Help with Access Control

Rails
1

Hi,

I am following the excellent tutorial
http://www.railsforum.com/viewtopic.php?id=14216
(post 5) on how to implement an access control feature i.e. only a
friend is allowed to view a profile of a particular member. I am not
using the restful authentication plugin as the author is using to
implement the authentication feature (post 1) in the tutorial. All I
am interested in is the post 5 where the author explains how to
implement access control. I have created the friends table and
followed post 5 step by step, unfortunately I am getting the following
error when I try to attempt to run the “show” method. Some tips will
really be helpful, many thanks in advance

error: stack level too deep
usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
reflection.rb:219:in derive_class_name' /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/ reflection.rb:106:in class_name’
/usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
reflection.rb:129:in klass' /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/ reflection.rb:189:in source_reflection’
/usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
reflection.rb:189:in collect' /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/ reflection.rb:189:in source_reflection’

/usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
associations.rb:1128:in new' /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/ associations.rb:1128:in pals’
app/models/user.rb:17:in has_pal?' app/controllers/users_controller.rb:20:in show’

/models/user.rb

line 16: def has_pal?(pal)
line 17: self.pals.find(pal) ? true : false
Line 18: end

/controllers/users_controller.rb

Line 18: def show
Line 19: @info = User.find(params[:id])
Line 20: unless current_user.has_pal?(@info)
Line 21: redirect_to :controller => “users”, :action => “index”
Line 22: end
Line 23: end

here is the full contents of the user model

require ‘digest/sha1’
class User < ActiveRecord::Base
has_many :pals
has_many :pals, :through => :pals

attr_accessor :password

validates_presence_of :username
validates_presence_of :password
validates_presence_of :password_confirmation
validates_length_of :password, :within => 4…40
validates_confirmation_of :password
validates_length_of :username, :within => 3…40
validates_length_of :email, :within => 3…100
validates_uniqueness_of :username, :email, :case_sensitive =>
false

def has_pal?(pal)

self.pals.find(pal) ? true : false

end

#validate

errors.add_to_base(“No password”) if crypted_password.blank?

end

Authenticates a user by their username name and unencrypted

password. Returns the user or nil.
def self.authenticate(username, crypted_password)
login = find_by_username(username) # need to get the salt
if login
expected_password = encrypted_password(crypted_password,
login.salt)
if login.crypted_password != expected_password
login = nil
end
end
login
end

def password
@password
end
def password=(pw)
@password = pw
create_new_salt
self.crypted_password = User.encrypted_password(self.password,
self.salt)
end

def remember_token?
remember_token_expires_at && Time.now.utc <
remember_token_expires_at
end

These create and unset the fields required for remembering users

between browser closes
def remember_me
self.remember_token_expires_at = 2.weeks.from_now.utc
self.remember_token = encrypt(“#{email}–
#{remember_token_expires_at}”)
save(false)
end

def forget_me
self.remember_token_expires_at = nil
self.remember_token = nil
save(false)
end

private
# before filter
def self.encrypted_password(password, salt)
string_to_hash = “#{password}wibble”+ salt
Digest::SHA1.hexdigest(string_to_hash)
end

def create_new_salt
  self.salt = self.object_id.to_s + rand.to_s

end
end