I’m trying to write sort of a short-and-sweet authentication
permissions system. As it is right now, I know how I think I want it
to work but I’m having trouble making it escape the controller action
that was running if validation fails.
Controller in some action:
# User must have permission to edit their own article
# User must have permission to edit other’s articles
Denies access to unauthorized users.
def permission_required(cont, code)
unless permission?(cont, code)
flash[:warning] = “You don’t have the permission required for
access to this function”
The “return false” I have there, I want it cancel processing from the
action in my controller but it only cancels processing from the rest
of the permission_required method.
I’m at a loss as to how to put code safely after calling
permission_required in my controller, without worrying about it
getting executed anyway after the user is redirected.