Hi Group! I started working with Rails about a week ago.
I created this app that acts pretty much like a public blog. So far
users can register for an account with Authlogic (http://github.com/
binarylogic/authlogic). Once a user has logged in they can add their
own posts. Now I would like to make it so that only posts authors are
able to edit or destroy their own items.
Using this tutorial (http://wiki.github.com/be9/acl9/tutorial-securing-
a-controller) I did the following:
–>This is in my PostsControllers
class PostsController < ApplicationController
before_filter :load_post, :only => [:edit, :update, :destroy, :show]
access_control do
allow all, :to => [:index, :show]
allow :admin
allow logged_in, :to => [:new, :create]
allow :owner, :manager, :of => :post, :to => [:edit, :update]
end
…
private
def load_post
@post= Post.find(params[:id])
end
end
So far so good. Now I need set the role for each user to manage their
own post.
Following the same tutorial I can only get to accomplish this by doing
this to my PostsControllers
def create
@post = Post.new(params[:product])
if @post.save
flash[:notice] = ‘Post created.’
current_user.has_role!(:author, @post # <————- assign the role
redirect_to(@post)
else
render :new
end
end
That works, but not quite. The only problem is how it gets stored in
the database.
For every time a user creates a new post it adds data to the table
“roles” and “roles_users”, so if the same user adds another post this
would add another row to “roles”, “roles_user”, and of course to
“posts”.
I believe this would work better (and be lighter in the database) if
the role would be set at the time the user is created…so the user
has a role over any post that has its user_id.
Can anybody help me solve this? Your assistance would be very greatly
appreciated. Thanks for your time 