Problems with acl_system and before_filter

i am using the acl_system plugin but am having problems when users try
to access restricted pages before they are logged in.

i have my before_filter :check_authentication before the access_control
line, but everytime i try to access a page without being logged in, i
get an error saying:

Couldn’t find User without an ID

/usr/local/lib/ruby/gems/1.8/gems/activerecord-1.14.4/lib/active_record/base.rb:939:in
find_from_ids' /usr/local/lib/ruby/gems/1.8/gems/activerecord-1.14.4/lib/active_record/base.rb:382:infind’
#{RAILS_ROOT}/app/controllers/application.rb:15:in `current_user’

nothing should be accessing my current_user method before the user is
logged in, and this all worked until i added the acl line right after
it.

is this a bug or did i do something wrong?

On Nov 1, 2006, at 2:54 PM, Josh wrote:

it.

is this a bug or did i do something wrong?

Well the acl_system plugin does its thing based on the current_user

method. SO you really should only be using the access_control for
pages that you are sure the users will be logged in for. The login
action has to set the current_user for access_control to work. Can
you paste your controller code? I can help make it work.

Cheers-

– Ezra Z.
– Lead Rails Evangelist
[email protected]
– Engine Y., Serious Rails Hosting
– (866) 518-YARD (9273)

Here is some code from my Tasks controller and my application.rb file:

class TasksController < ApplicationController

layout ‘standard’

before_filter :check_authentication

access_control :DEFAULT => ‘POD’,
[:sort, :update_position] => ‘(admin & POD)’

… controller methods …
end

class ApplicationController < ActionController::Base

def check_authentication
unless session[:user_id]
session[:original_uri] = request.request_uri
flash[:notice] = ‘Please log in’
redirect_to :controller => ‘account’, :action => ‘login’
end
end

helper_method :current_user
def current_user
@current_user ||= User.find(session[:user_id])
end
end

Thanks for the help

hi ezra!

Ezra Z. [02.11.2006 01:14]:

Well the acl_system plugin does its thing based on the
current_user method. SO you really should only be using the
access_control for pages that you are sure the users will be
logged in for. The login action has to set the current_user for
access_control to work.
sure, but when i ran across that very same problem, i decided that
acl_system should simply allow access if the user hasn’t been logged
in yet:

---- snip ----
module Caboose::LogicParser
alias :original_process :process

def process(logicstring, context)
context[:user].nil? or original_process(logicstring, context)
end
end
---- snip ----

otherwise i wouldn’t be able to protect my login controller (which
actually is an account controller) by acl_system.

cheers
jens


Jens W., Dipl.-Bibl. (FH)
prometheus - Das verteilte digitale Bildarchiv für Forschung & Lehre
An St. Laurentius 4, 50931
KölnTel.: +49 (0)221 470-6668, E-Mail: [email protected]
http://www.prometheus-bildarchiv.de/

I ran into this problem because i have emails sent out with links to
certain tasks, but it requires login in order to view them.

i store the intended url in a session variable and then redirect them
to that page once they are logged in so that they don’t have to dig
through all of the tasks to find the one they were looking for.