before_filter with multiple roles

I have multiple roles in my application.
Now I want to block a method for all users except the administrator and
a manager.
When I do this:

before_filter (:check_administrator_role), :only => [:administration]
before_filter (:check_taskmanager_role), :only => [:administration]

The user must have both roles. How can I change that to an "OR"
combination?

How about

  before_filter(:admin_authorized), :only => [:administration]

def admin_authorized
   check_administrator_role || check_taskmanager_role
end

or

before_filter :only => [:administration] {|controller, action|
controller.check_administrator_role ||
controller.check_taskmanager_role}

Thank you, but both method does not work.
Maby I'm stupid (This is my first month with RoR), but in my application
a user has only one role. So the first method does not work. And the
second method I don't understand. What do I have to fill in as
controller, and action? Also he said "{" is unexpected at your second
method.

I've also tried;
before_filter (:check_administrator_role || :check_taskmanager_role),
:only => [:administration]

Rick Denatale wrote:

Thank you, but both method does not work.
Maby I'm stupid (This is my first month with RoR), but in my
application
a user has only one role. So the first method does not work. And the
second method I don't understand. What do I have to fill in as
controller, and action? Also he said "{" is unexpected at your second
method.

I've also tried;
before_filter (:check_administrator_role || :check_taskmanager_role),
:only => [:administration]

You can't do anything like that. you need to produce a single filter
that performs the check (which seems to be what rick's suggestion is).

Fred

Yes that's what I was suggesting.

I think the problem was I didn't really go into how filters work. the
two existing check_xxx_role methods probably look something like:

def check_administrator_role
   redirect_to somewhere unless user.has_role(:administrator)
end

def check_taskmanager_role
   redirect_to somewhere unless user.has_role(:taskmanager)
end

So my simple admin_authorized method will actually stop the filter
chain unless the user has BOTH roles rather than either, instead
rather than calling the other two filter methods, it need to do
something like:

def admin_authorized
   redirect_to somewhere unless user.has_role(:administrator) ||
user.has_role(:taskmanager)
end

or some equivalent logic.

I was about to suggest something along the lines of Rick's last
suggestion. Why note create a single method with a sponge parameter
so that it accepts one or more role names and returns whether or not
the user is one or more of those roles? If you did that then you
could include the method in your ApplicationController and share the
logic with all your controllers.

def authorized_for_roles(*roles)
  roles.each{|role_name| return true if user.has_role?(role_name)}
  false
end

With that you could have a before_filter like this:

before_filter :authorize_administration, :only=>:administration
...
private
def authorize_administration
  authorized_for_roles :administrator, :taskmanager
end

hi...

can u explain to me what is "@current_user.has_role?(role)" means.
"has_role" izzit a method that u define by urself ?

Thanks You!!!!!!!

hi
i am new to rails. i tried to create a site with multiple role as
described above.
when i tried the following code
def authorized_for_roles(*roles)
    roles.each{|role| return true if @current_user.has_role?(role)}
  permission_denied
end
i got the following error
You have a nil object when you didn't expect it!
The error occurred while evaluating nil.has_role?

can anyone explain what is wrong.

thank you