I''m trying to write sort of a short-and-sweet authentication
permissions system. As it is right now, I know how I think I want it
to work but I''m having trouble making it escape the controller action
that was running if validation fails.
Controller in some action:
if belongs_to_current_user?(@article)
# User must have permission to edit their own article
permission_required("article", "edit")
else
# User must have permission to edit other''s articles
permission_required("article", "edit-a")
end
Application controller:
# Denies access to unauthorized users.
def permission_required(cont, code)
unless permission?(cont, code)
flash[:warning] = "You don''t have the permission required
for
access to this function"
redirect_to home_url
return false
end
end
The "return false" I have there, I want it cancel processing from the
action in my controller but it only cancels processing from the rest
of the permission_required method.
I''m at a loss as to how to put code safely after calling
permission_required in my controller, without worrying about it
getting executed anyway after the user is redirected.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
