similar to: newbie before_filter question

Working through the Users and Authentication of Learning Rails book (great book, code needs to be proof-read in a few cases, though), I came across this: There''s still one leftover that may be worth addressing, depending on your security needs. The authorization? method has secured the data, and the view no longer shows the user options they can''t really use, but if a

Hello list, I have an app that has a very simple authorization scheme. A person can have many roles and roles can have many people. In my app, I''d like to do before_filter :login_required (since no role name is provided, it accepts any users with credentials) before_filter :login_required ("administrator") (only accepts those with role administrator) before_filter

Don''t know if anyone else has experienced this but I''m having a problem with the access_denied method in Ezra''s ACL access control plugin. It''s working fine (in conjunction with acts_as_authenticated) until it comes across a user it denies access to, in which case it throws the following error: NoMethodError in Admin#index protected method

i got the rails recipes book, i have now an auth system for users without problems, now i want to made a role based acces for my app, im following the "Role Based Authorization" recipe of the book but i cant make it to work even when the tables created and correctly added data manually definig the roles and rights. als i dont know how to define a right for use all the actions in a

Hi I would like to do the following: I have created an admin namespace and the required folders app/admin views/admin etc. And then I wanted all controllers under app/admin to inherit from a controller named AdminController which resists under app/admin/admin.rb instead of inhereting from ApplicationController, so I could better separate between admin and public section. The AdminController

Is there a place where I can put a method that can be accessed in both views and controllers? Here''s the situation, maybe someone can suggest a better way to go about this: I created my own custom login system with email verification and user roles (basically, I tinkered around with SaltedHashLoginGenerator until I finally gave up and wrote my own). One role, of course, is an admin

Hi I''m using Mocha 0.5.3 and I want to stub out a call to Time.now, just like the example in the post http://blog.floehopper.org/articles/2007/06/08/mocha-0-5-released However, trying it in irb gets me the following error: >> require ''mocha'' => true >> Time.stubs(:now).returns(Time.parse(''Thu Feb 01 00:00:00 UTC 2007'')) NoMethodError:

Hi, I just installed Rails 2.0.2 [root@mymachine easyx]# ruby --version ruby 1.8.6 (2007-03-13 patchlevel 0) [i686-linux] [root@mymachine easyrx]# gem install rails --include-dependencies Need to update 16 gems from http://gems.rubyforge.org ................ complete Successfully installed rails-2.0.2 [root@remandev easyrx]# But I''m getting this error in my restful_authentication

I''m not sure why mailman bounced your message (perhaps because you are not subscribed to the mailing list), but I''m glad you have solved your problem. Cheers, James. ---------- Forwarded message ---------- From: mailman-bounces at rubyforge.org <mailman-bounces at rubyforge.org> Date: 14 Oct 2007 17:21 Subject: Content filtered message notification To:

What do I need to do to be able to use an acts_as_authenticated current_user in a model? Is there some sort of include or require I can do some where that would allow this? ********************************************************** Here is what I am trying to do: ********************************************************** class Setting < ActiveRecord::Base before_create :created_by_user #

Hi all, I have a question about this method in my User model: # Returns true for the (saved) user called "admin" def is_the_administrator true if save and name == "admin" end The method returns true if the user''s name is admin. However, I only want to return true if the state of the object is "saved", so I call the save method first. I''m

Friends- Here is another plugin hot off the presses of the three day weekend ;) Its a role based authorization system. I have been talking with Bill Katz about this system so it ties in with his recent announcement as well. Its just my implementation. Its an acl/role type system that can sit on top of the acts_as_authenticated login system or any login system that implements a few

I have been looking at the LoginGenerator gem. Looks great and can be easily modified. However in my app I have two places where people can login, one is for in my case "employees" the other is for "users". They are seperate tables in my database and have many different fields. I have an admin area located at ./sysadmin/ where only "employees" can login, they

Hi all, I am using rails v.2.3.2 and if I put following line to my ApplicationController: include LoginSystem and I moved my login_system.rb to lib folder: module LoginSystem protected def is_logged_in? @logged_in_user = User.find(session[:user]) if session[:user] end def logged_in_user return @logged_in_user if is_logged_in? end def logged_in_user=(user) if

I am using restful_Authentication plugin combined with the built-in http_basic authentication Rails 2.0.2 The following code in my controller seemed to work fine, 1. before_filter :authenticate 2. 3. def authenticate 4. case request.format 5. when Mime::XML, Mime::ATOM 6. if user = authenticate_with_http_basic { |name, pass| User.authenticate(name,

Hi, test "is_admin method is not visible" do get :is_admin assert_??? end is_admin is protected and should stay that way forever. What assertion do I use? M. -- Posted via http://www.ruby-forum.com/.

First off, I''d like to address that I''m n00bs. I''ve read the README and blogs associated with this plugin, and there really isn''t too much documentation. I have the newest version of rails,ruby, and acts_as_authenticated installed. #The setup I set up the acts_as_authenticated in the following manner. *created a table called "accounts" in the

I''m using Shoulda and restful_authentication on Rails3 and whenever I run my tests a before filter for login_required is always triggered, despite my filter being set up as: before_filter :login_required, :only => [:update, :edit, :suspend, :unsuspend, :destroy, :purge] My test is this: context ''A guest to the site'' do context ''on GET to

My application needs to know if a user is an administrator, for security and aesthetic reasons. At the moment, I store true/false in the session by doing the following at login: session[:user_is_admin] = authenticated_user.is_admin? Is this OK to do? Or should I really be doing the following every time: User.find(session[:user_id]).is_admin? (user_id is always in the session too) Is there

I have added roles and roles_users table and updated the model so that my users can have multiple roles. ("Admin" role does always have id = 1). I have added these methods to my application controller. <code> helper_method :is_admin? helper_method :is_user? def is_admin? if @session[''user''] @session[''user''].roles.find(1)