problems with acl_system and before_filter

Josh2 · November 1, 2006, 10:54pm

i am using the acl_system plugin but am having problems when users try to access restricted pages before they are logged in.

i have my before_filter :check_authentication before the access_control line, but everytime i try to access a page without being logged in, i get an error saying:

Couldn't find User without an ID

/usr/local/lib/ruby/gems/1.8/gems/activerecord-1.14.4/lib/active_record/base.rb:939:in `find_from_ids' /usr/local/lib/ruby/gems/1.8/gems/activerecord-1.14.4/lib/active_record/base.rb:382:in `find' #{RAILS_ROOT}/app/controllers/application.rb:15:in `current_user'

nothing should be accessing my current_user method before the user is logged in, and this all worked until i added the acl line right after it.

is this a bug or did i do something wrong?

Ezra_Zygmuntowicz · November 2, 2006, 12:14am

Well the acl_system plugin does its thing based on the current_user method. SO you really should only be using the access_control for pages that you are sure the users will be logged in for. The login action has to set the current_user for access_control to work. Can you paste your controller code? I can help make it work.

Cheers-

-- Ezra Zygmuntowicz-- Lead Rails Evangelist -- ez@engineyard.com -- Engine Yard, Serious Rails Hosting -- (866) 518-YARD (9273)

Jens_Wille · November 2, 2006, 11:06am

hi ezra!

Ezra Zygmuntowicz [02.11.2006 01:14]:

Well the acl_system plugin does its thing based on the current_user method. SO you really should only be using the access_control for pages that you are sure the users will be logged in for. The login action has to set the current_user for access_control to work.

sure, but when i ran across that very same problem, i decided that acl_system should simply allow access if the user hasn't been logged in yet:

---- snip ---- module Caboose::LogicParser alias :original_process :process

def process(logicstring, context) context[:user].nil? or original_process(logicstring, context) end end ---- snip ----

otherwise i wouldn't be able to protect my login controller (which actually is an account controller) by acl_system.

cheers jens

Josh2 · November 2, 2006, 3:00pm

Here is some code from my Tasks controller and my application.rb file:

class TasksController < ApplicationController

layout 'standard'

before_filter :check_authentication

access_control :DEFAULT => 'POD', [:sort, :update_position] => '(admin & POD)'

.... controller methods ... end

class ApplicationController < ActionController::Base

def check_authentication unless session[:user_id] session[:original_uri] = request.request_uri flash[:notice] = 'Please log in' redirect_to :controller => 'account', :action => 'login' end end

helper_method :current_user def current_user @current_user ||= User.find(session[:user_id]) end end

Thanks for the help

Josh2 · November 2, 2006, 3:06pm

I ran into this problem because i have emails sent out with links to certain tasks, but it requires login in order to view them.

i store the intended url in a session variable and then redirect them to that page once they are logged in so that they don't have to dig through all of the tasks to find the one they were looking for.