Authentication / Roles

Hello,

I have installed restful_authentication and authentication plugin ( Google Code Archive - Long-term storage for Google Code Project Hosting. ) Login, signup and activation is working, but I find it very difficult to take it futher from here.

How do I check if a user is logged in and redirect to /login if not? (for all actions in my messages controller)

The authorization plugin has added a roles table, does anyone have an example on how to use such a role? Should I add thoose roles from mysql or the console?

What I am trying to do is very basic - the logged in user should only CRUD his/her own records /objects. How should that be implemented? This is an example:

  def edit     @blog = Blog.find(params[:id])   end

  def update     @blog = Blog.find(params[:id])     if @blog.update_attributes(params[:blog])       redirect_to :controller => 'blogs', :action => 'show', :id => @blog     else       render :action => 'edit'     end   end

Hope that any of you can help me out here. I am a bit stuck and been working on this all weekend.

Best regards. Asbjørn Morell.

Hi,

How do I check if a user is logged in and redirect to /login if not? (for all actions in my messages controller)

Provided that you have

  include AuthenticatedSystem

in either your MessagesController or your application.rb, you can use

  before_filter :login_required

in every controller you need to limit to logged in users.

The authorization plugin has added a roles table, does anyone have an example on how to use such a role? Should I add thoose roles from mysql or the console?

I tend to add my basic roles either within a migration, or from a short rake task. Generally I think its preferable not to work directly in the database layer, because by circumventing Rails/ActiveRecord you may lose out on validations and the like.

Or do you need examples how to manage roles from the web frontend?

What I am trying to do is very basic - the logged in user should only CRUD his/her own records /objects. How should that be implemented?

This can often be done quite nicely with a before_filter that loads the appropriate object, e.g assuming User has_one :blog :

  before_filter :load_blog

  protected

  def load_blog     @blog = current_user.blog   end

and have all your other methods use @blog instead of their own finders.

Jan