privacy settings validation problem


I am trying to give privacy settings to my users, I created a privacy_settings table and model with the following fields: id user_id setting

where setting has three options: public, private and friends and the user can select an option.

if the user selects, say for example private, then any other user cannot view his profile.

Another expert helped me with the below methods to accomplish this, still inspite of the perfectly seeming logic, the validation is not working and the access is being given to users irrespective of what the privacy settings of the user are...

class UserController     before_filter :verify_privacy, :only => :show

   4. # (...actions code...)

    private     def verify_privacy       @user = User.find(params[:id], :include => :privacy_setting)       return true if @user.privacy_setting.setting = "public"

This is always true, since you're doing assignment instead of comparison. You want ==, not =. The rest of the code will never be run.

     return false if @user.privacy_setting.setting = "private"      if @user.privacy_setting.setting = "friends" and !@user.is_friends_with?(current_user)       return false     end   end

This code is messy. I would suggest pulling this logic into a model method and creating some proper unit tests. You have many branches here, so you need to do some testing. For instance, what does this code do if privacy_setting is blank? Is that what you intend it to do?