Access to session data

rick · March 24, 2006, 4:38am

Greetings,

This, I hope, is a simply answered question.

Based on Agile Web D. with Rails (depot application), I’m
developing a single table application for contact info. There is only
an admin side to this, so there’s always authentication.

Part of the info record (member) is changed_by and changed_at which I
automatically want updated. Changed_at looks after itself (yay!);
however changed_by doesn’t. Since I know who is accessing the table
(everyone has a user_name) I’ve stored user_name in the session. I
can retrieve and display this information to the input form that is
collecting the info, so I know that there is session[:user_name].

Getting it into the active record is more difficult. What I have done
is inside the class for member.rb I’ve added a callback method:

def before_save
self.changed_by = “Rick”
end

and this will work. However,

def before_save
self.changed_by = session[:user_name]
end

does not, complaining that session is undefined :-(.

Obviously session is not available everywhere. How do I reference the
session correctly from inside the member class?

All flames and grace welcome.

Regards,

Rick W.

rick · March 24, 2006, 4:53am

On 3/23/06, Rick W. [email protected] wrote:

automatically want updated. Changed_at looks after itself (yay!);
end
session correctly from inside the member class?

The first step to recovery is giving up on accessing the session from
the model.
That way madness lies: The Apologetic Coder - The Daily WTF

However, you do have a number of good options. Here are a couple:

class Something < ActiveRecord::Base
attr_writer :user
def before_save
return false unless @user && @user.can_update(self)
self[:changed_by] = @user
end
end
That assumes that your User model has a method “can_update()” that
checks the user’s permissions.

Then, in your controller, assuming @something is the instance of
Something that you’re manipulating:
@something.user = session[:user]
@something.save

Another alternative would look similar, but basically be a wrapper
around save that took a user as a parameter:

def save_by_user(user)
raise SecurityError unless user.can_update(self) rescue nil
self[:changed_by] = user
self.save
end

rick · March 24, 2006, 6:26am

I solved the same problem with some very useful wiki entries and blogs I
found…

http://livsey.org/2005/07/16/adding_created_by_and_updated_by_to_rails
http://wiki.rubyonrails.com/rails/pages/Howto+Add+created_by+and+updated_by

and the accessing session[] from a model is discussed here…

http://www.koziarski.net/archives/2005/07/16/environment