Rob Biedenharn wrote:
> On Jan 22, 2010, at 1:02 PM, John Merlino wrote:
>
>>
>> Is there any kind of debugging feature I can run to see what gets
>> passed
>> into resource in this specific instance.
>>
>> Also, user_read_authorized? is not defined anywhere else in
>> application.
>> Is that legal in rails? Can someone just define :user_read_authorized?
>> and it mean something?
>>
>> Thanks for any suggestions
>
> As to the second part of your question, it is perfectly "legal" to
> define your own method names and the behavior that you expect. In this
> case, it seems like a resource (probably a model) is presumed to be
> readable (true) unless the resource has defined its
> own :user_read_authorized? method that takes a user and supplies a
> particular answer (and if a login has not been required, current_user
> might be false).
>
> Shame on you if your method names don't make sense, of course. ;-)
>
> -Rob
>
> Rob Biedenharn http://agileconsultingllc.com
> [email protected]
def read_authorized?(resource)
if resource.respond_to? :user_read_authorized?
resource.user_read_authorized? current_user
else
true
end
end
So Ruby has a function called respond_to? that can be used to seeing if
a particular class or object has a method with a certain name. So if the
resource (e.g. record 1 of Users table) is readable (true) unless the
resource has defined its own :user_read_authorized? method. If it does
have a :user_read_authorized? method, then we take the user
(resource.user_read_authorized?(current_user)) and evaluates it against
the method. So if the method requires user to be logged in and have a
role 6, then if current_user is logged in but has a role 5, then we
return false. Otherwise (else) we return true, which means the user will
have access to the page.
Is this what you were saying Rob?
Also, would the next step to prevent the user from accessing, let's say,
the edit action of User page be to define :user_read_authorized?
So basically assign user_read_authorized role priveleges so it can test
it against the priveleges of current_user (the currently logged in
user).
Any responses would be greatly appreciated. I been on this all day.
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
