Help with Access Control

Hi,

I am following the excellent tutorial http://www.railsforum.com/viewtopic.php?id=14216 (post 5) on how to implement an access control feature i.e. only a friend is allowed to view a profile of a particular member. I am not using the restful authentication plugin as the author is using to implement the authentication feature (post 1) in the tutorial. All I am interested in is the post 5 where the author explains how to implement access control. I have created the friends table and followed post 5 step by step, unfortunately I am getting the following error when I try to attempt to run the "show" method. Some tips will really be helpful, many thanks in advance

   error: stack level too deep    usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/ reflection.rb:219:in `derive_class_name'    /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/ reflection.rb:106:in `class_name'    /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/ reflection.rb:129:in `klass'    /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/ reflection.rb:189:in `source_reflection'   /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/ reflection.rb:189:in `collect'    /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/ reflection.rb:189:in `source_reflection'     ...    /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/ associations.rb:1128:in `new'   /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/ associations.rb:1128:in `pals'   app/models/user.rb:17:in `has_pal?'   app/controllers/users_controller.rb:20:in `show'

/models/user.rb

  line 16: def has_pal?(pal)   line 17: self.pals.find(pal) ? true : false   Line 18: end

   /controllers/users_controller.rb

  Line 18: def show   Line 19: @info = User.find(params[:id])   Line 20: unless current_user.has_pal?(@info)   Line 21: redirect_to :controller => "users", :action => "index"   Line 22: end   Line 23: end

here is the full contents of the user model

require 'digest/sha1' class User < ActiveRecord::Base   has_many :pals   has_many :pals, :through => :pals # attr_accessor :password

  validates_presence_of :username   validates_presence_of :password   validates_presence_of :password_confirmation   validates_length_of :password, :within => 4..40   validates_confirmation_of :password   validates_length_of :username, :within => 3..40   validates_length_of :email, :within => 3..100   validates_uniqueness_of :username, :email, :case_sensitive => false

    def has_pal?(pal)   # self.pals.find(pal) ? true : false end

  #validate   # errors.add_to_base("No password") if crypted_password.blank?   # end

# Authenticates a user by their username name and unencrypted password. Returns the user or nil.   def self.authenticate(username, crypted_password)     login = find_by_username(username) # need to get the salt     if login       expected_password = encrypted_password(crypted_password, login.salt)       if login.crypted_password != expected_password         login = nil   end   end   login   end

def password   @password end def password=(pw)   @password = pw   create_new_salt   self.crypted_password = User.encrypted_password(self.password, self.salt) end

  def remember_token?     remember_token_expires_at && Time.now.utc < remember_token_expires_at   end

  # These create and unset the fields required for remembering users between browser closes   def remember_me     self.remember_token_expires_at = 2.weeks.from_now.utc     self.remember_token = encrypt("#{email}-- #{remember_token_expires_at}")     save(false)   end

  def forget_me     self.remember_token_expires_at = nil     self.remember_token = nil     save(false)   end

private     # before filter     def self.encrypted_password(password, salt)       string_to_hash = "#{password}wibble"+ salt       Digest::SHA1.hexdigest(string_to_hash)     end

    def create_new_salt       self.salt = self.object_id.to_s + rand.to_s   end end