rails3 authlogic admin roles - ruby-on-rails

I have authlogic working fine but now have the need to let administrator users come in and have different access.
So I created a migration adding administrator column to the Users table as string. However, I just can not seem to get the value of it out!!
see below my index action:
print "\n administrator" + User.find(current_user.id).administrator.to_s
the above line never prints anything when I know that this user HAS administrator string set to true in the db.
Below is the User model
class User < ActiveRecord::Base
acts_as_authentic {|config|
config.validates_uniqueness_of_email_field_options :scope => :id
}
belongs_to :another_class
end
what am I doing wrong here? All I want to do is get the administrator column value out. In the logs I can see the select users.* from users where id = 2 query being run!
is there another best way to manage admin roles with authlogic??

You're likely better off using cancan for managing roles and permissions. It can be used in combination with authlogic.
If you are going to just add a flag "administrator" field to the user record, it should work as long as your rules are simple, but would be better as a boolean rather than a string.

You say you have an "administrator" column of strings in your database and you're looking for a value of true. Maybe you wanted a Boolean column?

Related

Replace a column with something else of the same name, but keep populating it

I'm updating a system to have a more normalized database schema. Currently we have a builds table with a user column that stores a username as text. I'd like to add a user_id column and a users table, and have some_build.user return the user model. Pretty straightforward so far.
Unfortunately, the tests on this codebase are less thorough than you'd hope. In the event we have to roll back the change, I'd like to keep populating the old user column. I tried putting this in build.rb:
alias_attribute :legacy_username, :user
before_save do
if changed_attributes.keys.include? 'user_id'
legacy_username = user.name
end
end
I was hoping it would write to the user column, while leaving Build#user pointed at the User model. Unfortunately, legacy_username ends up aliasing the user method, not the user column--that is, some_build.legacy_username returns a User, and the before_save hook is not successful.
Is there a way I can coördinate this while keeping everything called user, or do I need to rename something?
Aha! Turns out you can set database values directly using ActiveRecord::Base#[]=:
before_save do
if changed-attributes.keys.include? 'user_id'
self[:user] = username
end
end
No alias needed.

Add 'current_user' to a model. (Devise) Rails

Hi I'm new here and also new in rails.
I want to add a couple values by default to a database called books (Model: Book.erb)
there is a user who creates these books(current_user), and I thought that a way to identify who creates and deletes this content is by adding some default values from the user and clasificate them (to be specific username and password)
my table ":books" has available two fields for adding username and password
I tried to do this:
# Book.erb
class Book < ActiveRecord::Base
after_save :set_default_values
def set_default_values
self.username = current_user.username
self.password = current_user.encrypted_password
end
end
but it seems to be that I can't call 'current_user' from this model.
I was reading a pratice on this blog
but some were saying that this method violates the MVC pattern, do you agree with them?
do you guys know a better way to do this process without violating the pattern?
Well, I'm not sure I can conceive of why you'd want to store a user name and user password in a book table as even if it was easily explained, it would be in violation of normalization practices for good database design which pretty much states you should only express a field once and then share it where it needs to be shared.
Now, assuming you must do this for some reason I can't conceive, I'd have to ask if "username" is your actual field or is it just "name" which is more standard Rails. And, I believe you'll have to have a relationship between these models to pull the data from one into the other and I don't see that book has_many users or one or belongs_to or anything of that sort.
With a relationship between book and user you have access to all user properties without writing them anywhere other than the user table. So I think you probably want to look at that.

Conditional 'attr_accessible' using ActiveResource in Ruby on Rails

I have two RoR3 application:
http://users.domain.local
http://profiles.domain.local
I created the 'users/models/profile.rb':
class Profile < ActiveResource::Base
self.site = "http://profiles.domain.local"
end
In 'profiles/models/profile.rb' I have:
attr_accessible :name
My profile's SQL table contains these columns:
id
name
user_id
So if I run Profile.create(:name => "test_name") a new profile will be created in http://profiles.domain.local with the name "test_name".
For obvious security reasons, I don't want to make accessible the 'user_id' attribute, but I need to set that on the profile creation from the 'users' application.
I tryed a lot of way do make that, but I can't find an easy solution. Maybe, it is possible with an if statement near the 'attr_accessible' of the 'profile' application that fill a request from the 'user' application.
Can somebody help me?
You could try something like what Amazon Web Services does: use a very long, randomly generated key with each request. Check that key is correct in your profiles app, and if yes, update the attribute.
Solution: Don't use simply Profile.create, use the association builders instead. Protect the user_id attribute and use user.profiles.create!(params[:profile]) to have it automatically set the user_id field for profiles to whatever the user object is.

Gem, update and compatibility

I have a User model, the user can gradually insert information on their profile (age, description, avatar, etc..). Those users can be viewed in the public web site only if they have complete their entire profile.
Whats is the best way in rails to put constraint on query without polluting every single call to Active Record User model. Is there're a way for
User.all
to return result with those constraints by default?
Tks a lot!
You could define a scope.
# user.rb
scope :complete, where("age IS NOT NULL", "description IS NOT NULL",...)
Then you can just do User.complete and it will fetch User objects matching those conditions. For more information:
http://api.rubyonrails.org/classes/ActiveRecord/NamedScope/ClassMethods.html

Ruby on Rails - Optional Associations?

I would like to allow users to write comments on a site. If they are registered users their username is displayed with the comment, otherwise allow them to type in a name which is displayed instead.
I was going to create a default anonymous user in the database and link every non-registered comment to that user. Would there be a better way to do it?
Any advice appreciated.
Thanks.
The problem with creating an anonymous user is then you need to check if a comment was made by a "real" user, or an anonymous one when displaying the name, so that introduces complexity. Plus, if you have a way of viewing their profile page, which may include posting history, you'd need to exclude the anonymous user with an exception.
Generally it's better to have a column on your comments which represents the user's visible name, and just show that if provided, or the registered user's name otherwise. For instance, your view helper might look like this:
class Comment < ActiveRecord::Base
belongs_to :user
def user_name
self.anonymous_name or (self.user and self.user.name) or 'Anonymous'
end
end
This will display the contents of the anonymous_name field of the Comment record, or the user's name if a user is assigned, or 'Anonymous' as a last-ditch effort to show something.
Sometimes it's advantageous to actually de-normalize a lot of the database when dealing with large numbers of comments so you don't have to load in the user table via a join simply to display a name. Populating this field with the user's name, even if they're not anonymous, may help with this, though it does mean these values need to be updated when a username changes, presuming that's even possible.
I think you can make user_id on your comment model nullable since you want to allow non registered users to add comments as well. As far as adding names for the non registered users are concerned, there are two options for that
option 1. Add a column on Comment model and name it like anonymous_user where you will store names of non registered users
option 2. Create a another model AnonymousCommentor with name and comment_id attributes.
If you are going to use anonymous users for other things as well apart from comment in your application then you can make it polymorphic and use a suitable name like AnonymousUser instead of AnonymousCommentor

Resources