before_filter to restrict user from editing locked item

rubyonrails-talk
1

I have a list of items in which some are locked. if they are locked then I want to make them not be able to be edited.

how can i set up something like this:

before_filter :locked?(item), :only => [:edit, :update]

  def locked?(item)     if item.locked then return false   end

or how should i be doing this?

thanks!

2

I have a list of items in which some are locked. if they are locked then I want to make them not be able to be edited.

how can i set up something like this:

before_filter :locked?(item), :only => [:edit, :update]

def locked?(item)    if item.locked then return false end

Well you can't pass an argument to a filter like that. you'd have to
fetch the item first (I presume this is all boilerplate stuff so
you're interested in the one of id params[:id]. Also, returning false from a filter doesn't do anything any more - you
need to render or redirect to halt the filter chain.

Fred

3

Frederick Cheung wrote:

end

Well you can't pass an argument to a filter like that. you'd have to fetch the item first (I presume this is all boilerplate stuff so you're interested in the one of id params[:id]. Also, returning false from a filter doesn't do anything any more - you need to render or redirect to halt the filter chain.

Fred

thanks for the info fred.

i was just thinking that I should probably do the checking to see if an item is locked in the model before updating. so in item.rb:

  before_save :validate

  def validate

    @user = User.find_by_id(session[:user_id])

    if self.locked == 1 && @user.admin == 1       self.errors.add_to_base("This item is locked and can only be edited by an administrator.")       return false     end   end

the only problem i have here is that I am unable to access the session variable or the "admin?" function in my authenticated_system library.

is there an easy solution to check if a user is an admin from a model? this way sounds like it might be a little easier then using a boilerplate.

4

Frederick Cheung wrote:

thanks for the info fred.

i was just thinking that I should probably do the checking to see if an item is locked in the model before updating. so in item.rb:

Personally I would keep this in the controller. For example if you had a cron job that updating items at night or something like that you wouldn't want to have to fake up a user for that.

Fred

5

Frederick Cheung wrote: