Post the log, the code "smell" good 2009/5/25 Carl <[email protected]>
> > I am sort of able to get it to work by creating: > > before_filter :authorized?, :only => [:update] > > def authorized? > @universe = Universe.find(params[:id]) > unless @universe.creator_id == session[:user_id] > flash[:notice] = "Only the creator of a Universe may modify it." > redirect_to :controller => :universe > return false > end > end > > But that just causes an ugly internal 500 error rather than rendering > the flash or actually redirecting since it is an ajax call. Any ideas > about how to make this work better? > > Carl > > On May 25, 7:59 am, Carl <[email protected]> wrote: > > Hmm, do you have any suggestions about how to do what I need done? I > > tried to use "before_update_save(record)" in the controller, but it > > must check that after validations because adding validation errors > > didn't stop it from working. I have the feeling I'm missing something > > small but really important here since there must be plenty of other > > people who have the same problem. Thanks. > > > > Carl > > > > On May 25, 7:03 am, "G. Sobrinho" <[email protected]> wrote: > > > > > Hello Carl, > > > > > I think the Active Scaffold doesn't support authorized_for_action? on > each > > > record, only on all... But, i can wrong. > > > > > I will check that and notify you > > > > > 2009/5/25 Carl <[email protected]> > > > > > > I'm using the master trunk of AS with Rails 2.3.2 > > > > > > In one of my models I need to prevent the user from modifying the > > > > model unless the current_user.id == creator_id. I am using the > > > > nifty_authentication generator so I thought that perhaps the > > > > current_user wasn't being passed through so I added a logger > statement > > > > to test things and I've run into something odd. Here's the code in my > > > > model: > > > > > > class Universe < ActiveRecord::Base > > > > has_many :permissions > > > > has_many :users, :through => :permissions > > > > belongs_to :creator, :class_name => "User", :foreign_key > > > > => :creator_id > > > > > > def authorized_for_update? > > > > logger.error "current user id = #{current_user.id}, self stats = > # > > > > {self.to_yaml}" > > > > return false unless current_user.id == self.creator_id > > > > end > > > > end > > > > > > The logger statement reads like this in the log (there is currently > > > > only one model in the database of this type currently): > > > > > > current user id = 1, self stats = --- !ruby/object:Universe > > > > attributes: > > > > name: > > > > created_at: > > > > updated_at: > > > > creator_id: > > > > description: > > > > attributes_cache: {} > > > > > > new_record: true > > > > > > So current_user.id is being set correctly, but shouldn't this have > the > > > > stats for the current model in it rather than a blank model? The > model > > > > in question should be showing up like this: > > > > > > --- !ruby/object:Universe > > > > attributes: > > > > name: Avatars > > > > created_at: 2009-05-24 21:32:38 > > > > updated_at: 2009-05-25 01:53:56 > > > > id: "1" > > > > creator_id: "1" > > > > description: blah, blah > > > > attributes_cache: {} > > > > > > If anyone has any idea what I'm doing wrong here I'd really > appreciate > > > > it.I've looked through the other posts on here and it seems like it > > > > should be working. > > > > > -- > > > Atenciosamente, > > > > > Gabriel Sobrinho > > > [email protected] > > > +55 31 8775-8378 > > > -- Atenciosamente, Gabriel Sobrinho [email protected] +55 31 8775-8378 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en -~----------~----~----~----~------~----~------~--~---
