Forum: Ruby on Rails login_generator Restricting Specific Users

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
9c9febbccf372de3137ba02f0d38d2a9?d=identicon&s=25 Digital Pardoe (digitalpardoe)
on 2006-05-13 19:13
I have created a 'admin' controller and all the necessary definitions
and templates to delete, update and edit records and this is working OK,
but how do I effectively restrict access to these defs' from all but the
admin user (called admin)?

Currently I am just using if statements within the defs' to check if it
is the admin user logged in e.g;

def index
     if (@session[:user].login == 'admin')
          #perform actions
     end
end

but this produces horrible error messages if accidentally navigated to.
Is there a cleaner way of doing this?

Thanks in advance. Alex.
036be8d5d83a98e546b98d64e3fd6c20?d=identicon&s=25 Sam Donaldson (Guest)
on 2006-05-13 23:33
(Received via mailing list)
You need to make use of filters, by using before_filter, and giving it a
set
of functions you'd like to filter.  You can use the :except clause to
filter
everything but some function, typically index.

Thanks.
Fb23bc8cd4030c526b0689276b34c8bd?d=identicon&s=25 Bryan Duxbury (bryanduxbury)
on 2006-05-14 04:05
If you define an "authorize" function in the admin controller, you can
use it to choose if the user is allowed to see the action they've
requested. If you return true, they're authorized, false otherwise. For
instance:

def authorize
  session[:user].is_admin?
end
9c9febbccf372de3137ba02f0d38d2a9?d=identicon&s=25 Digital Pardoe (digitalpardoe)
on 2006-05-14 17:17
Bryan Duxbury wrote:
> If you define an "authorize" function in the admin controller, you can
> use it to choose if the user is allowed to see the action they've
> requested. If you return true, they're authorized, false otherwise. For
> instance:
>
> def authorize
>   session[:user].is_admin?
> end

Hi,

Thanks for the quick response, I was wondering if you could give me a
more complete example with how to implement your idea with regards to
protecting an 'index' function perhaps because I can't get it to work at
all.

Alex
This topic is locked and can not be replied to.