Help with Access Control

Hi,

I am following the excellent tutorial http://www.railsforum.com/viewtopic.php?id=14216
(post 5) on how to implement an access control feature i.e. only a
friend is allowed to view a profile of a particular member. I am not
using the restful authentication plugin as the author is using to
implement the authentication feature (post 1) in the tutorial. All I
am interested in is the post 5 where the author explains how to
implement access control. I have created the friends table and
followed post 5 step by step, unfortunately I am getting the following
error when I try to attempt to run the "show" method. Some tips will
really be helpful, many thanks in advance

   error: stack level too deep
   usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
reflection.rb:219:in `derive_class_name'
   /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
reflection.rb:106:in `class_name'
   /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
reflection.rb:129:in `klass'
   /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
reflection.rb:189:in `source_reflection'
  /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
reflection.rb:189:in `collect'
   /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
reflection.rb:189:in `source_reflection'
    ...
   /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
associations.rb:1128:in `new'
  /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
associations.rb:1128:in `pals'
  app/models/user.rb:17:in `has_pal?'
  app/controllers/users_controller.rb:20:in `show'

/models/user.rb

  line 16: def has_pal?(pal)
  line 17: self.pals.find(pal) ? true : false
  Line 18: end

   /controllers/users_controller.rb

  Line 18: def show
  Line 19: @info = User.find(params[:id])
  Line 20: unless current_user.has_pal?(@info)
  Line 21: redirect_to :controller => "users", :action => "index"
  Line 22: end
  Line 23: end

here is the full contents of the user model

require 'digest/sha1'
class User < ActiveRecord::Base
  has_many :pals
  has_many :pals, :through => :pals
# attr_accessor :password

  validates_presence_of :username
  validates_presence_of :password
  validates_presence_of :password_confirmation
  validates_length_of :password, :within => 4..40
  validates_confirmation_of :password
  validates_length_of :username, :within => 3..40
  validates_length_of :email, :within => 3..100
  validates_uniqueness_of :username, :email, :case_sensitive =>
false

    def has_pal?(pal)
  # self.pals.find(pal) ? true : false
end

  #validate
  # errors.add_to_base("No password") if crypted_password.blank?
  # end

# Authenticates a user by their username name and unencrypted
password. Returns the user or nil.
  def self.authenticate(username, crypted_password)
    login = find_by_username(username) # need to get the salt
    if login
      expected_password = encrypted_password(crypted_password,
login.salt)
      if login.crypted_password != expected_password
        login = nil
  end
  end
  login
  end

def password
  @password
end
def password=(pw)
  @password = pw
  create_new_salt
  self.crypted_password = User.encrypted_password(self.password,
self.salt)
end

  def remember_token?
    remember_token_expires_at && Time.now.utc <
remember_token_expires_at
  end

  # These create and unset the fields required for remembering users
between browser closes
  def remember_me
    self.remember_token_expires_at = 2.weeks.from_now.utc
    self.remember_token = encrypt("#{email}--
#{remember_token_expires_at}")
    save(false)
  end

  def forget_me
    self.remember_token_expires_at = nil
    self.remember_token = nil
    save(false)
  end

private
    # before filter
    def self.encrypted_password(password, salt)
      string_to_hash = "#{password}wibble"+ salt
      Digest::SHA1.hexdigest(string_to_hash)
    end

    def create_new_salt
      self.salt = self.object_id.to_s + rand.to_s
  end
end