Displaying 3 results from an estimated 3 matches for "check_administrator_role".
2008 May 21
8
before_filter with multiple roles
I have multiple roles in my application.
Now I want to block a method for all users except the administrator and
a manager.
When I do this:
before_filter (:check_administrator_role), :only => [:administration]
before_filter (:check_taskmanager_role), :only => [:administration]
The user must have both roles. How can I change that to an "OR"
combination?
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You receiv...
2009 Jun 05
6
rails 2.3.2
Hi all,
I am using rails v.2.3.2 and if I put following line to my
ApplicationController:
include LoginSystem
and I moved my login_system.rb to lib folder:
module LoginSystem
protected
def is_logged_in?
@logged_in_user = User.find(session[:user]) if session[:user]
end
def logged_in_user
return @logged_in_user if is_logged_in?
end
def logged_in_user=(user)
if
2009 Feb 25
3
Secure but elegant destruction method
Hi,-
I am looking for a clean and secure way for an ActiveRecord instance to
delete itself. Say I have a User model in my app. Then the destructive
action would be /users/user_id/destroy. If this action is not secured by
a filter like:
(*) before_filter :check_administrator_role, :only => :destroy
then any user could potentially log in and start issuing:
/users/1/destroy
/users/2/destroy
.
.
.
/users/n/destroy
But I want to give a User the possibility to delete [him|her]self.
Currently the only way I can think of it is this:
1) Remove the filter (*)
2) Re-code the d...