When I added that to the Character model it shows |1| in the log, but when I add it to Userlimit Model it shows ||. Why would it be set on one kind of model but not another? What am I doing differently between them? Am I missing something here?
You can see the models in my public repo on github: http://github.com/nextekcarl/storylines/tree/master Thanks, Carl On Wed, May 27, 2009 at 11:21 AM, Kenny Ortmann <[email protected]> wrote: > It would just depend on if the object has a universe yet or not. > > if the object is a new object it doesn't "have a universe" until it is saved > to the data base. > > in your method put > > def authorized_for_create? > puts "\n\n\n|#{self.universe_id}|\n\n\n" > current_user.id == self.universe.creator_id > end > > is anything in between the pipes? > > Kenny > On Wed, May 27, 2009 at 1:02 PM, Carl Anderson <[email protected]> wrote: >> >> I was looking at my logs when I noticed Rails was already caching that >> DB call, and then I remembered this: >> >> http://guides.rails.info/caching_with_rails.html#sql-caching >> >> >> But on another note, does anyone know why this method in several >> Models (Characters, Events, Locations) works perfectly: >> >> def authorized_for_create? >> current_user.id == self.universe.creator_id || >> current_user.userlimits.find(:first, :conditions => "universe_id = >> #{self.universe_id}").rights >= 2 >> end >> >> but this one fails in another Model (userlimits): >> >> def authorized_for_create? >> current_user.id == self.universe.creator_id >> end >> >> The error I get is that self.universe is nil (so it doesn't have a >> creator_id method on it). But that seems strange to me, since in the >> first model that statement returns true. I know that because if the >> current_user is the creator of the Universe, the second statement >> would have a nil object because the current_user never has Userlimits >> on their own Universe (I did this so that you can't possibly lock >> yourself out of your own creation.) And checking from the console >> shows this to be true. And I've checked with different made up users >> and the first model works exactly as expected under the different >> conditions (if they are the Creator of the Universe it returns true, >> non creator but with userlimits on the current universe greater than >> or equal to 2 returns true, and anything else returns false and >> doesn't render the "Create new" link.) >> >> Both models have this line: >> >> belongs_to :universe >> >> And the User model has this: >> >> has_many :userlimits >> has_many :universes, :through => :userlimits >> >> I can't figure out why it works on all the models except this one >> (basically I just don't want anyone but the creator of a Universe to >> be able to give new users access to the current Universe). I have code >> in place that prevents the Create New link from actually working, but >> I'd really like it to just not even show up like it works with the 4 >> other models that implement the code. >> >> Carl >> >> On Wed, May 27, 2009 at 9:16 AM, Kenny Ortmann <[email protected]> >> wrote: >> > in your controller create a private method >> > >> > private >> > def userlimits >> > @userlimits ||= current_user.userlimits.find(:first, :conditions => >> > "universe_id =#{self.universe_id}").rights >> > end >> > >> > this will cache your userlimits for the user and you will only make the >> > database call once. or you could go as far as to do this aslo >> > >> > def has_admin_rights? >> > @admin_rights ||= userlimits.rights >=2 >> > end >> > >> > and this will cache the users rights so you only make the >= 2 call >> > once. >> > but the time it takes to evaluate # >=2 is negligible. >> > >> > >> > be sure to make these methods private. They only cache the userlimits >> > per >> > request, but it is still a speed up. >> > >> > Kenny >> > >> > On Wed, May 27, 2009 at 11:10 AM, Carl Anderson <[email protected]> >> > wrote: >> >> >> >> Forget it, I figured out it was the "new_record?" that was doing it >> >> and by removing that from the authorized_for_create? command worked >> >> perfectly. >> >> >> >> Thanks again, >> >> Carl >> >> >> >> On Wed, May 27, 2009 at 9:04 AM, Carl Anderson <[email protected]> >> >> wrote: >> >> > Awesome, it works now. It will probably be too slow because of the >> >> > way >> >> > I set up the query, if it ever gets busy, but I doubt many people >> >> > will >> >> > use this besides myself. One question, I tried this: >> >> > >> >> > def authorized_for_create? >> >> > #Grays out the edit link when