Problem with nil.user

Rails
1

Hi all, I’ve put new code into my app so that an administrator will have
extra privileges (administer users, edit pages). The error is:

‘Couldn’t find User without an ID’

So the app is looking for a logged in user when the homepage is
accessed.

Heres my code:

site/index view:

<% if is_logged_in? and logged_in_user.has_role?(‘Moderator’) -%>
<%= link_to ‘Administer Users’, :controller => ‘user’, :action =>
‘show’ %>
<%= link_to ’ | Edit pages’, pages_path %>
<% end %>

application helper:

def is_logged_in?
@logged_in_user = User.find(session[:user_id])
@logged_in_user ? @logged_in_user : false
end

def logged_in_user
return @logged_in_user if is_logged_in?

How could I change the code to rectify this? Any help would be greatly
appreciated

Steve.

2

Rick Lloyd wrote:

Try

def is_logged_in?
@logged_in_user = User.find(session[:user]) if session[:user]
end

On Apr 29, 10:15�am, Stephen F. [email protected]

Thanks Rick. It worked a treat and also opened up a couple of gaping
holes aswell (which I’ve managed to rectify!)

Cheers

Stephen.

3

Try

def is_logged_in?
@logged_in_user = User.find(session[:user]) if session[:user]
end

On Apr 29, 10:15 am, Stephen F. [email protected]

4

Just to followup if you’re interested, … the error msg from the op
was due to the fact that the call to session[:user_id] returned nil,
and thus calling find(nil) resulted in that error being raised. If
you wanted to avoid such an error and just have the find call return
nil if not found, one way is to just call find_by_id:

$ ./script/console

u = User.find(nil)
ActiveRecord::RecordNotFound: Couldn’t find User without an ID
from /usr/lib/ruby/…

u = User.find_by_id(nil)
=> nil

Jeff

On Apr 29, 2:10 pm, Stephen F. [email protected]

5

E. Litwin wrote:

When are you saving the user_id to the session?

You need to force a redirect to a login page if there is no session
[:user_id] and you should also handle the fact that session[:user_id]
may be nil in your is_logged_in? method.

Its saved in the login method:

user = User.find_by_user_name(@user.user_name)

  if user and user.password_matches?(@user.password)
    user.login!(session)
    if @user.remember_me == "1"
      cookies[:remember_me] = { :value   => "1",
                                :expires => 10.years.from_now }
      user.authorization_token = Digest::SHA1.hexdigest(
                                   "#{user.user_name}:#{user.password}")

I have a redirect if someone tries to access the admin privileges if
thats what you mean?

6

When are you saving the user_id to the session?

You need to force a redirect to a login page if there is no session
[:user_id] and you should also handle the fact that session[:user_id]
may be nil in your is_logged_in? method.

On Apr 29, 1:15 pm, Stephen F. [email protected]

7

Just to clarify - are you setting session[:user_id] in the user.login!
(session) call?
The other suggestions on handling a nil session[:user_id] (i.e. using
find_by_id) are the appropriate ways to handle the error.

Eric

On Apr 30, 12:09 pm, Stephen F. [email protected]

8

E. Litwin wrote:

Just to clarify - are you setting session[:user_id] in the user.login!
(session) call?
The other suggestions on handling a nil session[:user_id] (i.e. using
find_by_id) are the appropriate ways to handle the error.

Eric

On Apr 30, 12:09�pm, Stephen F. [email protected]

Yes,

#log a user in
def login!(session)
session[:user_id] = self.id
end

Steve