problems with acl_system and before_filter

i am using the acl_system plugin but am having problems when users try
to access restricted pages before they are logged in.

i have my before_filter :check_authentication before the access_control
line, but everytime i try to access a page without being logged in, i
get an error saying:

Couldn't find User without an ID

/usr/local/lib/ruby/gems/1.8/gems/activerecord-1.14.4/lib/active_record/base.rb:939:in
`find_from_ids'
/usr/local/lib/ruby/gems/1.8/gems/activerecord-1.14.4/lib/active_record/base.rb:382:in
`find'
#{RAILS_ROOT}/app/controllers/application.rb:15:in `current_user'

nothing should be accessing my current_user method before the user is
logged in, and this all worked until i added the acl line right after
it.

is this a bug or did i do something wrong?

Well the acl_system plugin does its thing based on the current_user method. SO you really should only be using the access_control for pages that you are sure the users will be logged in for. The login action has to set the current_user for access_control to work. Can you paste your controller code? I can help make it work.

Cheers-

-- Ezra Zygmuntowicz-- Lead Rails Evangelist
-- ez@engineyard.com
-- Engine Yard, Serious Rails Hosting
-- (866) 518-YARD (9273)

hi ezra!

Ezra Zygmuntowicz [02.11.2006 01:14]:

Well the acl_system plugin does its thing based on the
current_user method. SO you really should only be using the
access_control for pages that you are sure the users will be
logged in for. The login action has to set the current_user for
access_control to work.

sure, but when i ran across that very same problem, i decided that
acl_system should simply allow access if the user hasn't been logged
in yet:

---- snip ----
module Caboose::LogicParser
  alias :original_process :process

  def process(logicstring, context)
    context[:user].nil? or original_process(logicstring, context)
  end
end
---- snip ----

otherwise i wouldn't be able to protect my login controller (which
actually is an account controller) by acl_system.

cheers
jens

Here is some code from my Tasks controller and my application.rb file:

class TasksController < ApplicationController

  layout 'standard'

  before_filter :check_authentication

  access_control :DEFAULT => 'POD',
                 [:sort, :update_position] => '(admin & POD)'

   .... controller methods ...
end

class ApplicationController < ActionController::Base

  def check_authentication
    unless session[:user_id]
      session[:original_uri] = request.request_uri
      flash[:notice] = 'Please log in'
      redirect_to :controller => 'account', :action => 'login'
    end
  end

  helper_method :current_user
  def current_user
    @current_user ||= User.find(session[:user_id])
  end
end

Thanks for the help

I ran into this problem because i have emails sent out with links to
certain tasks, but it requires login in order to view them.

i store the intended url in a session variable and then redirect them
to that page once they are logged in so that they don't have to dig
through all of the tasks to find the one they were looking for.