before_filter to restrict user from editing locked item

I have a list of items in which some are locked. if they are locked
then I want to make them not be able to be edited.

how can i set up something like this:

before_filter :locked?(item), :only => [:edit, :update]

  def locked?(item)
    if item.locked then return false
  end

or how should i be doing this?

thanks!

I have a list of items in which some are locked. if they are locked
then I want to make them not be able to be edited.

how can i set up something like this:

before_filter :locked?(item), :only => [:edit, :update]

def locked?(item)
   if item.locked then return false
end

Well you can't pass an argument to a filter like that. you'd have to
fetch the item first (I presume this is all boilerplate stuff so
you're interested in the one of id params[:id].
Also, returning false from a filter doesn't do anything any more - you
need to render or redirect to halt the filter chain.

Fred

Frederick Cheung wrote:

end

Well you can't pass an argument to a filter like that. you'd have to
fetch the item first (I presume this is all boilerplate stuff so
you're interested in the one of id params[:id].
Also, returning false from a filter doesn't do anything any more - you
need to render or redirect to halt the filter chain.

Fred

thanks for the info fred.

i was just thinking that I should probably do the checking to see if an
item is locked in the model before updating. so in item.rb:

  before_save :validate

  def validate

    @user = User.find_by_id(session[:user_id])

    if self.locked == 1 && @user.admin == 1
      self.errors.add_to_base("This item is locked and can only be
edited by an administrator.")
      return false
    end
  end

the only problem i have here is that I am unable to access the session
variable or the "admin?" function in my authenticated_system library.

is there an easy solution to check if a user is an admin from a model?
this way sounds like it might be a little easier then using a
boilerplate.

Frederick Cheung wrote:

thanks for the info fred.

i was just thinking that I should probably do the checking to see if an
item is locked in the model before updating. so in item.rb:

Personally I would keep this in the controller. For example if you had
a cron job that updating items at night or something like that you
wouldn't want to have to fake up a user for that.

Fred

Frederick Cheung wrote: