So now here I am thinking I’m getting incrementally closer to having a
UserEngine setup that works, copying a controller into my app, putting
sitewide authorization in application.rb and assigning privileges on my
“public” controller to Guests and most things seemingly work.
Then I tried logging out to test one of my privileged non-admin users on
a site maintenance page. I accessed /user/logout and the app told me I’m
logged out. But when I then went to a protected URI, instead of being
redirected to /user/login as I am on my development box (which works
absolutely as it should no matter what I throw at it), I am allowed
access. Which either means permissions aren’t working in a dangerous way
(if the code is broken, failure should result in denial, not access), or
I’m not really being logged out despit being presented with HTML that
says I have been.
What versions of Engines, LoginEngine and UserEngine are considered most
likely to work on a Ruby 1.8.2/Rails 1.0.0 box and SwitchTower