Displaying 1 result from an estimated 1 matches for "prepend_after_filter".
2006 Jun 07
0
Adding ''author'' functionality to UserEngine / RBAC roles
...#39;Guest'' to read/view all records, and User
additionaly has access to create/edit/destroy, however this means that
any registered user is able to modify any record.
My first thought was to add another filter in the chain after the
UserEngine''s authorize_action. So, I added:
prepend_after_filter :author_permission, :except => [:show, ... ]
In my author_permission i simply check a conditional:
session[:user].id != @object.user_id
And based on that output error messages etc. Now, this seems to work
when I try to call ''edit'' on an object, I get redirected and get my...