this admin like
> functionality, I am constantly passing a value along that identifies
> this person as an admin. Is there a better way to this? Thanks,
It depends on how you are passing it around.

I have a system where users log in, but access to some objects is
further protected by a password.  Entering this password allows users
to manage that one object.  Users can be authorized to modify multiple
objects at once.
I use session variables, and set them as such:

    #
    # Return true if the current user can administrate the provided
    # guild.
    #
    def is_guild_admin?(id)
      id = id.id if id.class == Guild
      return false unless session[:guildadmin]
      return true if session[:guildadmin][id.to_s]
      return false
    end

    #
    # Return a list of guild IDs and names this user may administrate.
    #
    def guild_admin_list
      return [] unless session[:guildadmin]

      guilds = []
      session[:guildadmin].each { |key, val|
        guilds << [ key, val ] if val
      }
      guilds
    end

    def become_guild_admin(id, str = nil)
      if id.class == Guild
        str = id.name unless str
        id = id.id
      end
      raise ArgumentError, "str is null and id is not a guild" unless
str
      session[:guildadmin] = {} unless session[:guildadmin]
      session[:guildadmin][id.to_s] = str
    end

    def end_guild_admin(id)
      id = id.id if id.class == Guild
      session[:guildadmin] = {} unless session[:guildadmin]
      session[:guildadmin].delete(id.to_s)
    end

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---