Before_filter to restrict user from editing locked item


#1

I have a list of items in which some are locked. if they are locked
then I want to make them not be able to be edited.

how can i set up something like this:

before_filter :locked?(item), :only => [:edit, :update]

def locked?(item)
if item.locked then return false
end

or how should i be doing this?

thanks!


#2

On 9 Nov 2008, at 20:19, Scott K. wrote:

end
Well you can’t pass an argument to a filter like that. you’d have to
fetch the item first (I presume this is all boilerplate stuff so
you’re interested in the one of id params[:id].
Also, returning false from a filter doesn’t do anything any more - you
need to render or redirect to halt the filter chain.

Fred


#3

Frederick C. wrote:

On 9 Nov 2008, at 20:19, Scott K. wrote:

end
Well you can’t pass an argument to a filter like that. you’d have to
fetch the item first (I presume this is all boilerplate stuff so
you’re interested in the one of id params[:id].
Also, returning false from a filter doesn’t do anything any more - you
need to render or redirect to halt the filter chain.

Fred

thanks for the info fred.

i was just thinking that I should probably do the checking to see if an
item is locked in the model before updating. so in item.rb:

before_save :validate

def validate

@user = User.find_by_id(session[:user_id])

if self.locked == 1 && @user.admin == 1
  self.errors.add_to_base("This item is locked and can only be 

edited by an administrator.")
return false
end
end

the only problem i have here is that I am unable to access the session
variable or the “admin?” function in my authenticated_system library.

is there an easy solution to check if a user is an admin from a model?
this way sounds like it might be a little easier then using a
boilerplate.


#4

On Nov 10, 12:58 am, Scott K. removed_email_address@domain.invalid
wrote:

Frederick C. wrote:

thanks for the info fred.

i was just thinking that I should probably do the checking to see if an
item is locked in the model before updating. so in item.rb:

Personally I would keep this in the controller. For example if you had
a cron job that updating items at night or something like that you
wouldn’t want to have to fake up a user for that.

Fred


#5

Frederick C. wrote:

On Nov 10, 12:58�am, Scott K. removed_email_address@domain.invalid
wrote:

Frederick C. wrote:

thanks for the info fred.

i was just thinking that I should probably do the checking to see if an
item is locked in the model before updating. �so in item.rb:

Personally I would keep this in the controller. For example if you had
a cron job that updating items at night or something like that you
wouldn’t want to have to fake up a user for that.

Fred

thanks fred, i put it in the controller and it’s working great.