Hi,
In the course of integrating an authentication module (Authlogic) into
my Rails app, I''ve developed the following priority:
''If the current user makes a url request for which they are
ineligible, return the user to the page from which they made their
invalid request.''
One way to get at this is with the following two methods in the
application_controller:
def store_location
session[:return_to] = request.request_uri
end
def redirect_back_or_default(default)
redirect_to(session[:return_to] || default)
session[:return_to] = nil
end
But if I wanted to guarantee that the user was redirected back to any
action from which they made an ineligible request, I would need to
call store_location for every such controller action, which is crazy.
Is there no inexpensive way that Rails will remember every last
request (without resort to session)?
My hope would be for something like:
redirect_to :back
But this is a no-go...
Lille
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
Lille wrote:> Hi, > > In the course of integrating an authentication module (Authlogic) into > my Rails app, I''ve developed the following priority: > > ''If the current user makes a url request for which they are > ineligible, return the user to the page from which they made their > invalid request.'' > > One way to get at this is with the following two methods in the > application_controller: > > def store_location > session[:return_to] = request.request_uri > end > > def redirect_back_or_default(default) > redirect_to(session[:return_to] || default) > session[:return_to] = nil > end > > But if I wanted to guarantee that the user was redirected back to any > action from which they made an ineligible request, I would need to > call store_location for every such controller action, which is crazy.Not crazy at all. Just put it in a before_filter.> > Is there no inexpensive way that Rails will remember every last > request (without resort to session)?Putting it in the session is pretty inexpensive, and probably the right thing to do.> > My hope would be for something like: > > redirect_to :back > > But this is a no-go...Why?> > Lille-- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org Sent from my iPhone -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Jul 2, 2010, at 11:42 AM, Marnen Laibow-Koser wrote:>> My hope would be for something like: >> >> redirect_to :back >> >> But this is a no-go... > > Why?Well, for one thing, you don''t always have an HTTP_REFERER (if the user types a URL into the browser for example). You get this nearly for free with Authlogic anyway. Just modify the example require_user and associated code to fit your needs. -Rob Rob Biedenharn Rob-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org http://AgileConsultingLLC.com/ rab-/VpnD74mH8+00s0LW7PaslaTQe2KTcn/@public.gmane.org http://GaslightSoftware.com/ -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
@Rob - Yes, I see what you''re referring to in the Authlogic example code. I guess I can feel comforted by that... @Marnen, @Rob - ...but isn''t reliance on session expensive, e.g., if I''ve chosen server-side ActiveRecordStore session storage? On Jul 2, 11:51 am, Rob Biedenharn <R...-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org> wrote:> On Jul 2, 2010, at 11:42 AM, Marnen Laibow-Koser wrote: > > >> My hope would be for something like: > > >> redirect_to :back > > >> But this is a no-go... > > > Why? > > Well, for one thing, you don''t always have an HTTP_REFERER (if the > user types a URL into the browser for example). > > You get this nearly for free with Authlogic anyway. Just modify the > example require_user and associated code to fit your needs. > > -Rob > > Rob Biedenharn > R...-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org http://AgileConsultingLLC.com/ > r...-/VpnD74mH8+00s0LW7PaslaTQe2KTcn/@public.gmane.org http://GaslightSoftware.com/-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Jul 2, 2010, at 12:02 PM, Lille wrote:> @Rob - Yes, I see what you''re referring to in the Authlogic example > code. I guess I can feel comforted by that... > > @Marnen, @Rob - ...but isn''t reliance on session expensive, e.g., if > I''ve chosen server-side ActiveRecordStore session storage?Um, compared to what? If the work to instantiate the session from the database, alter a value, and write it base is your bottleneck, I''d say you have one blazingly fast application ;-) I wouldn''t worry about that (at least no yet). You have to load the user info (session + User model) to check the permission anyway so you have to hit the database. -Rob> > On Jul 2, 11:51 am, Rob Biedenharn <R...-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org> > wrote: >> On Jul 2, 2010, at 11:42 AM, Marnen Laibow-Koser wrote: >> >>>> My hope would be for something like: >> >>>> redirect_to :back >> >>>> But this is a no-go... >> >>> Why? >> >> Well, for one thing, you don''t always have an HTTP_REFERER (if the >> user types a URL into the browser for example). >> >> You get this nearly for free with Authlogic anyway. Just modify the >> example require_user and associated code to fit your needs. >> >> -Rob >> >> Rob Biedenharn >> R...-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org http://AgileConsultingLLC.com/ >> r...-/VpnD74mH8+00s0LW7PaslaTQe2KTcn/@public.gmane.org http://GaslightSoftware.com/ > > -- > You received this message because you are subscribed to the Google > Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails- > talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > . > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en > . >Rob Biedenharn Rob-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org http://AgileConsultingLLC.com/ rab-/VpnD74mH8+00s0LW7PaslaTQe2KTcn/@public.gmane.org http://GaslightSoftware.com/ -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Rob, I see what you''re saying, esp., given your comment: "you have to load the user info (session + User model) to check the permission anyway so you have to hit the database" Unlike what I sense is anticipated by the Authlogic example code, I take the following approach in my app: unauthenticated users can use all app functionality up to a certain point, when they have to register (a try-before-you-buy approach.) So, under this approach I have to apply the require_user approach in a before_filter for every action, not just those associated with a few protected pages. This just seems like a lot of work. It''s like adding a layer of authentication goo all over my app and unlike, preferably, enabling authentication as a ''switch'' to my app. Lille On Jul 2, 12:20 pm, Rob Biedenharn <R...-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org> wrote:> On Jul 2, 2010, at 12:02 PM, Lille wrote: > > > @Rob - Yes, I see what you''re referring to in the Authlogic example > > code. I guess I can feel comforted by that... > > > @Marnen, @Rob - ...but isn''t reliance on session expensive, e.g., if > > I''ve chosen server-side ActiveRecordStore session storage? > > Um, compared to what? If the work to instantiate the session from the > database, alter a value, and write it base is your bottleneck, I''d say > you have one blazingly fast application ;-) > > I wouldn''t worry about that (at least no yet). You have to load the > user info (session + User model) to check the permission anyway so you > have to hit the database. > > -Rob > > > > > > > > > On Jul 2, 11:51 am, Rob Biedenharn <R...-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org> > > wrote: > >> On Jul 2, 2010, at 11:42 AM, Marnen Laibow-Koser wrote: > > >>>> My hope would be for something like: > > >>>> redirect_to :back > > >>>> But this is a no-go... > > >>> Why? > > >> Well, for one thing, you don''t always have an HTTP_REFERER (if the > >> user types a URL into the browser for example). > > >> You get this nearly for free with Authlogic anyway. Just modify the > >> example require_user and associated code to fit your needs. > > >> -Rob > > >> Rob Biedenharn > >> R...-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org http://AgileConsultingLLC.com/ > >> r...-/VpnD74mH8+00s0LW7PaslaTQe2KTcn/@public.gmane.org http://GaslightSoftware.com/ > > > -- > > You received this message because you are subscribed to the Google > > Groups "Ruby on Rails: Talk" group. > > To post to this group, send email to rubyonrails- > > talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > > . > > For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en > > . > > Rob Biedenharn > R...-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org http://AgileConsultingLLC.com/ > r...-/VpnD74mH8+00s0LW7PaslaTQe2KTcn/@public.gmane.org http://GaslightSoftware.com/-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Jul 2, 2010, at 12:44 PM, Lille wrote:> Rob, > > I see what you''re saying, esp., given your comment: > > "you have to load the user info (session + User model) to check the > permission anyway so you have to hit the database" > > Unlike what I sense is anticipated by the Authlogic example code, I > take the following approach in my app: > > unauthenticated users can use all app functionality up to a certain > point, when they have to register (a try-before-you-buy approach.) > > So, under this approach I have to apply the require_user approach in a > before_filter for every action, not just those associated with a few > protected pages. This just seems like a lot of work. It''s like adding > a layer of authentication goo all over my app and unlike, preferably, > enabling authentication as a ''switch'' to my app. > > LilleIf you only put the before_filter :require_user on those controllers (or scoped to :only => [:some, :actions]), then you only have the overhead for the actions that really need a user. You can also use (I think) skip_session to avoid all the session overhead when you have absolutely no need for it. -Rob> > On Jul 2, 12:20 pm, Rob Biedenharn <R...-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org> > wrote: >> On Jul 2, 2010, at 12:02 PM, Lille wrote: >> >>> @Rob - Yes, I see what you''re referring to in the Authlogic example >>> code. I guess I can feel comforted by that... >> >>> @Marnen, @Rob - ...but isn''t reliance on session expensive, e.g., if >>> I''ve chosen server-side ActiveRecordStore session storage? >> >> Um, compared to what? If the work to instantiate the session from the >> database, alter a value, and write it base is your bottleneck, I''d >> say >> you have one blazingly fast application ;-) >> >> I wouldn''t worry about that (at least no yet). You have to load the >> user info (session + User model) to check the permission anyway so >> you >> have to hit the database. >> >> -Rob >> >> >> >> >> >> >> >>> On Jul 2, 11:51 am, Rob Biedenharn <R...-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org> >>> wrote: >>>> On Jul 2, 2010, at 11:42 AM, Marnen Laibow-Koser wrote: >> >>>>>> My hope would be for something like: >> >>>>>> redirect_to :back >> >>>>>> But this is a no-go... >> >>>>> Why? >> >>>> Well, for one thing, you don''t always have an HTTP_REFERER (if the >>>> user types a URL into the browser for example). >> >>>> You get this nearly for free with Authlogic anyway. Just modify >>>> the >>>> example require_user and associated code to fit your needs. >> >>>> -Rob >> >>>> Rob Biedenharn >>>> R...-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org http://AgileConsultingLLC.com/ >>>> r...-/VpnD74mH8+00s0LW7PaslaTQe2KTcn/@public.gmane.org http://GaslightSoftware.com/ >> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ruby on Rails: Talk" group. >>> To post to this group, send email to rubyonrails- >>> talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org >>> To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org >>> . >>> For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en >>> . >> >> Rob Biedenharn >> R...-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org http://AgileConsultingLLC.com/ >> r...-/VpnD74mH8+00s0LW7PaslaTQe2KTcn/@public.gmane.org http://GaslightSoftware.com/ > > -- > You received this message because you are subscribed to the Google > Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails- > talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > . > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en > . >Rob Biedenharn http://agileconsultingllc.com Rob-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org +1 513-295-4739 Skype: rob.biedenharn -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.