First off, I want to apologize if this topic has been previously
addressed on the list. I looked, but could have missed it.
I'm trying to run a subscription site, and have created a Subscription
resource. I now have a table that holds a user_id, sub_user_id, and
expiration (in UTC.) I've constructed a query (that doesn't blow up!)
in my application controller that should check if a user's
subscription is valid:
if @subscription.nil?
redirect_to root_url
end
end
I would like to use this as a before filter in my other controllers,
so I can keep the code DRY. However, I'm at a loss when it comes to
passing in the current_user_id and content_owner_id into this method
through a before_filter. (For instance, every post can be marked as
"subscription" required, and if the user has an active subscription,
let them see the post.)
I would like to use this as a before filter in my other controllers,
so I can keep the code DRY. However, I'm at a loss when it comes to
passing in the current_user_id and content_owner_id into this method
through a before_filter. (For instance, every post can be marked as
"subscription" required, and if the user has an active subscription,
let them see the post.)
I think, in this case, I would add a name_scope to User model that finds
the user's active/valid subscriptions:
current_user.valid_subscriptions(content_owner)
Use a before_filter to load the content_owner in your controller(s).
I'll leave it as an exercise for you to figure out how to write the
named_scope to do that.
Try removing current_user_id and current_owner_id from the parameters
list and moving them into ApplicationController as methods (like you
would see with Authlogic/restful-authentication).
class ApplicationController
before_filter :check_subscriptions
def current_user_id
# however you collect this
# or nil if it can't be set
end
def current_owner_id
# however you collect this
# or nil if it can't be set
end
# the rest of your method as defined above
end
end
Also, you may want to look into using a third-party library for this.
I use be9's ACL9 authorization plugin to achieve something very
similar in one of my apps.