Forum: Ruby on Rails simple before filter rights/acl

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
C1e5a9e9344b6d31b9df7303e6dc378a?d=identicon&s=25 Craig White (Guest)
on 2009-05-31 18:24
(Received via mailing list)
In the past, I have used a solution of Rights/Roles/Users as outlined by
Chad Fowler in his original Rails Recipes but this is different.

I am dealing with a legacy application, written in PHP with users,
passwords and security values that I can easily access in RAILS but I am
primarily interested in using Rails to write reports and don't see much
need to create new tables - at least not yet.

So if I put into application_controller.rb,

  before_filter :authenticate,
                :authorize,
                :except => [:login, :err_handler]
  def authorize
    unless session[:securitylevel] >= session[:pageseclevel]
    flash[:notice] = "You are not authorized to do that"
    request.env["HTTP_REFERER"] ? (redirect_to :back,
     :params => @params) : (redirect_to $SOMETHING)
    return false
    end
  end

and I try to set session[:pageseclevel] inside of each method, that
isn't going to work. I think I just need a way to use a before_filter
but have a very small table of lookup values for the security level for
the few methods I am going to create.

Does anyone have a suggestion?

Craig


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
This topic is locked and can not be replied to.