I am sort of able to get it to work by creating:
before_filter :authorized?, :only => [:update]
def authorized?
@universe = Universe.find(params[:id])
unless @universe.creator_id == session[:user_id]
flash[:notice] = "Only the creator of a Universe may modify it."
redirect_to :controller => :universe
return false
end
end
But that just causes an ugly internal 500 error rather than rendering
the flash or actually redirecting since it is an ajax call. Any ideas
about how to make this work better?
Carl
On May 25, 7:59 am, Carl <[email protected]> wrote:
> Hmm, do you have any suggestions about how to do what I need done? I
> tried to use "before_update_save(record)" in the controller, but it
> must check that after validations because adding validation errors
> didn't stop it from working. I have the feeling I'm missing something
> small but really important here since there must be plenty of other
> people who have the same problem. Thanks.
>
> Carl
>
> On May 25, 7:03 am, "G. Sobrinho" <[email protected]> wrote:
>
> > Hello Carl,
>
> > I think the Active Scaffold doesn't support authorized_for_action? on each
> > record, only on all... But, i can wrong.
>
> > I will check that and notify you
>
> > 2009/5/25 Carl <[email protected]>
>
> > > I'm using the master trunk of AS with Rails 2.3.2
>
> > > In one of my models I need to prevent the user from modifying the
> > > model unless the current_user.id == creator_id. I am using the
> > > nifty_authentication generator so I thought that perhaps the
> > > current_user wasn't being passed through so I added a logger statement
> > > to test things and I've run into something odd. Here's the code in my
> > > model:
>
> > > class Universe < ActiveRecord::Base
> > > has_many :permissions
> > > has_many :users, :through => :permissions
> > > belongs_to :creator, :class_name => "User", :foreign_key
> > > => :creator_id
>
> > > def authorized_for_update?
> > > logger.error "current user id = #{current_user.id}, self stats = #
> > > {self.to_yaml}"
> > > return false unless current_user.id == self.creator_id
> > > end
> > > end
>
> > > The logger statement reads like this in the log (there is currently
> > > only one model in the database of this type currently):
>
> > > current user id = 1, self stats = --- !ruby/object:Universe
> > > attributes:
> > > name:
> > > created_at:
> > > updated_at:
> > > creator_id:
> > > description:
> > > attributes_cache: {}
>
> > > new_record: true
>
> > > So current_user.id is being set correctly, but shouldn't this have the
> > > stats for the current model in it rather than a blank model? The model
> > > in question should be showing up like this:
>
> > > --- !ruby/object:Universe
> > > attributes:
> > > name: Avatars
> > > created_at: 2009-05-24 21:32:38
> > > updated_at: 2009-05-25 01:53:56
> > > id: "1"
> > > creator_id: "1"
> > > description: blah, blah
> > > attributes_cache: {}
>
> > > If anyone has any idea what I'm doing wrong here I'd really appreciate
> > > it.I've looked through the other posts on here and it seems like it
> > > should be working.
>
> > --
> > Atenciosamente,
>
> > Gabriel Sobrinho
> > [email protected]
> > +55 31 8775-8378
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"ActiveScaffold : Ruby on Rails plugin" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/activescaffold?hl=en
-~----------~----~----~----~------~----~------~--~---
