SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Hybrid View

  1. #1
    SitePoint Enthusiast
    Join Date
    Jul 2006
    0 Post(s)
    0 Thread(s)

    restful_authentication and authentication plugin usage


    I have installed restful_authentication and authentication plugin
    ( ) Login, signup
    and activation is working, but I find it very difficult to take it
    futher from here.

    How do I check if a user is logged in and redirect to /login if not?
    (for all actions in my messages controller)

    The authorization plugin has added a roles table, does anyone have an
    example on how to use such a role? Should I add thoose roles from
    mysql or the console?

    What I am trying to do is very basic - the logged in user should only
    CRUD his/her own records /objects. How should that be implemented?
    This is an example:

    Code Ruby:
      def edit 
        @blog = Blog.find(params[:id]) 
      def update 
        @blog = Blog.find(params[:id]) 
        if @blog.update_attributes(params[:blog]) 
          redirect_to :controller => 'blogs', :action => 'show', :id => 
          render :action => 'edit' 

    Hope that any of you can help me out here. I am a bit stuck and been
    working on this all weekend.

    Best regards.
    Asbjørn Morell.

  2. #2
    SitePoint Member
    Join Date
    Oct 2007
    0 Post(s)
    0 Thread(s)
    I've used this restful_authentication setup, minus the email activation stuff, in the past and it seems to work OK.

    You end up with a current_user method you can call from your controllers, which make scoping things that belong to users really easy. Assuming your Blog model has a user_id field, and your User model :has_many => :blogs (or :has_one I suppose, depending on exactly what your 'Blog' is representing here), you'll be able to do current_user.blogs.find(params[:id]) in your BlogController actions and the current user will only be able to access posts that belong to them.

    Checking for login status is dead easy with the above setup, too; you just use :login_required as a before_filter for any action that require a user be logged in and you're pretty much sorted.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts