It would just depend on if the object has a universe yet or not.
if the object is a new object it doesn't "have a universe" until it is saved
to the data base.
in your method put
def authorized_for_create?
puts "\n\n\n|#{self.universe_id}|\n\n\n"
current_user.id == self.universe.creator_id
end
is anything in between the pipes?
Kenny
On Wed, May 27, 2009 at 1:02 PM, Carl Anderson <[email protected]> wrote:
>
> I was looking at my logs when I noticed Rails was already caching that
> DB call, and then I remembered this:
>
> http://guides.rails.info/caching_with_rails.html#sql-caching
>
>
> But on another note, does anyone know why this method in several
> Models (Characters, Events, Locations) works perfectly:
>
> def authorized_for_create?
> current_user.id == self.universe.creator_id ||
> current_user.userlimits.find(:first, :conditions => "universe_id =
> #{self.universe_id}").rights >= 2
> end
>
> but this one fails in another Model (userlimits):
>
> def authorized_for_create?
> current_user.id == self.universe.creator_id
> end
>
> The error I get is that self.universe is nil (so it doesn't have a
> creator_id method on it). But that seems strange to me, since in the
> first model that statement returns true. I know that because if the
> current_user is the creator of the Universe, the second statement
> would have a nil object because the current_user never has Userlimits
> on their own Universe (I did this so that you can't possibly lock
> yourself out of your own creation.) And checking from the console
> shows this to be true. And I've checked with different made up users
> and the first model works exactly as expected under the different
> conditions (if they are the Creator of the Universe it returns true,
> non creator but with userlimits on the current universe greater than
> or equal to 2 returns true, and anything else returns false and
> doesn't render the "Create new" link.)
>
> Both models have this line:
>
> belongs_to :universe
>
> And the User model has this:
>
> has_many :userlimits
> has_many :universes, :through => :userlimits
>
> I can't figure out why it works on all the models except this one
> (basically I just don't want anyone but the creator of a Universe to
> be able to give new users access to the current Universe). I have code
> in place that prevents the Create New link from actually working, but
> I'd really like it to just not even show up like it works with the 4
> other models that implement the code.
>
> Carl
>
> On Wed, May 27, 2009 at 9:16 AM, Kenny Ortmann <[email protected]>
> wrote:
> > in your controller create a private method
> >
> > private
> > def userlimits
> > @userlimits ||= current_user.userlimits.find(:first, :conditions =>
> > "universe_id =#{self.universe_id}").rights
> > end
> >
> > this will cache your userlimits for the user and you will only make the
> > database call once. or you could go as far as to do this aslo
> >
> > def has_admin_rights?
> > @admin_rights ||= userlimits.rights >=2
> > end
> >
> > and this will cache the users rights so you only make the >= 2 call once.
> > but the time it takes to evaluate # >=2 is negligible.
> >
> >
> > be sure to make these methods private. They only cache the userlimits
> per
> > request, but it is still a speed up.
> >
> > Kenny
> >
> > On Wed, May 27, 2009 at 11:10 AM, Carl Anderson <[email protected]>
> wrote:
> >>
> >> Forget it, I figured out it was the "new_record?" that was doing it
> >> and by removing that from the authorized_for_create? command worked
> >> perfectly.
> >>
> >> Thanks again,
> >> Carl
> >>
> >> On Wed, May 27, 2009 at 9:04 AM, Carl Anderson <[email protected]>
> wrote:
> >> > Awesome, it works now. It will probably be too slow because of the way
> >> > I set up the query, if it ever gets busy, but I doubt many people will
> >> > use this besides myself. One question, I tried this:
> >> >
> >> > def authorized_for_create?
> >> > #Grays out the edit link when the user isn't the creator
> >> > new_record? || current_user.id == self.universe.creator_id ||
> >> > current_user.userlimits.find(:first, :conditions => "universe_id =
> >> > #{self.universe_id}").rights >= 2
> >> > end
> >> >
> >> > and this:
> >> >
> >> > def authorized_for_new?
