in your controller create a private method
private
def userlimits
@userlimits ||= current_user.userlimits.find(:first, :conditions =>
"universe_id =#{self.universe_id}").rights
end
this will cache your userlimits for the user and you will only make the
database call once. or you could go as far as to do this aslo
def has_admin_rights?
@admin_rights ||= userlimits.rights >=2
end
and this will cache the users rights so you only make the >= 2 call once.
but the time it takes to evaluate # >=2 is negligible.
be sure to make these methods private. They only cache the userlimits per
request, but it is still a speed up.
Kenny
On Wed, May 27, 2009 at 11:10 AM, Carl Anderson <[email protected]> wrote:
>
> Forget it, I figured out it was the "new_record?" that was doing it
> and by removing that from the authorized_for_create? command worked
> perfectly.
>
> Thanks again,
> Carl
>
> On Wed, May 27, 2009 at 9:04 AM, Carl Anderson <[email protected]> wrote:
> > Awesome, it works now. It will probably be too slow because of the way
> > I set up the query, if it ever gets busy, but I doubt many people will
> > use this besides myself. One question, I tried this:
> >
> > def authorized_for_create?
> > #Grays out the edit link when the user isn't the creator
> > new_record? || current_user.id == self.universe.creator_id ||
> > current_user.userlimits.find(:first, :conditions => "universe_id =
> > #{self.universe_id}").rights >= 2
> > end
> >
> > and this:
> >
> > def authorized_for_new?
> > #Grays out the edit link when the user isn't the creator
> > new_record? || current_user.id == self.universe.creator_id ||
> > current_user.userlimits.find(:first, :conditions => "universe_id =
> > #{self.universe_id}").rights >= 2
> > end
> >
> > And the same code works great for the all the other actions, but the
> > "Create New" link in the upper right hand corner never gets grayed
> > out, even when the current user only has rights == 1. Is that a bug,
> > or is there some other way to disable that link?
> >
> > Thanks,
> > Carl
> >
> > On Tue, May 26, 2009 at 11:56 PM, Sergio Cambra .:: entreCables S.L.
> > ::. <[email protected]> wrote:
> >> I have debugged because I didn't remember how worked ActiveScaffold
> security
> >> code. Look at _list_actions.html.erb
> >> First, call to link.security_method in controller. Controller method
> check
> >> permissions against the class, which check permissions against an empty
> >> record. If it's authorized link will be shown, then permission is
> checked
> >> against the record, if it is not authorized link will be disabled.
> >>
> >> So, you should authorize for update new records (it sounds strange, I
> know):
> >> def authorized_for_update?
> >> new_record? || current_user.id == self.creator_id
> >> end
> >>
> >> Also, return false unless current_user.id == self.creator_id, is always
> >> false, because when current_user.id == self.creator_id it returns nil.
> >>
> >> On Lunes, 25 de Mayo de 2009 06:55:23 Carl escribió:
> >>> I'm using the master trunk of AS with Rails 2.3.2
> >>>
> >>> In one of my models I need to prevent the user from modifying the
> >>> model unless the current_user.id == creator_id. I am using the
> >>> nifty_authentication generator so I thought that perhaps the
> >>> current_user wasn't being passed through so I added a logger statement
> >>> to test things and I've run into something odd. Here's the code in my
> >>> model:
> >>>
> >>> class Universe < ActiveRecord::Base
> >>> has_many :permissions
> >>> has_many :users, :through => :permissions
> >>> belongs_to :creator, :class_name => "User", :foreign_key
> >>> => :creator_id
> >>>
> >>> def authorized_for_update?
> >>> logger.error "current user id = #{current_user.id}, self stats = #
> >>> {self.to_yaml}"
> >>> return false unless current_user.id == self.creator_id
> >>> end
> >>> end
> >>>
> >>> The logger statement reads like this in the log (there is currently
> >>> only one model in the database of this type currently):
> >>>
> >>> current user id = 1, self stats = --- !ruby/object:Universe
> >>> attributes:
> >>> name:
> >>> created_at:
> >>> updated_at:
> >>> creator_id:
> >>> description:
> >>> attributes_cache: {}
> >>>
> >>> new_record: true
> >>>
> >>>
> >>> So current_user.id is being set correctly, but shouldn't this have the
> >>> stats for the current model in it rather than a blank model? The model
> >>> in question should be showing up like this:
> >>>
> >>> --- !ruby/object:Universe
> >>> attributes:
> >>> name: Avatars
> >>> created_at: 2009-05-24 21:32:38
> >>> updated_at: 2009-05-25 01:53:56
> >>> id: "1"
> >>> creator_id: "1"
> >>> description: blah, blah
> >>> attributes_cache: {}
> >>>
> >>>
> >>> If anyone has any idea what I'm doing wrong here I'd really appreciate
> >>> it.I've looked through the other posts on here and it seems like it
> >>> should be working.
> >>>
> >>>
> >>
> >> --
> >> Sergio Cambra .:: entreCables S.L. ::.
> >> Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza
> >> T) 902 021 404 F) 976 52 98 07 E) [email protected]
> >>
> >>
> >> >>
> >>
> >
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"ActiveScaffold : Ruby on Rails plugin" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/activescaffold?hl=en
-~----------~----~----~----~------~----~------~--~---
