Completely stuck on Role-Based Authorization


#1

Im completely stuck on Role-Based Authorization (I used the rails recipe
method)

(user_controller.rb)
def login
return if generate_blank
@user = User.new(@params[‘user’])
if @session[‘user’] = User.authenticate(@params[‘user’][‘login’],
@params[‘user’][‘password’])
flash[‘notice’] = l(:user_login_succeeded)
redirect_back_or_default :controller => “admin”, :action => ‘list’
else
@login = @params[‘user’][‘login’]
flash.now[‘message’] = l(:user_login_failed)
end
end

(admin_controller.rb)
before_filter :login_required,
:check_authorization,
:except => [:login, :signup, :show]

def check_authorization
user = User.find(session[:user])
unless user.roles.detect{|role|
role.rights.detect{|right|
right.action == action_name && right.controller ==
controller_name
}
}
flash[:notice] = “You are not authorized to view the page you
requested”
redirect_to :controller => “admin”, :action => ‘list’
return false
end
end

I get the error:

ActiveRecord::RecordNotFound in Admin#new
Couldn’t find User without an ID

Help!