Forum: Ruby on Rails before_filter to restrict user from editing locked item

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Debcfd8f3f533800e2711c704825f9c0?d=identicon&s=25 Scott Kulik (kuliksco)
on 2008-11-09 21:19
I have a list of items in which some are locked.  if they are locked
then I want to make them not be able to be edited.

how can i set up something like this:

before_filter :locked?(item), :only => [:edit, :update]

  def locked?(item)
    if item.locked then return false
  end

or how should i be doing this?

thanks!
81b61875e41eaa58887543635d556fca?d=identicon&s=25 Frederick Cheung (Guest)
on 2008-11-09 22:38
(Received via mailing list)
On 9 Nov 2008, at 20:19, Scott Kulik wrote:

>  end
Well you can't pass an argument to a filter like that. you'd have to
fetch the item first (I presume this is all boilerplate stuff so
you're interested in the one of id params[:id].
Also, returning false from a filter doesn't do anything any more - you
need to render or redirect to halt the filter chain.

Fred
Debcfd8f3f533800e2711c704825f9c0?d=identicon&s=25 Scott Kulik (kuliksco)
on 2008-11-10 01:58
Frederick Cheung wrote:
> On 9 Nov 2008, at 20:19, Scott Kulik wrote:
>
>>  end
> Well you can't pass an argument to a filter like that. you'd have to
> fetch the item first (I presume this is all boilerplate stuff so
> you're interested in the one of id params[:id].
> Also, returning false from a filter doesn't do anything any more - you
> need to render or redirect to halt the filter chain.
>
> Fred

thanks for the info fred.

i was just thinking that I should probably do the checking to see if an
item is locked in the model before updating.  so in item.rb:

  before_save :validate

  def validate

    @user = User.find_by_id(session[:user_id])

    if self.locked == 1 && @user.admin == 1
      self.errors.add_to_base("This item is locked and can only be
edited by an administrator.")
      return false
    end
  end

the only problem i have here is that I am unable to access the session
variable or the "admin?" function in my authenticated_system library.

is there an easy solution to check if a user is an admin from a model?
this way sounds like it might be a little easier then using a
boilerplate.
81b61875e41eaa58887543635d556fca?d=identicon&s=25 Frederick Cheung (Guest)
on 2008-11-10 10:12
(Received via mailing list)
On Nov 10, 12:58 am, Scott Kulik <rails-mailing-l...@andreas-s.net>
wrote:
> Frederick Cheung wrote:

>
> thanks for the info fred.
>
> i was just thinking that I should probably do the checking to see if an
> item is locked in the model before updating.  so in item.rb:
>
Personally I would keep this in the controller. For example if you had
a cron job that updating items at night or something like that you
wouldn't want to have to fake up a user for that.

Fred
Debcfd8f3f533800e2711c704825f9c0?d=identicon&s=25 Scott Kulik (kuliksco)
on 2008-11-10 21:03
Frederick Cheung wrote:
> On Nov 10, 12:58�am, Scott Kulik <rails-mailing-l...@andreas-s.net>
> wrote:
>> Frederick Cheung wrote:
>
>>
>> thanks for the info fred.
>>
>> i was just thinking that I should probably do the checking to see if an
>> item is locked in the model before updating. �so in item.rb:
>>
> Personally I would keep this in the controller. For example if you had
> a cron job that updating items at night or something like that you
> wouldn't want to have to fake up a user for that.
>
> Fred

thanks fred, i put it in the controller and it's working great.
This topic is locked and can not be replied to.