the user isn't the creator >> >> > new_record? || current_user.id == self.universe.creator_id || >> >> > current_user.userlimits.find(:first, :conditions => "universe_id = >> >> > #{self.universe_id}").rights >= 2 >> >> > end >> >> > >> >> > and this: >> >> > >> >> > def authorized_for_new? >> >> > #Grays out the edit link when the user isn't the creator >> >> > new_record? || current_user.id == self.universe.creator_id || >> >> > current_user.userlimits.find(:first, :conditions => "universe_id = >> >> > #{self.universe_id}").rights >= 2 >> >> > end >> >> > >> >> > And the same code works great for the all the other actions, but the >> >> > "Create New" link in the upper right hand corner never gets grayed >> >> > out, even when the current user only has rights == 1. Is that a bug, >> >> > or is there some other way to disable that link? >> >> > >> >> > Thanks, >> >> > Carl >> >> > >> >> > On Tue, May 26, 2009 at 11:56 PM, Sergio Cambra .:: entreCables S.L. >> >> > ::. <[email protected]> wrote: >> >> >> I have debugged because I didn't remember how worked ActiveScaffold >> >> >> security >> >> >> code. Look at _list_actions.html.erb >> >> >> First, call to link.security_method in controller. Controller method >> >> >> check >> >> >> permissions against the class, which check permissions against an >> >> >> empty >> >> >> record. If it's authorized link will be shown, then permission is >> >> >> checked >> >> >> against the record, if it is not authorized link will be disabled. >> >> >> >> >> >> So, you should authorize for update new records (it sounds strange, >> >> >> I >> >> >> know): >> >> >> def authorized_for_update? >> >> >> new_record? || current_user.id == self.creator_id >> >> >> end >> >> >> >> >> >> Also, return false unless current_user.id == self.creator_id, is >> >> >> always >> >> >> false, because when current_user.id == self.creator_id it returns >> >> >> nil. >> >> >> >> >> >> On Lunes, 25 de Mayo de 2009 06:55:23 Carl escribió: >> >> >>> I'm using the master trunk of AS with Rails 2.3.2 >> >> >>> >> >> >>> In one of my models I need to prevent the user from modifying the >> >> >>> model unless the current_user.id == creator_id. I am using the >> >> >>> nifty_authentication generator so I thought that perhaps the >> >> >>> current_user wasn't being passed through so I added a logger >> >> >>> statement >> >> >>> to test things and I've run into something odd. Here's the code in >> >> >>> my >> >> >>> model: >> >> >>> >> >> >>> class Universe < ActiveRecord::Base >> >> >>> has_many :permissions >> >> >>> has_many :users, :through => :permissions >> >> >>> belongs_to :creator, :class_name => "User", :foreign_key >> >> >>> => :creator_id >> >> >>> >> >> >>> def authorized_for_update? >> >> >>> logger.error "current user id = #{current_user.id}, self stats = # >> >> >>> {self.to_yaml}" >> >> >>> return false unless current_user.id == self.creator_id >> >> >>> end >> >> >>> end >> >> >>> >> >> >>> The logger statement reads like this in the log (there is currently >> >> >>> only one model in the database of this type currently): >> >> >>> >> >> >>> current user id = 1, self stats = --- !ruby/object:Universe >> >> >>> attributes: >> >> >>> name: >> >> >>> created_at: >> >> >>> updated_at: >> >> >>> creator_id: >> >> >>> description: >> >> >>> attributes_cache: {} >> >> >>> >> >> >>> new_record: true >> >> >>> >> >> >>> >> >> >>> So current_user.id is being set correctly, but shouldn't this have >> >> >>> the >> >> >>> stats for the current model in it rather than a blank model? The >> >> >>> model >> >> >>> in question should be showing up like this: >> >> >>> >> >> >>> --- !ruby/object:Universe >> >> >>> attributes: >> >> >>> name: Avatars >> >> >>> created_at: 2009-05-24 21:32:38 >> >> >>> updated_at: 2009-05-25 01:53:56 >> >> >>> id: "1" >> >> >>> creator_id: "1" >> >> >>> description: blah, blah >> >> >>> attributes_cache: {} >> >> >>> >> >> >>> >> >> >>> If anyone has any idea what I'm doing wrong here I'd really >> >> >>> appreciate >> >> >>> it.I've looked through the other posts on here and it seems like it >> >> >>> should be working. >> >> >>> >> >> >>> >> >> >> >> >> >> -- >> >> >> Sergio Cambra .:: entreCables S.L. ::. >> >> >> Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza >> >> >> T) 902 021 404 F) 976 52 98 07 E) [email protected] >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > >> >> >> >> >> > >> > >> > > >> > >> >> > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en -~----------~----~----~----~------~----~------~--~---
