Declarative authorization seems to require params[:id] to do its validation and I want to use paths like /profile and /dashboard where the user is stored in the session and not the URL. But it breaks. Any ideas on how I can do this without hacking the gem itself?
views:
44answers:
4
Q:
How can I use declarative authorization without always keeping the user id as a param in the URL?
A:
I use AuthLogic, but as far as I know "current_user" is not going to be accessible through a route.
You would need to check, in the controller, if params[:id] == "current_user" (as a string) and then do some logic based on that... i.e:
if params[:id] == "current_user"
@user_id = current_user.id
else
@user_id = params[:id]
end
@user = User.find(@user_id)
A very simplistic example, but it should illustrate the type of logic you're going to need to get the current_user from a custom route. You could also just map a named route for current_user to it's own controller action, but that's not very RESTful and would [most likely] duplicate functionality you already have.
A:
Declarative authorization seems to require params[:id] to do its validation
This is only true if you are relying on filter_resource_access to set instance variables in the controller. You can set up your own authorization scheme by specifying filter_access_to. This allows you to set up your own custom methods which can be based on whatever you like -- session variables, model attributes, etc.
The controller section in this introduction explains filter_access_to and gives some examples.
zetetic
2010-07-13 06:37:35
+1
A:
If you have users in your application, why don't use a authentication plugin? I use Restful authentication and with a few work I have complete session management. For your problem this plugin has a helper method current_user that retrieves the user with opened session.
I think its better rely on plugins like Restful Authentication (or AuthLogic like the response #1) than implement your solution, but you'll know better your needs ;)
pablorc
2010-07-13 06:48:57