User engine question

cwd · January 7, 2006, 1:44am

I’ve created an array of hashes in UserController#initialize to describe
a menu:

@menu_array = [
	{:menu => 'home', :controller => 'home', :action => 'send_home'},
	{:menu => 'user list', :action => 'list'},
	{:menu => 'login', :controller => '/user', :action => 'login'},
	{:menu => 'logout', :controller => '/user', :action => 'logout'}
]

These are cobbled together in my application_helper.rb as:

def construct_horizontal_menu(menu_array)
  menu_strings = []
  menu_array.each do |menu_item|
    menu_text, throw_away = menu_item.delete(:menu)
    menu_strings << link_if_authorized(menu_text, menu_item)
  end
  menu_strings.delete_if{|x| x.strip == ''}
  menu_strings.delete_if {|item| item =~ (user? ? /login/ :

/logout/)}
menu_strings.join(’ | ')
end

I don’t have a before_filter in application.rb so nothing is protected
by default. In my UserController, I added:

before_filter :login_required, :except => [:login, :go_home]

The :login action is linked to when a user is not logged in, but not
:go_home. Any idea why?

On a side note, there is a database hit for each of the
link_if_authorized calls. Two questions: 1) is there any way to specify
what role a user must have? 2) is there any way to cache enough
information to reduce redundant database hits?

Thanks for a great plugin!

cwd · January 7, 2006, 2:31am

Does any of the Roles which your logged-in user has have permission to
go to the login action? You’ll want to check the database, but i think
the default is no for the User role.

james

cwd · January 7, 2006, 7:02am

It appears the problem is in the permissions_roles relation. I guess
there is a HABTM relationship and I don’t see any implementation that
suggests to me how I can modify the roles that have permissions for a
given action.

I basically want almost everything on this site to be visible to the
casual visitor. There is a “membership” area and an “admin” area (which
correspond to registered users and admins). When I create action ‘foo’
in my controller, what do I do to announce to the user engine that you
have do be an “admin” to call foo?

Thanks

–steve

cwd · January 7, 2006, 12:33pm

By the default Roles/Permissions that are created, if you login as the
default administrator user and go to http://yousite/role/list, you
should then see links to edit each Role. Editing the ‘User’ Role (the
one which is given to new users by default) will then let you modify
the permissions associated with that role. The implementation is in
the user engine’s permission and role controllers and associated
views.

To give you some more context: the authorisation mechanism used by the
user engine is ‘positive permissions’. Each user can have any number
of Roles, and associated with each role are a number of Permission
objects. Each Permission object represents a particular controller
action (generated and updatable by a rake task, or using
Permission.sync in your environment.rb). The presents of a
relationship between a particular Permission and Role indicates that
users with that Role should be allowed to perform the given action. If
there is no relationship defined between a Permission and any of the
Roles of the current user, they are denied access to this action.
Thus, by default Users will NOT have permission to perform actions.
Each action must be specifically granted.

james