Forum: Ruby on Rails problem with nil.user

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Stephen F. (Guest)
on 2009-04-30 00:15
Hi all, I've put new code into my app so that an administrator will have
extra privileges (administer users, edit pages). The error is:

'Couldn't find User without an ID'

So the app is looking for a logged in user when the homepage is
accessed.

Heres my code:

site/index view:

<% if is_logged_in? and logged_in_user.has_role?('Moderator') -%>
    <%= link_to 'Administer Users', :controller => 'user', :action =>
'show' %>
    <%= link_to ' | Edit pages', pages_path %>
    <% end %>

application helper:

  def is_logged_in?
    @logged_in_user = User.find(session[:user_id])
    @logged_in_user ? @logged_in_user : false
  end

  def logged_in_user
    return @logged_in_user if is_logged_in?

How could I change the code to rectify this? Any help would be greatly
appreciated

Steve.
Rick L. (Guest)
on 2009-04-30 00:30
(Received via mailing list)
Try

def is_logged_in?
  @logged_in_user = User.find(session[:user]) if session[:user]
end

On Apr 29, 10:15 am, Stephen F. <removed_email_address@domain.invalid>
Stephen F. (Guest)
on 2009-04-30 01:10
Rick Lloyd wrote:
> Try
>
> def is_logged_in?
>   @logged_in_user = User.find(session[:user]) if session[:user]
> end
>
> On Apr 29, 10:15�am, Stephen F. <removed_email_address@domain.invalid>

Thanks Rick. It worked a treat and also opened up a couple of gaping
holes aswell (which I've managed to rectify!)


Cheers


Stephen.
Jeff B. (Guest)
on 2009-04-30 01:27
(Received via mailing list)
Just to followup if you're interested, .... the error msg from the op
was due to the fact that the call to session[:user_id] returned nil,
and thus calling find(nil) resulted in that error being raised.  If
you wanted to avoid such an error and just have the find call return
nil if not found, one way is to just call find_by_id:

$ ./script/console

>> u = User.find(nil)
ActiveRecord::RecordNotFound: Couldn't find User without an ID
  from /usr/lib/ruby/...
  ...

>> u = User.find_by_id(nil)
=> nil

Jeff

On Apr 29, 2:10 pm, Stephen F. <removed_email_address@domain.invalid>
E. Litwin (Guest)
on 2009-04-30 01:51
(Received via mailing list)
When are you saving the user_id to the session?

You need to force a redirect to a login page if there is no session
[:user_id] and you should also handle the fact that session[:user_id]
may be nil in your is_logged_in? method.

On Apr 29, 1:15 pm, Stephen F. <removed_email_address@domain.invalid>
Stephen F. (Guest)
on 2009-04-30 23:09
E. Litwin wrote:
> When are you saving the user_id to the session?
>
> You need to force a redirect to a login page if there is no session
> [:user_id] and you should also handle the fact that session[:user_id]
> may be nil in your is_logged_in? method.
>

Its saved in the login method:

user = User.find_by_user_name(@user.user_name)

      if user and user.password_matches?(@user.password)
        user.login!(session)
        if @user.remember_me == "1"
          cookies[:remember_me] = { :value   => "1",
                                    :expires => 10.years.from_now }
          user.authorization_token = Digest::SHA1.hexdigest(
                                       "#{user.user_name}:#{user.password}")

I have a redirect if someone  tries to access the admin privileges if
thats what you mean?
E. Litwin (Guest)
on 2009-05-01 00:52
(Received via mailing list)
Just to clarify - are you setting session[:user_id] in the user.login!
(session) call?
The other suggestions on handling a nil session[:user_id] (i.e. using
find_by_id) are the appropriate ways to handle the error.

Eric

On Apr 30, 12:09 pm, Stephen F. <removed_email_address@domain.invalid>
Stephen F. (Guest)
on 2009-05-01 20:11
E. Litwin wrote:
> Just to clarify - are you setting session[:user_id] in the user.login!
> (session) call?
> The other suggestions on handling a nil session[:user_id] (i.e. using
> find_by_id) are the appropriate ways to handle the error.
>
> Eric
>
> On Apr 30, 12:09�pm, Stephen F. <removed_email_address@domain.invalid>

Yes,

#log a user in
  def login!(session)
    session[:user_id] = self.id
  end


Steve
This topic is locked and can not be replied to.