I was looking at my logs when I noticed Rails was already caching that DB call, and then I remembered this:
http://guides.rails.info/caching_with_rails.html#sql-caching But on another note, does anyone know why this method in several Models (Characters, Events, Locations) works perfectly: def authorized_for_create? current_user.id == self.universe.creator_id || current_user.userlimits.find(:first, :conditions => "universe_id = #{self.universe_id}").rights >= 2 end but this one fails in another Model (userlimits): def authorized_for_create? current_user.id == self.universe.creator_id end The error I get is that self.universe is nil (so it doesn't have a creator_id method on it). But that seems strange to me, since in the first model that statement returns true. I know that because if the current_user is the creator of the Universe, the second statement would have a nil object because the current_user never has Userlimits on their own Universe (I did this so that you can't possibly lock yourself out of your own creation.) And checking from the console shows this to be true. And I've checked with different made up users and the first model works exactly as expected under the different conditions (if they are the Creator of the Universe it returns true, non creator but with userlimits on the current universe greater than or equal to 2 returns true, and anything else returns false and doesn't render the "Create new" link.) Both models have this line: belongs_to :universe And the User model has this: has_many :userlimits has_many :universes, :through => :userlimits I can't figure out why it works on all the models except this one (basically I just don't want anyone but the creator of a Universe to be able to give new users access to the current Universe). I have code in place that prevents the Create New link from actually working, but I'd really like it to just not even show up like it works with the 4 other models that implement the code. Carl On Wed, May 27, 2009 at 9:16 AM, Kenny Ortmann <[email protected]> wrote: > in your controller create a private method > > private > def userlimits > @userlimits ||= current_user.userlimits.find(:first, :conditions => > "universe_id =#{self.universe_id}").rights > end > > this will cache your userlimits for the user and you will only make the > database call once. or you could go as far as to do this aslo > > def has_admin_rights? > @admin_rights ||= userlimits.rights >=2 > end > > and this will cache the users rights so you only make the >= 2 call once. > but the time it takes to evaluate # >=2 is negligible. > > > be sure to make these methods private. They only cache the userlimits per > request, but it is still a speed up. > > Kenny > > On Wed, May 27, 2009 at 11:10 AM, Carl Anderson <[email protected]> wrote: >> >> Forget it, I figured out it was the "new_record?" that was doing it >> and by removing that from the authorized_for_create? command worked >> perfectly. >> >> Thanks again, >> Carl >> >> On Wed, May 27, 2009 at 9:04 AM, Carl Anderson <[email protected]> wrote: >> > Awesome, it works now. It will probably be too slow because of the way >> > I set up the query, if it ever gets busy, but I doubt many people will >> > use this besides myself. One question, I tried this: >> > >> > def authorized_for_create? >> > #Grays out the edit link when the user isn't the creator >> > new_record? || current_user.id == self.universe.creator_id || >> > current_user.userlimits.find(:first, :conditions => "universe_id = >> > #{self.universe_id}").rights >= 2 >> > end >> > >> > and this: >> > >> > def authorized_for_new? >> > #Grays out the edit link when the user isn't the creator >> > new_record? || current_user.id == self.universe.creator_id || >> > current_user.userlimits.find(:first, :conditions => "universe_id = >> > #{self.universe_id}").rights >= 2 >> > end >> > >> > And the same code works great for the all the other actions, but the >> > "Create New" link in the upper right hand corner never gets grayed >> > out, even when the current user only has rights == 1. Is that a bug, >> > or is there some other way to disable that link? >> > >> > Thanks, >> > Carl >> > >> > On Tue, May 26, 2009 at 11:56 PM, Sergio Cambra .:: entreCables S.L. >> > ::. <[email protected]> wrote: >> >> I have debugged because I didn't remember how worked ActiveScaffold >> >> security >> >> code. Look at _list_actions.html.erb >> >> First, call to link.security_method in controller. Controller method >> >> check >> >> permissions against the class, which check permissions against an empty >> >> record. If it's authorized link will be shown, then permission is >> >> checked >> >> against the record, if it is not authorized link will be disabled. >> >> >> >> So, you should authorize for update new records (it sounds strange, I >> >> know): >> >> def authorized_for_update? >> >> new_record? || current_user.id == self.creator_id >> >> end >> >> >> >> Also, return false unless current_user.id == self.creator_id, is always >> >> false, because when current_user.id == self.creator_id it returns nil. >> >> >> >> On Lunes, 25 de Mayo de 2009 06:55:23 Carl escribió: >> >>> I'm using the master trunk of AS with Rails 2.3.2 >> >>> >> >>> In one of my models I need to prevent the user from modifying the >> >>> model unless the current_user.id == creator_id. I am using the >> >>> nifty_authentication generator so I thought that perhaps the >> >>> current_user wasn't being passed through so I added a logger statement >> >>> to test things and I've run into something odd. Here's the code in my >> >>> model: >> >>> >> >>> class Universe < ActiveRecord::Base >> >>> has_many :permissions >> >>> has_many :users, :through => :permissions >> >>> belongs_to :creator, :class_name => "User", :foreign_key >> >>> => :creator_id >> >>> >> >>> def authorized_for_update? >> >>> logger.error "current user id = #{current_user.id}, self stats = # >> >>> {self.to_yaml}" >> >>> return false unless current_user.id == self.creator_id >> >>> end >> >>> end >> >>> >> >>> The logger statement reads like this in the log (there is currently >> >>> only one model in the database of this type currently): >> >>> >> >>> current user id = 1, self stats = --- !ruby/object:Universe >> >>> attributes: >> >>> name: >> >>> created_at: >> >>> updated_at: >> >>> creator_id: >> >>> description: >> >>> attributes_cache: {} >> >>> >> >>> new_record: true >> >>> >> >>> >> >>> So current_user.id is being set correctly, but shouldn't this have the >> >>> stats for the current model in it rather than a blank model? The model >> >>> in question should be showing up like this: >> >>> >> >>> --- !ruby/object:Universe >> >>> attributes: >> >>> name: Avatars >> >>> created_at: 2009-05-24 21:32:38 >> >>> updated_at: 2009-05-25 01:53:56 >> >>> id: "1" >> >>> creator_id: "1" >> >>> description: blah, blah >> >>> attributes_cache: {} >> >>> >> >>> >> >>> If anyone has any idea what I'm doing wrong here I'd really appreciate >> >>> it.I've looked through the other posts on here and it seems like it >> >>> should be working. >> >>> >> >>> >> >> >> >> -- >> >> Sergio Cambra .:: entreCables S.L. ::. >> >> Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza >> >> T) 902 021 404 F) 976 52 98 07 E) [email protected] >> >> >> >> >> >> >> >> >> >> > >> >> > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en -~----------~----~----~----~------~----~------~--~---
