Before_filter with multiple roles

sschunselaar · May 21, 2008, 2:54pm

I have multiple roles in my application.
Now I want to block a method for all users except the administrator and
a manager.
When I do this:

before_filter (:check_administrator_role), :only => [:administration]
before_filter (:check_taskmanager_role), :only => [:administration]

The user must have both roles. How can I change that to an “OR”
combination?

sschunselaar · May 21, 2008, 3:35pm

On Wed, May 21, 2008 at 8:54 AM, Sjoerd Schunselaar
[email protected] wrote:

combination?
How about

before_filter(:admin_authorized), :only => [:administration]

def admin_authorized
check_administrator_role || check_taskmanager_role
end

or

before_filter :only => [:administration] {|controller, action|
controller.check_administrator_role ||
controller.check_taskmanager_role}

–
Rick DeNatale

My blog on Ruby
http://talklikeaduck.denhaven2.com/

sschunselaar · May 21, 2008, 4:18pm

On 21 May 2008, at 15:12, Sjoerd Schunselaar wrote:

before_filter (:check_administrator_role || :check_taskmanager_role),
:only => [:administration]
You can’t do anything like that. you need to produce a single filter
that performs the check (which seems to be what rick’s suggestion is).

Fred

sschunselaar · May 21, 2008, 4:12pm

Thank you, but both method does not work.
Maby I’m stupid (This is my first month with RoR), but in my application
a user has only one role. So the first method does not work. And the
second method I don’t understand. What do I have to fill in as
controller, and action? Also he said “{” is unexpected at your second
method.

I’ve also tried;
before_filter (:check_administrator_role || :check_taskmanager_role),
:only => [:administration]

Rick Denatale wrote:

On Wed, May 21, 2008 at 8:54 AM, Sjoerd Schunselaar
[email protected] wrote:

combination?
How about

before_filter(:admin_authorized), :only => [:administration]

def admin_authorized
check_administrator_role || check_taskmanager_role
end

or

before_filter :only => [:administration] {|controller, action|
controller.check_administrator_role ||
controller.check_taskmanager_role}

–
Rick DeNatale

My blog on Ruby
http://talklikeaduck.denhaven2.com/

sschunselaar · May 21, 2008, 9:00pm

I was about to suggest something along the lines of Rick’s last
suggestion. Why note create a single method with a sponge parameter
so that it accepts one or more role names and returns whether or not
the user is one or more of those roles? If you did that then you
could include the method in your ApplicationController and share the
logic with all your controllers.

def authorized_for_roles(*roles)
roles.each{|role_name| return true if user.has_role?(role_name)}
false
end

With that you could have a before_filter like this:

before_filter :authorize_administration, :only=>:administration
…
private
def authorize_administration
authorized_for_roles :administrator, :taskmanager
end

sschunselaar · May 22, 2008, 8:44am

After reading your and Ricks post I understand what my problem was. Now
I use this in my authentication controller, and it seems al working
fine.

def authorized_for_roles(*roles)
roles.each{|role| return true if @current_user.has_role?(role)}
permission_denied
end

Thank you for the quick and good response!

AndyV wrote:

I was about to suggest something along the lines of Rick’s last
suggestion. Why note create a single method with a sponge parameter
so that it accepts one or more role names and returns whether or not
the user is one or more of those roles? If you did that then you
could include the method in your ApplicationController and share the
logic with all your controllers.

def authorized_for_roles(*roles)
roles.each{|role_name| return true if user.has_role?(role_name)}
false
end

With that you could have a before_filter like this:

before_filter :authorize_administration, :only=>:administration
…
private
def authorize_administration
authorized_for_roles :administrator, :taskmanager
end

sschunselaar · July 16, 2008, 4:56am

hi…

can u explain to me what is “@current_user.has_role?(role)” means.
“has_role” izzit a method that u define by urself ?

Thanks You!!!

On May 22, 2:44 pm, Sjoerd Schunselaar <rails-mailing-l…@andreas-

sschunselaar · July 16, 2008, 4:56am

hi
i am new to rails. i tried to create a site with multiple role as
described above.
when i tried the following code
def authorized_for_roles(*roles)
roles.each{|role| return true if @current_user.has_role?(role)}
permission_denied
end
i got the following error
You have a nil object when you didn’t expect it!
The error occurred while evaluating nil.has_role?

can anyone explain what is wrong.

thank you

On May 22, 2:44 pm, Sjoerd Schunselaar <rails-mailing-l…@andreas-

sschunselaar · May 21, 2008, 6:21pm

On Wed, May 21, 2008 at 10:17 AM, Frederick C.
[email protected] wrote:

controller, and action? Also he said “{” is unexpected at your second
method.

I’ve also tried;
before_filter (:check_administrator_role || :check_taskmanager_role),
:only => [:administration]
You can’t do anything like that. you need to produce a single filter
that performs the check (which seems to be what rick’s suggestion is).

Yes that’s what I was suggesting.

I think the problem was I didn’t really go into how filters work. the
two existing check_xxx_role methods probably look something like:

def check_administrator_role
redirect_to somewhere unless user.has_role(:administrator)
end

def check_taskmanager_role
redirect_to somewhere unless user.has_role(:taskmanager)
end

So my simple admin_authorized method will actually stop the filter
chain unless the user has BOTH roles rather than either, instead
rather than calling the other two filter methods, it need to do
something like:

def admin_authorized
redirect_to somewhere unless user.has_role(:administrator) ||
user.has_role(:taskmanager)
end

or some equivalent logic.

–
Rick DeNatale

My blog on Ruby
http://talklikeaduck.denhaven2.com/