restful_authentication and authentication plugin usage

[atmorell]

Hello,

I have installed restful_authentication and authentication plugin
( http://code.google.com/p/rails-authorization-plugin/ ) Login, signup
and activation is working, but I find it very difficult to take it
futher from here.


How do I check if a user is logged in and redirect to /login if not?
(for all actions in my messages controller)


The authorization plugin has added a roles table, does anyone have an
example on how to use such a role? Should I add thoose roles from
mysql or the console?


What I am trying to do is very basic - the logged in user should only
CRUD his/her own records /objects. How should that be implemented?
This is an example:

Code Ruby:

  def edit 
    @blog = Blog.find(params[:id]) 
  end 
 
 
  def update 
    @blog = Blog.find(params[:id]) 
    if @blog.update_attributes(params[:blog]) 
      redirect_to :controller => 'blogs', :action => 'show', :id => 
@blog 
    else 
      render :action => 'edit' 
    end 
  end

Hope that any of you can help me out here. I am a bit stuck and been
working on this all weekend.


Best regards.
Asbjørn Morell.

[MrCarrot]

I've used this restful_authentication setup, minus the email activation stuff, in the past and it seems to work OK.

You end up with a current_user method you can call from your controllers, which make scoping things that belong to users really easy. Assuming your Blog model has a user_id field, and your User model :has_many => :blogs (or :has_one I suppose, depending on exactly what your 'Blog' is representing here), you'll be able to do current_user.blogs.find(params[:id]) in your BlogController actions and the current user will only be able to access posts that belong to them.

Checking for login status is dead easy with the above setup, too; you just use :login_required as a before_filter for any action that require a user be logged in and you're pretty much sorted.