similar to: acl_system help is needed

Hi all, I have a question about this method in my User model: # Returns true for the (saved) user called "admin" def is_the_administrator true if save and name == "admin" end The method returns true if the user''s name is admin. However, I only want to return true if the state of the object is "saved", so I call the save method first. I''m

Thank you in advance for your help. I am relatively new to both Rails and Rspec and I am hoping for some insight from some experienced veterans. Right now I am using Rspec for code that has already been written so that additional functionality can be developed using the BDD method. My problem shows up when I try to spec controllers that are behind the login system. Each page checks for the

Friends- Here is another plugin hot off the presses of the three day weekend ;) Its a role based authorization system. I have been talking with Bill Katz about this system so it ties in with his recent announcement as well. Its just my implementation. Its an acl/role type system that can sit on top of the acts_as_authenticated login system or any login system that implements a few

I have been looking at the LoginGenerator gem. Looks great and can be easily modified. However in my app I have two places where people can login, one is for in my case "employees" the other is for "users". They are seperate tables in my database and have many different fields. I have an admin area located at ./sysadmin/ where only "employees" can login, they

i am trying to create a system so that different users have different priviliges on my application. i was going to modify my authorize function so that i could pass the required role to it and have it check the current user for that role. i am using before_filter and would like to have just one function instead of writing one for each role like so: authorize(role) instead of:

What do I need to do to be able to use an acts_as_authenticated current_user in a model? Is there some sort of include or require I can do some where that would allow this? ********************************************************** Here is what I am trying to do: ********************************************************** class Setting < ActiveRecord::Base before_create :created_by_user #

Don''t know if anyone else has experienced this but I''m having a problem with the access_denied method in Ezra''s ACL access control plugin. It''s working fine (in conjunction with acts_as_authenticated) until it comes across a user it denies access to, in which case it throws the following error: NoMethodError in Admin#index protected method

Can I set an application wide instance variable that is available for all actions...and their views? eg. class ApplicationController < ActionController::Base @current_user = User.find(session[:user_id]) end and everywhere I can call @current_user.id and I can get that object? Even down in the views? I could not get this to work... Thanks in advance, Jeff -------------- next part

My application needs to know if a user is an administrator, for security and aesthetic reasons. At the moment, I store true/false in the session by doing the following at login: session[:user_is_admin] = authenticated_user.is_admin? Is this OK to do? Or should I really be doing the following every time: User.find(session[:user_id]).is_admin? (user_id is always in the session too) Is there

in the Rails Recipes book there is a chapter on role-based authentication. it basically set up priviliges based on what page the user was able to access. i went through the chapter and felt like i got a pretty good understanding of how to do it. now i am needing something a little more advanced though. instead of a per page (or action) i would like to have certain sections on a page either

Hi, I just installed Rails 2.0.2 [root@mymachine easyx]# ruby --version ruby 1.8.6 (2007-03-13 patchlevel 0) [i686-linux] [root@mymachine easyrx]# gem install rails --include-dependencies Need to update 16 gems from http://gems.rubyforge.org ................ complete Successfully installed rails-2.0.2 [root@remandev easyrx]# But I''m getting this error in my restful_authentication

Well, I''m starting on RoR, so I got a Book called simply rails...Following the steps in it sometimes when I try to call a property, the browser shows me the next exception: undefined method `name'' for nil:NilClass I don''t know why...here''s my controller: #Controller starts here class StoriesController < ApplicationController before_filter :login_required,

Does anyone have a sense for how painful the 1.0 -> 1.1 upgrade is going to be for existing apps? I''m finishing up my first real RoR application with Rails 1.0. I can live with it staying at that level, but I really want to use the has_many :through attribute to clean up some of my code. I''m not particularly interested in edge Rails, mainly because the documentation for

Hi, I just have a "best practices" question. I''d like to block users that don''t own a particular resource from performing edit/update/ destroy actions on it. Here''s how I currently do it: ## User has many resources, of different types ------- resource_controller.rb ------- before_filter :require_ownership, :only => [:edit, :update, :destroy] ... public

I''m trying to run a single worker that could perform a periodic task for a given user. >From a controller, I imagine something like: def start_job MiddleMan.ask_work(:worker => :foo_worker, :worker_method => :perform_task, :data => { :user_id = current_user.id }) end def check_job @status = MiddleMan.ask_status(:worker => :foo_worker)[current_user.id] end

I''m using restful_authentication in my app and I have the before filters in my application rhtml: before_filter :login_required around_filter :set_timezone around_filter :catch_errors Currently I have them commented out while rspec''in but I''ll need to add them in my specs. def create @ticket = Ticket.new(params[:ticket]) @ticket.user = current_user if

Hello list, I have an app that has a very simple authorization scheme. A person can have many roles and roles can have many people. In my app, I''d like to do before_filter :login_required (since no role name is provided, it accepts any users with credentials) before_filter :login_required ("administrator") (only accepts those with role administrator) before_filter

Hi! Definite newbie here - I''m working through this like-hate relationship with Ruby and Rails right now... sometimes things work really well (like blobs seem to rock) but other times, I dunno! :-) Anyway, I''d like put in create and update user timestamps on all my primary domain tables and allow them to be updated automatically by ActiveRecord. Coming from Hibernate, I just

what''s the best protection against someone trying to modify an URL in a named route /users/25/posts if the user enter another URL /users/26/posts, he can get acces to user 26 posts unless .. a before_filter is checking the current_user ID but is there any other way to do it ? thanks for your lights kad -- Posted via http://www.ruby-forum.com/.

Hi I''m trying to use before_filter to allow access to a site. Only logged in users can view any object in the controller, but only users with a access_level higher than 2 can view specific objects. My code is: ----------------------------------------------------------- IN USER_CONTROLLER before_filter :login_required before_filter :access_granted, :only => [:destroy, :new , :edit]