MaD wrote:
> at least that token-problem is solved.
>
> but it's still weird, cause that session_expiry code is actually
> working on one of my apps. are you sure you don't have some sort of
> typo? (sth. like > instead of <) i would debug that piece of code to
> see, why the session is reset.
> btw: 1800 sec is of course half an hour (not what my comment stated)
> *g*
My code seems intact -
MAX_SESSION_PERIOD = 1800
before_filter :check_session_expiration
def check_session_expiration
if session[:expiry_time] and seesion[:expiry_time] > Time.now
reset_session
end
session[:expiry_time] = MAX_SESSION_PERIOD.seconds.from_now
return true
end
I'm not really sure what about it messes things up - on the surface it
seems as though it should work. For now I'll omit it and try to
gradually introduce it.
Regarding my previous question on using groups and users - I decided to
go with users that can only belong to a single group - this makes it
easier to manage on my end, and there really is no need to add the
many-to-many groups/users at this point.
Say that I have many groups (10 or so) and each group has varying
permissions on pages across the site. I also created a page and
permission models, such that:
page has_and_belongs_to_many :groups, :join_table => 'permissions'
group has_and_belongs_to_many :pages, :join_table => 'permissions'
The permissions table holds the page_id and group_id, and booleans for
can_read, can_write and can_execute.
My question is - what's the best way to manage these permissions in my
controllers? I thought about adding an if statement at the beginning of
each action to see if the user's group can access this page, but this
seems like a lot of duplication:
def index
if user.group.can_access_page?(page_id)
# render index
else
# render some 'you cannot access this page' message
end
end
def update
if user.group.can_write_page?(page_id)
# perform update
else
# render 'sorry - no updates allowed'
end
end
and so on. I could just restrict access to the controller with before
filter, but what if the user uses direct routes in the address bar
(/controller/new/1)?
I'd appreciate insights on this - I really want to dry up my code as
much as possible - thanks.
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
