Hi
I''m trying to use before_filter to allow access to a site. Only logged
in users can view any object in the controller, but only users with a
access_level higher than 2 can view specific objects. My code is:
-----------------------------------------------------------
IN USER_CONTROLLER
before_filter :login_required
before_filter :access_granted, :only => [:destroy, :new , :edit]
IN APPLICATION.RB
def logged_in?
! @current_user.blank?
end
helper_method :logged_in?
def login_required
return true if logged_in?
session[:return_to] = request.request_uri
redirect_to :controller => "/account", :action =>
"login" and return
false
end
def access_granted
if @current_user.blank?
return false
else
return (@current_user.access_level == 2)
end
end
helper_method :access_granted
----------------------------------------------------------------
Now the problem is, if you are not logged in, you can''t view anything.
But even if you are logged in and the method (:access_granted) returns
false(I''ve checked that this works), you can still access the object
new. I have to add that the framework was generated using a scaffold
generator.
Is the problem maybe the order in which rails executes the filters?
Thx for any help!
Abraham
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
I think instead of doing all that you could use roles , assign roles whatever access and then authorize based on roles That would make your job easy and also would keep your code clean. just my 2 cents On Fri, Jun 13, 2008 at 5:11 PM, Peet Vosloo < rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > Hi > > I''m trying to use before_filter to allow access to a site. Only logged > in users can view any object in the controller, but only users with a > access_level higher than 2 can view specific objects. My code is: > > ----------------------------------------------------------- > IN USER_CONTROLLER > > before_filter :login_required > before_filter :access_granted, :only => [:destroy, :new , :edit] > > > IN APPLICATION.RB > > def logged_in? > ! @current_user.blank? > end > helper_method :logged_in? > > def login_required > return true if logged_in? > session[:return_to] = request.request_uri > redirect_to :controller => "/account", :action => "login" and return > false > end > > def access_granted > if @current_user.blank? > return false > else > return (@current_user.access_level == 2) > end > end > helper_method :access_granted > > > ---------------------------------------------------------------- > > Now the problem is, if you are not logged in, you can''t view anything. > But even if you are logged in and the method (:access_granted) returns > false(I''ve checked that this works), you can still access the object > new. I have to add that the framework was generated using a scaffold > generator. > > Is the problem maybe the order in which rails executes the filters? > > Thx for any help! > > Abraham > -- > Posted via http://www.ruby-forum.com/. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 13 Jun 2008, at 23:11, Peet Vosloo wrote:> > def access_granted > if @current_user.blank? > return false > else > return (@current_user.access_level == 2) > end > end > helper_method :access_granted > > > ---------------------------------------------------------------- > > Now the problem is, if you are not logged in, you can''t view anything. > But even if you are logged in and the method (:access_granted) returns > false(I''ve checked that this works), you can still access the object > new. I have to add that the framework was generated using a scaffold > generator. >Filters changed in rails 2.0: the return value from them is ignored. A filter stops the chain if and only if it redirects or renders something. Fred --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Frederick Cheung wrote:> On 13 Jun 2008, at 23:11, Peet Vosloo wrote: >> >> ---------------------------------------------------------------- >> >> Now the problem is, if you are not logged in, you can''t view anything. >> But even if you are logged in and the method (:access_granted) returns >> false(I''ve checked that this works), you can still access the object >> new. I have to add that the framework was generated using a scaffold >> generator. >> > Filters changed in rails 2.0: the return value from them is ignored. A > filter stops the chain if and only if it redirects or renders something. > > FredThx alot Fred!!! That really helped... -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---