Authentication / Roles

Hello,

I have installed restful_authentication and authentication plugin
( http://code.google.com/p/rails-authorization-plugin/ ) Login, signup
and activation is working, but I find it very difficult to take it
futher from here.

How do I check if a user is logged in and redirect to /login if not?
(for all actions in my messages controller)

The authorization plugin has added a roles table, does anyone have an
example on how to use such a role? Should I add thoose roles from
mysql or the console?

What I am trying to do is very basic - the logged in user should only
CRUD his/her own records /objects. How should that be implemented?
This is an example:

def edit
@blog = Blog.find(params[:id])
end

def update
@blog = Blog.find(params[:id])
if @blog.update_attributes(params[:blog])
redirect_to :controller => ‘blogs’, :action => ‘show’, :id =>
@blog
else
render :action => ‘edit’
end
end

Hope that any of you can help me out here. I am a bit stuck and been
working on this all weekend.

Best regards.
Asbjørn Morell.

Hi,

How do I check if a user is logged in and redirect to /login if not?
(for all actions in my messages controller)

Provided that you have

include AuthenticatedSystem

in either your MessagesController or your application.rb, you can use

before_filter :login_required

in every controller you need to limit to logged in users.

The authorization plugin has added a roles table, does anyone have an
example on how to use such a role? Should I add thoose roles from
mysql or the console?

I tend to add my basic roles either within a migration, or from a
short rake task. Generally I think its preferable not to work directly
in the database layer, because by circumventing Rails/ActiveRecord you
may lose out on validations and the like.

Or do you need examples how to manage roles from the web frontend?

What I am trying to do is very basic - the logged in user should only
CRUD his/her own records /objects. How should that be implemented?

This can often be done quite nicely with a before_filter that loads
the appropriate object, e.g assuming User has_one :blog :

before_filter :load_blog

protected

def load_blog
@blog = current_user.blog
end

and have all your other methods use @blog instead of their own
finders.

Jan

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs