Forum: Ruby on Rails Locking Out User Access

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Andrew F. (Guest)
on 2007-08-03 04:49
(Received via mailing list)
Hi all,

I'm new to rails and this is my first post to this list so apologies
if I'm little slow on a few things.

I have a standard database app with multiple users and a limited
access admin controller. Occasionally, I need to run some very
processor-intensive queries on the database that slow the app to a
crawl. During this time, I would like to lock out users from accessing
the app. Specifically, I want to redirect users accessing any
controller other than the admin controller to a page that says "check
back later".

Currently, I just edit my .htaccess file when I do this. However, I
want to be be able to run an action from my admin controller that does
this for me.

I tried setting a global variable (with a dollar sign) in my admin
controller but none of the other controllers seem to be able to see
it. I can't store the variable in the database either, since the busy
database is the reason I wanted to lock users out in the first place.
I'm also considering just having the action run a shell script but I'm
not really sure how to do this.

If anyone has any ideas, I'd be much obliged.

-- Andrew
Faisal N Jawdat (Guest)
on 2007-08-03 05:12
(Received via mailing list)
On Aug 2, 2007, at 8:48 PM, Andrew F. wrote:
> this for me.
it sounds like you want a filter at the top of the application
controller that checks whether a "redirect all non-admin users" flag
is set and, if so, checks whether the request is coming from a logged
in user who has the admin bit.  the filter should redirect to the
temporary page, and shouldn't run for the login controller (which
you'll need to go to manually, but will let you log in so admin users
can bypass the filter.

you might look at how acts_as_authenticated handles login filters to
provide some guidance on doing one yourself.

-faisal
Jacob A. (Guest)
on 2007-08-03 11:05
(Received via mailing list)
Andrew F. wrote:
> controller other than the admin controller to a page that says "check
> I'm also considering just having the action run a shell script but I'm
> not really sure how to do this.
>
> If anyone has any ideas, I'd be much obliged.

Capistrano has (or had?) a way to disable your web access altogether by
creating a maintenance.html file. With Apache configured correctly all
requests are being served this file when it exists. When the file is
removed the application becomas accessible once more. You should be able
to do something similar.

--
Cheers,
- Jacob A.
This topic is locked and can not be replied to.