tags:

views:

24

answers:

2
Q: 

Controlled access and routing

I have a rails application and I want to manage access to the application in a controlled way. The client user would have access to only certain views in the application, whereas the admin can access any page. In future, I may also add some semi-admins who might have access to a subset of pages that were accessed by the admin. I already have a login authentication but I want a better solution to control user access to certain pages in my application.

+1  A: 

use before_filter

users_controller.rb

  class UsersController < ApplicationController
    before_filter :login_required, :except=>[:show]
    before_filter :required_admin, :only=>[:all_users]

    def show

    end

    def all_users

    end

    def edit

    end

  end

application_controller.rb

  class ApplicationController < ActionController::Base

    def current_user
       session[:user]
    end

    def login_required
      if current_user
        return true
      else
        flash[:notice]='Please login to continue.'
        redirect_to :controller => "logins"
      end
    end

    def required_admin
      if current_user && current_user.is_admin?  #check here if current user is admin or not
        return true
      else
        flash[:notice]='Please login as admin.'
        redirect_to :controller => "logins"
      end
    end
  end

  1. Show method can see anyone with & without login

  2. only admin can see all_users method

  3. edit method can see any login user (i.e user admin)

Salil  2010-07-09 08:50:07
@Salil - This i have done already. What i want is say i have a buyer, customer and a vendor model.My admin can see change all the models through views created by scaffolds.My semi-admin can access only customer model.My client user can see only his user model and the data i show him.
Silver Spoon  2010-07-09 09:23:45
Views aren't one-to-one with models, so this depends on how you're presenting your app. If you want, you could have, say, a `show` view where there is a conditional branch inside that redirects to either `show_admin` or `show_user` depending on who is viewing it.
Karl  2010-07-09 16:44:44
+1  A: 

It appears you have the basics of authentication down, but just need a role-based authorization solution. You might want to take a look at CanCan, it works well with most authentication packages. There is a good railscast on how to use it.

Hope this helps.

Geoff Lanotte  2010-07-09 14:15:15

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.