Hi i have a page (assign role to user) in which i can add or remove a role. i have a people model that is tied to the user model with has one role , changing the role changes the person type thus, if you remove a role you can assign one of the 5 roles (admin, manager, instructor, staff, member) here's where i want to make sure that the user( typically an Admin) assign any role for the selected user and wont leave this user without a role. if an Admin forget to assign a role the person (user / member or whatever) become a ghost. how can i make sure the user assign a role BEFORE they can navigate away from the page. i can easily check if user.roles.empty? then flash error and render / redirect but i tried after_filter on the controller which doesnt seem to be doing anything. thanks Ami
on 2008-10-21 18:18
on 2008-10-21 18:24
Ami wrote: > how can i make sure the user assign a role BEFORE they can navigate > away from the page. Basically you can't. The user can navigate away by many means that are out of your control. You are better off coming at the problem from a different direction and, perhaps, having a default role that is there initially and the user either adds another role and removes the default (you can restrict removing the final role) or leaves it at default.
on 2008-10-21 18:34
You can't force someone to do something before leaving a page since there's always the back button, typing in a URL, etc. An after_filter won't be very useful but what about a before_filter? With a before_filter you can check if there are any ghost users and redirect to the user role page to force them to choose a role for the ghost user. So, if they leave the role page after removing a role, they will be taken back to it until they choose a role. Will that work? If you have multiple admins you could store in the session the user that had a role removed and by which logged in admin to prevent it from redirecting admin A to set a role when it was admin B that removed the role.
on 2008-10-21 19:37
on 2008-10-22 07:14
Hi Tim can I assign a default (lowest level) role (member) automatically when the user leaves the page? i was thinking maybe with the use of current_page check that the page has changed and then assign a default role automatically what do you think? Ami On Oct 21, 10:34 am, "Tim P." <firstname.lastname@example.org>
on 2008-10-22 18:58
My first thought was to use a before_filter (only for pages that display member information that could expose a broken role) and check the referer to see if the user came from the roles page. If so, you could find any broken members and give them a default role. Thinking more about it, however, it seems like we're avoiding the cause of the problem and trying to hack it. The real issue is that you shouldn't allow admins to remove someone's role in the first place. I now suggest changing your role page to let the admin change a role (not remove) _ or if you allow multiple roles let them only remove all but the lowest assigned role. Another option would be to keep it as is but check when a role is removed - if that member now has no roles then assign them a default one. I hope these ideas are of use.
on 2008-10-22 21:28
thanks Tim, i wanted to clarify how my app is built: it is based on http://crazyrails.com/how-to-install-restful-authentication/ i have a people STI table (admin, manager, instructor, staff, member) then i have user table (login info) with a has_one: person roles table which is a general 5 records table to store the access level / roles permissions which is a join table between people and roles so changing a role would be actually : select from a drop down then on the controller -> remove the previous role and reassign the selected one i think you're 100% right, i'll see if i can do that, let me know if you can think of anything else thanks man Ami On Oct 22, 10:58 am, Tim P. <email@example.com>