Locking Out User Access


#1

Hi all,

I’m new to rails and this is my first post to this list so apologies
if I’m little slow on a few things.

I have a standard database app with multiple users and a limited
access admin controller. Occasionally, I need to run some very
processor-intensive queries on the database that slow the app to a
crawl. During this time, I would like to lock out users from accessing
the app. Specifically, I want to redirect users accessing any
controller other than the admin controller to a page that says “check
back later”.

Currently, I just edit my .htaccess file when I do this. However, I
want to be be able to run an action from my admin controller that does
this for me.

I tried setting a global variable (with a dollar sign) in my admin
controller but none of the other controllers seem to be able to see
it. I can’t store the variable in the database either, since the busy
database is the reason I wanted to lock users out in the first place.
I’m also considering just having the action run a shell script but I’m
not really sure how to do this.

If anyone has any ideas, I’d be much obliged.

– Andrew


#2

On Aug 2, 2007, at 8:48 PM, Andrew F. wrote:

this for me.
it sounds like you want a filter at the top of the application
controller that checks whether a “redirect all non-admin users” flag
is set and, if so, checks whether the request is coming from a logged
in user who has the admin bit. the filter should redirect to the
temporary page, and shouldn’t run for the login controller (which
you’ll need to go to manually, but will let you log in so admin users
can bypass the filter.

you might look at how acts_as_authenticated handles login filters to
provide some guidance on doing one yourself.

-faisal


#3

Andrew F. wrote:

controller other than the admin controller to a page that says "check
I’m also considering just having the action run a shell script but I’m
not really sure how to do this.

If anyone has any ideas, I’d be much obliged.

Capistrano has (or had?) a way to disable your web access altogether by
creating a maintenance.html file. With Apache configured correctly all
requests are being served this file when it exists. When the file is
removed the application becomas accessible once more. You should be able
to do something similar.


Cheers,

  • Jacob A.