> >> > #Grays out the edit link when the user isn't the creator
> >> > new_record? || current_user.id == self.universe.creator_id ||
> >> > current_user.userlimits.find(:first, :conditions => "universe_id =
> >> > #{self.universe_id}").rights >= 2
> >> > end
> >> >
> >> > And the same code works great for the all the other actions, but the
> >> > "Create New" link in the upper right hand corner never gets grayed
> >> > out, even when the current user only has rights == 1. Is that a bug,
> >> > or is there some other way to disable that link?
> >> >
> >> > Thanks,
> >> > Carl
> >> >
> >> > On Tue, May 26, 2009 at 11:56 PM, Sergio Cambra .:: entreCables S.L.
> >> > ::. <[email protected]> wrote:
> >> >> I have debugged because I didn't remember how worked ActiveScaffold
> >> >> security
> >> >> code. Look at _list_actions.html.erb
> >> >> First, call to link.security_method in controller. Controller method
> >> >> check
> >> >> permissions against the class, which check permissions against an
> empty
> >> >> record. If it's authorized link will be shown, then permission is
> >> >> checked
> >> >> against the record, if it is not authorized link will be disabled.
> >> >>
> >> >> So, you should authorize for update new records (it sounds strange, I
> >> >> know):
> >> >> def authorized_for_update?
> >> >> new_record? || current_user.id == self.creator_id
> >> >> end
> >> >>
> >> >> Also, return false unless current_user.id == self.creator_id, is
> always
> >> >> false, because when current_user.id == self.creator_id it returns
> nil.
> >> >>
> >> >> On Lunes, 25 de Mayo de 2009 06:55:23 Carl escribió:
> >> >>> I'm using the master trunk of AS with Rails 2.3.2
> >> >>>
> >> >>> In one of my models I need to prevent the user from modifying the
> >> >>> model unless the current_user.id == creator_id. I am using the
> >> >>> nifty_authentication generator so I thought that perhaps the
> >> >>> current_user wasn't being passed through so I added a logger
> statement
> >> >>> to test things and I've run into something odd. Here's the code in
> my
> >> >>> model:
> >> >>>
> >> >>> class Universe < ActiveRecord::Base
> >> >>> has_many :permissions
> >> >>> has_many :users, :through => :permissions
> >> >>> belongs_to :creator, :class_name => "User", :foreign_key
> >> >>> => :creator_id
> >> >>>
> >> >>> def authorized_for_update?
> >> >>> logger.error "current user id = #{current_user.id}, self stats = #
> >> >>> {self.to_yaml}"
> >> >>> return false unless current_user.id == self.creator_id
> >> >>> end
> >> >>> end
> >> >>>
> >> >>> The logger statement reads like this in the log (there is currently
> >> >>> only one model in the database of this type currently):
> >> >>>
> >> >>> current user id = 1, self stats = --- !ruby/object:Universe
> >> >>> attributes:
> >> >>> name:
> >> >>> created_at:
> >> >>> updated_at:
> >> >>> creator_id:
> >> >>> description:
> >> >>> attributes_cache: {}
> >> >>>
> >> >>> new_record: true
> >> >>>
> >> >>>
> >> >>> So current_user.id is being set correctly, but shouldn't this have
> the
> >> >>> stats for the current model in it rather than a blank model? The
> model
> >> >>> in question should be showing up like this:
> >> >>>
> >> >>> --- !ruby/object:Universe
> >> >>> attributes:
> >> >>> name: Avatars
> >> >>> created_at: 2009-05-24 21:32:38
> >> >>> updated_at: 2009-05-25 01:53:56
> >> >>> id: "1"
> >> >>> creator_id: "1"
> >> >>> description: blah, blah
> >> >>> attributes_cache: {}
> >> >>>
> >> >>>
> >> >>> If anyone has any idea what I'm doing wrong here I'd really
> appreciate
> >> >>> it.I've looked through the other posts on here and it seems like it
> >> >>> should be working.
> >> >>>
> >> >>>
> >> >>
> >> >> --
> >> >> Sergio Cambra .:: entreCables S.L. ::.
> >> >> Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza
> >> >> T) 902 021 404 F) 976 52 98 07 E) [email protected]
> >> >>
> >> >>
> >> >> >>
> >> >>
> >> >
> >>
> >>
> >
> >
> > >
> >
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"ActiveScaffold : Ruby on Rails plugin" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/activescaffold?hl=en
-~----------~----~----~----~------~----~------~--~---
