Best way to protect pages with custom auth-system?

I have a custom auth-system based on authlogic (based largely on
reader extension).
I have two roles: regular users and moderators.
I also have two extra pages types, one is for moderators only, the
other is for either.

Whats would be recommended way to require certain user role to access
a particular page type?
Should I define a custom process() method for each page or is there a
better way?

On Sat, Oct 16, 2010 at 3:08 PM, swartz [email protected] wrote:

I haven’t tried this myself.
You could create a custom process, you could perhaps create a rack
session and use http://github.com/hassox/warden/wiki/Setup

On 29 Oct 2010, at 04:35, Jim G. wrote:

better way?
reader_group does something similar by overriding find_page and
show_page in site_controller, but I looking at it now I probably should
just have chained Page#find_by_url and defined some new exception types
for the controller to catch.

best,

will

What I’ve done so far is to use around_filter with process_page from
SiteController.
But I find that the login in this overwritten method is expensive as
it has to run and hit the database for every page.
Just seeing if there’re better ways to do this.

I’m toying with the idea of caching the permissions, that is load them
all up and their permission from table into memory and keep them
there.
So it doesn’t have to hit the database every time.
The good thing is there’re only 200 pages and not 2,000.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs