You can't get to the session when you are declaring the config. You need to
do this on a before filter.
before_filter :add_delete_if_admin
def add_delete_if_admin
if session['user'].admin
active_scaffold_config.actions.add :delete
else
active_scaffold_config.actions.exclude :delete
end
end
you should also implement this method, which will prevent the deletion from
happening if someone is trying to url hijack and delete things.
def delete_authorized?
session['user'].admin
end
On Mon, Apr 6, 2009 at 11:27 PM, [email protected] <
[email protected]> wrote:
>
> Does anyone know how to check the current user field (I have an admin
> field to have a simple role base permission level) in the
> "config.actions.add :delete" line?
>
> The generated loginsystem store the session['user'], and I was able to
> use that object data in the view but not the controller where I use
> config.actions.add to add the delete as an option for admin only.
>
> I tried it with @session['user'].admin, session['user'], and other
> variations and it wasn't able to even pull that session up.
>
> Can anyone please help?
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"ActiveScaffold : Ruby on Rails plugin" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/activescaffold?hl=en
-~----------~----~----~----~------~----~------~--~---
