Forum: Ruby on Rails user engine question

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Ef0db53920b243d6758c2f6b1306df0d?d=identicon&s=25 Steve Ross (cwd)
on 2006-01-07 01:44
I've created an array of hashes in UserController#initialize to describe
a menu:

    @menu_array = [
    	{:menu => 'home', :controller => 'home', :action => 'send_home'},
    	{:menu => 'user list', :action => 'list'},
    	{:menu => 'login', :controller => '/user', :action => 'login'},
    	{:menu => 'logout', :controller => '/user', :action => 'logout'}

These are cobbled together in my application_helper.rb as:

    def construct_horizontal_menu(menu_array)
      menu_strings = []
      menu_array.each do |menu_item|
        menu_text, throw_away = menu_item.delete(:menu)
        menu_strings << link_if_authorized(menu_text, menu_item)
      menu_strings.delete_if{|x| x.strip == ''}
      menu_strings.delete_if {|item| item =~ (user? ? /login/ :
      menu_strings.join(' | ')

I don't have a before_filter in application.rb so nothing is protected
by default. In my UserController, I added:

before_filter :login_required, :except => [:login, :go_home]

The :login action is linked to when a user is not logged in, but not
:go_home. Any idea why?

On a side note, there is a database hit for each of the
link_if_authorized calls. Two questions: 1) is there any way to specify
what role a user must have? 2) is there any way to cache enough
information to reduce redundant database hits?

Thanks for a great plugin!
05d703f649ef1d07e78d7b479fb4c4ac?d=identicon&s=25 James Adam (Guest)
on 2006-01-07 02:31
(Received via mailing list)
Does any of the Roles which your logged-in user has have permission to
go to the login action? You'll want to check the database, but i think
the default is no for the User role.

- james
Ef0db53920b243d6758c2f6b1306df0d?d=identicon&s=25 Steve Ross (cwd)
on 2006-01-07 07:02
It appears the problem is in the permissions_roles relation. I guess
there is a HABTM relationship and I don't see any implementation that
suggests to me how I can modify the roles that have permissions for a
given action.

I basically want almost everything on this site to be visible to the
casual visitor. There is a "membership" area and an "admin" area (which
correspond to registered users and admins). When I create action 'foo'
in my controller, what do I do to announce to the user engine that you
have do be an "admin" to call foo?


05d703f649ef1d07e78d7b479fb4c4ac?d=identicon&s=25 James Adam (Guest)
on 2006-01-07 12:33
(Received via mailing list)
By the default Roles/Permissions that are created, if you login as the
default administrator user and go to http://yousite/role/list, you
should then see links to edit each Role. Editing the 'User' Role (the
one which is given to new users by default) will then let you modify
the permissions associated with that role. The implementation is in
the user engine's permission and role controllers and associated

To give you some more context: the authorisation mechanism used by the
user engine is 'positive permissions'. Each user can have any number
of Roles, and associated with each role are a number of Permission
objects. Each Permission object represents a particular controller
action (generated and updatable by a rake task, or using
Permission.sync in your environment.rb). The presents of a
relationship between a particular Permission and Role indicates that
users with that Role should be allowed to perform the given action. If
there is no relationship defined between a Permission and *any* of the
Roles of the current user, they are denied access to this action.
Thus, by default Users will NOT have permission to perform actions.
Each action must be specifically granted.

- james
This topic is locked and can not be replied to.