search for: has_role

I have multiple roles in my application. Now I want to block a method for all users except the administrator and a manager. When I do this: before_filter (:check_administrator_role), :only => [:administration] before_filter (:check_taskmanager_role), :only => [:administration] The user must have both roles. How can I change that to an "OR" combination? -- Posted via

I''ve been getting some good feedback on the Authorization plugin (http://www.writertopia.com/developers/authorization). Josh Susser suggested I use exclamation marks when I''m setting roles. The basic ways of setting roles uses the #has_role, #has_no_role, #accepts_role, and #accepts_no_role methods: user.has_role ''site_admin'' user.has_role ''moderator'', group user.has_no_role ''site_admin'' user.has_role ''member'', Group a_mode...

I''m trying to jump on the TDD/BDD bandwagon, but am having trouble understanding how i should mock my user. The user has a habtm relationship to a roles model (acl_system2 plugin), but I''m not sure how to tell rspec about a model. My code: describe UsersController do integrate_views before(:each) do @user = mock_model(User)

...ht forward to setup and should be to use. But when i try to give the same permission on two differents users on the same object i get an error. (Well , Im kinda new to all this rails stuff) r = Red.find(1) u1 = User.find_by_login("ismael") u2 = User.find_by_login("ismael2") u1.has_role "proprio", r u2.has_role "proprio", r ActiveRecord::StatementInvalid: Mysql::Error: Duplicate entry ''5'' for key 1: INSERT INTO roles_users (`updated_at`, `role_id`, `id`, `user_id`, `created_at`) VALUES (''2006-07-11 13:58:35'', 5, 5, 20, '...

...to assign it a value while in the application controller results in an ''undefined method'' error. ApplicationController .... def current_user @cu = ::User.find(session[:rbac_user_id]) || "not logged in" end --- ++Application.rhtml ++ Admin menu <% if current_user.has_role?("Admin") %> menu one menu two <%end%> Apparently the current_user is not created by the time the application.rhtml is rendered. I think it might have something to do with the special nature of the ApplicationController. But, I don''t fully understand what is happen...

...ION=59` m1 = Member.new(:manager => true) m1.save_with_validation(false) m2 = Member.new(:manager => true) m2.save_with_validation(false) m3 = Member.new(:manager => true) m3.save_with_validation(false) `rake db:migrate VERSION=60` Member.find(m1.id).has_role?("manager").should be_true Member.find(m2.id).has_role?("manager").should be_true Member.find(m3.id).has_role?("manager").should be_true end end

...t be_nil end it "should know what role it has" do #User.should end end The last spec is incomplete... basically, I will want the code to be something like this: class User < ActiveRecord::Base has_many :user_roles has_many :roles, :through => :user_roles def has_role?(role) self.roles.count(:conditions => [''name = ?'', role]) > 0 end end How would I spec the last method? Thanks -- dp -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/rspec-users/attachments/20070810/f...

i got two controller (with restful actions) where my code is quite ugly and not very dry. every action looks quite like this: if @logged_user.has_role?("admin") User.find(params[:id) else @logged_user.group.user.find(params[:id]) this is a security check that enforce a simple spec: normal user should read/write information only about their group''s users, but "admin" users can read/write about all users. The other...

.... . . /users/n/destroy But I want to give a User the possibility to delete [him|her]self. Currently the only way I can think of it is this: 1) Remove the filter (*) 2) Re-code the destroy method so: def destroy @user = User.find(params[:id]) if logged_in_user == @user or logged_in_user.has_role?(''administrator'') if @user.destroy flash[:notice] = "User deleted" else flash[:error] = "There was a problem deleting this user." end redirect_to :action => ''index'' end But, is this the best way to do it? Tha...

...ministrator will have extra privileges (administer users, edit pages). The error is: ''Couldn''t find User without an ID'' So the app is looking for a logged in user when the homepage is accessed. Heres my code: site/index view: <% if is_logged_in? and logged_in_user.has_role?(''Moderator'') -%> <%= link_to ''Administer Users'', :controller => ''user'', :action => ''show'' %> <%= link_to '' | Edit pages'', pages_path %> <% end %> application helper:...

...hat will check whats the user role and then based on that return a string / hash / array to the before_filter something like this: class MonqiClassesController < ResourceController::Base before_filter :check_user_access_level , grant_access def check_user_access_level if current_user.has_role?(''staff'') return grant_access = {:only => :index} end end end i am planing on using case and then return the set of actions they can preform maybe there''s a better way or someone already saw that somewhere thanks Ami --~--~---------~--~----~------------...

I am trying to create a null object in my application. I would like to assigned a null user object for anonymous/ mot-logged-in user, i.e. if session variable has nil data. In my User model, I have created a subclass like this: class UnassignedUser < User def save false end def update false end def username "Unassigned" end def county_id

Hi, I have been using the restful_authentication plugin and the default roles setup that it came with. I have a system with 1 admin, 20-30 clients(customers) and 500+ users all of whom can login. I found that often when using certain role-based functions like user.has_role?, mysql would send an IN() query with the id of every user in the system (500+). This seemed a lot of overkill for what it was doing. There''s no overlap between roles, and all of the user types authenticate at the User object level rather than the subclass. Now I''m using STI and r...

Can I set an application wide instance variable that is available for all actions...and their views? eg. class ApplicationController < ActionController::Base @current_user = User.find(session[:user_id]) end and everywhere I can call @current_user.id and I can get that object? Even down in the views? I could not get this to work... Thanks in advance, Jeff -------------- next part

hi all, i''m learning rspec and i can''t figure out how to test if a callback is executed in a model. my model code is: class User < ActiveRecord::Base before_save :encrypt_password ... def encrypt(password) self.class.encrypt(password, salt) end thanks a lot, cs. -- Posted via http://www.ruby-forum.com/.