On Jul 2, 2010, at 12:44 PM, Lille wrote:
Rob,
I see what you're saying, esp., given your comment:
"you have to load the user info (session + User model) to check the
permission anyway so you have to hit the database"
Unlike what I sense is anticipated by the Authlogic example code, I
take the following approach in my app:
unauthenticated users can use all app functionality up to a certain
point, when they have to register (a try-before-you-buy approach.)
So, under this approach I have to apply the require_user approach in a
before_filter for every action, not just those associated with a few
protected pages. This just seems like a lot of work. It's like adding
a layer of authentication goo all over my app and unlike, preferably,
enabling authentication as a 'switch' to my app.
Lille
If you only put the before_filter :require_user on those controllers
(or scoped to :only => [:some, :actions]), then you only have the
overhead for the actions that really need a user. You can also use (I
think) skip_session to avoid all the session overhead when you have
absolutely no need for it.
-Rob
On Jul 2, 12:20 pm, Rob Biedenharn <[email protected]>
wrote:
On Jul 2, 2010, at 12:02 PM, Lille wrote:
@Rob - Yes, I see what you're referring to in the Authlogic example
code. I guess I can feel comforted by that...
@Marnen, @Rob - ...but isn't reliance on session expensive, e.g., if
I've chosen server-side ActiveRecordStore session storage?
Um, compared to what? If the work to instantiate the session from the
database, alter a value, and write it base is your bottleneck, I'd
say
you have one blazingly fast application ;-)
I wouldn't worry about that (at least no yet). You have to load the
user info (session + User model) to check the permission anyway so
you
have to hit the database.
-Rob
On Jul 2, 11:51 am, Rob Biedenharn <[email protected]>
wrote:
On Jul 2, 2010, at 11:42 AM, Marnen Laibow-Koser wrote:
My hope would be for something like:
redirect_to :back
But this is a no-go...
Why?
Well, for one thing, you don't always have an HTTP_REFERER (if the
user types a URL into the browser for example).
You get this nearly for free with Authlogic anyway. Just modify
the
example require_user and associated code to fit your needs.
-Rob
Rob Biedenharn
[email protected] http://AgileConsultingLLC.com/
[email protected] http://GaslightSoftware.com/
--
You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-
[email protected].
To unsubscribe from this group, send email to
[email protected]
.
For more options, visit this group
athttp://groups.google.com/group/rubyonrails-talk?hl=en
.
Rob Biedenharn
[email protected] http://AgileConsultingLLC.com/
[email protected] http://GaslightSoftware.com/
--
You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-
[email protected].
To unsubscribe from this group, send email to [email protected]
.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en
.
Rob Biedenharn http://agileconsultingllc.com
[email protected]
+1 513-295-4739
Skype: rob.biedenharn
--
You received this message because you are subscribed to the Google Groups "Ruby on
Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
