I have multiple roles in my application. Now I want to block a method for all users except the administrator and a manager. When I do this:
before_filter (:check_administrator_role), :only => [:administration] before_filter (:check_taskmanager_role), :only => [:administration]
The user must have both roles. How can I change that to an "OR" combination?
How about
before_filter(:admin_authorized), :only => [:administration]
def admin_authorized check_administrator_role || check_taskmanager_role end
or
before_filter :only => [:administration] {|controller, action| controller.check_administrator_role || controller.check_taskmanager_role}
Thank you, but both method does not work. Maby I'm stupid (This is my first month with RoR), but in my application a user has only one role. So the first method does not work. And the second method I don't understand. What do I have to fill in as controller, and action? Also he said "{" is unexpected at your second method.
I've also tried; before_filter (:check_administrator_role || :check_taskmanager_role), :only => [:administration]
Rick Denatale wrote:
Thank you, but both method does not work. Maby I'm stupid (This is my first month with RoR), but in my
application a user has only one role. So the first method does not work. And the second method I don't understand. What do I have to fill in as controller, and action? Also he said "{" is unexpected at your second method.I've also tried; before_filter (:check_administrator_role || :check_taskmanager_role), :only => [:administration]
You can't do anything like that. you need to produce a single filter
that performs the check (which seems to be what rick's suggestion is).
Fred
Yes that's what I was suggesting.
I think the problem was I didn't really go into how filters work. the two existing check_xxx_role methods probably look something like:
def check_administrator_role redirect_to somewhere unless user.has_role(:administrator) end
def check_taskmanager_role redirect_to somewhere unless user.has_role(:taskmanager) end
So my simple admin_authorized method will actually stop the filter chain unless the user has BOTH roles rather than either, instead rather than calling the other two filter methods, it need to do something like:
def admin_authorized redirect_to somewhere unless user.has_role(:administrator) || user.has_role(:taskmanager) end
or some equivalent logic.
I was about to suggest something along the lines of Rick's last suggestion. Why note create a single method with a sponge parameter so that it accepts one or more role names and returns whether or not the user is one or more of those roles? If you did that then you could include the method in your ApplicationController and share the logic with all your controllers.
def authorized_for_roles(*roles) roles.each{|role_name| return true if user.has_role?(role_name)} false end
With that you could have a before_filter like this:
before_filter :authorize_administration, :only=>:administration ... private def authorize_administration authorized_for_roles :administrator, :taskmanager end
hi...
can u explain to me what is "@current_user.has_role?(role)" means. "has_role" izzit a method that u define by urself ?
Thanks You!!!!!!!
hi i am new to rails. i tried to create a site with multiple role as described above. when i tried the following code def authorized_for_roles(*roles) roles.each{|role| return true if @current_user.has_role?(role)} permission_denied end i got the following error You have a nil object when you didn't expect it! The error occurred while evaluating nil.has_role?
can anyone explain what is wrong.
thank you