how can i make sure the user assign a role BEFORE they can navigate
away from the page.
Basically you can't. The user can navigate away by many means that are out of your control. You are better off coming at the problem from a different direction and, perhaps, having a default role that is there initially and the user either adds another role and removes the default (you can restrict removing the final role) or leaves it at default.
You can't force someone to do something before leaving a page since
there's always the back button, typing in a URL, etc. An after_filter
won't be very useful but what about a before_filter?
With a before_filter you can check if there are any ghost users and
redirect to the user role page to force them to choose a role for the
ghost user. So, if they leave the role page after removing a role, they
will be taken back to it until they choose a role.
Will that work?
If you have multiple admins you could store in the session the user that
had a role removed and by which logged in admin to prevent it from
redirecting admin A to set a role when it was admin B that removed the
role.
It's not a perfect solution, but you can use window.onbeforeunload
(javascript) to check for some condition. The user still has the option
of leaving, but at least they are notified that something is not right.
In one app I work on, some "notifications" are collected as the
administrator makes scheduling changes. We want to send all of the
notifications at one time, so we let the admin continue to work and
click a button when ready. In the event that the notifications have not
been sent when the page unloads, a message pops up to let the admin know
they haven't finished the process. My JavaScript looks like:
function notifications_check(evt)
{
if (pending_notifications)
{
var message = "There are pending notifications. By leaving this
page before sending them, " +
"you risk losing them completely. Are you sure you want to leave?"
if (typeof evt == 'undefined')
{
evt = window.event;
}
My first thought was to use a before_filter (only for pages that display
member information that could expose a broken role) and check the
referer to see if the user came from the roles page. If so, you could
find any broken members and give them a default role.
Thinking more about it, however, it seems like we're avoiding the cause
of the problem and trying to hack it. The real issue is that you
shouldn't allow admins to remove someone's role in the first place. I
now suggest changing your role page to let the admin change a role (not
remove) _ or if you allow multiple roles let them only remove all but
the lowest assigned role. Another option would be to keep it as is but
check when a role is removed - if that member now has no roles then
assign them a default one.
i have a people STI table (admin, manager, instructor, staff, member)
then i have user table (login info) with a has_one: person
roles table which is a general 5 records table to store the access
level / roles
permissions which is a join table between people and roles
so changing a role would be actually : select from a drop down then on
the controller -> remove the previous role and reassign the selected
one
i think you're 100% right, i'll see if i can do that, let me know if
you can think of anything else
