Ruby on Rails

On Jul 2, 2010, at 12:44 PM, Lille wrote:

> Rob,
>
> I see what you're saying, esp., given your comment:
>
> "you have to load the user info (session + User model) to check the
> permission anyway so you have to hit the database"
>
> Unlike what I sense is anticipated by the Authlogic example code, I
> take the following approach in my app:
>
> unauthenticated users can use all app functionality up to a certain
> point, when they have to register (a try-before-you-buy approach.)
>
> So, under this approach I have to apply the require_user approach in a
> before_filter for every action, not just those associated with a few
> protected pages. This just seems like a lot of work. It's like adding
> a layer of authentication goo all over my app and unlike, preferably,
> enabling authentication as a 'switch' to my app.
>
> Lille

If you only put the before_filter :require_user on those controllers
(or scoped to :only => [:some, :actions]), then you only have the
overhead for the actions that really need a user. You can also use (I
think) skip_session to avoid all the session overhead when you have
absolutely no need for it.

-Rob

>
> On Jul 2, 12:20 pm, Rob Biedenharn <R...@AgileConsultingLLC.com>
> wrote:
>> On Jul 2, 2010, at 12:02 PM, Lille wrote:
>>
>>> @Rob - Yes, I see what you're referring to in the Authlogic example
>>> code. I guess I can feel comforted by that...
>>
>>> @Marnen, @Rob - ...but isn't reliance on session expensive, e.g., if
>>> I've chosen server-side ActiveRecordStore session storage?
>>
>> Um, compared to what? If the work to instantiate the session from the
>> database, alter a value, and write it base is your bottleneck, I'd
>> say
>> you have one blazingly fast application ;-)
>>
>> I wouldn't worry about that (at least no yet). You have to load the
>> user info (session + User model) to check the permission anyway so
>> you
>> have to hit the database.
>>
>> -Rob
>>
>>
>>
>>
>>
>>
>>
>>> On Jul 2, 11:51 am, Rob Biedenharn <R...@AgileConsultingLLC.com>
>>> wrote:
>>>> On Jul 2, 2010, at 11:42 AM, Marnen Laibow-Koser wrote:
>>
>>>>>> My hope would be for something like:
>>
>>>>>> redirect_to :back
>>
>>>>>> But this is a no-go...
>>
>>>>> Why?
>>
>>>> Well, for one thing, you don't always have an HTTP_REFERER (if the
>>>> user types a URL into the browser for example).
>>
>>>> You get this nearly for free with Authlogic anyway. Just modify
>>>> the
>>>> example require_user and associated code to fit your needs.
>>
>>>> -Rob
>>
>>>> Rob Biedenharn
>>>> R...@AgileConsultingLLC.com http://AgileConsultingLLC.com/
>>>> r...@GaslightSoftware.com http://GaslightSoftware.com/
>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ruby on Rails: Talk" group.
>>> To post to this group, send email to rubyonrails-
>>> talk@googlegroups.com.
>>> To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com
>>> .
>>> For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en
>>> .
>>
>> Rob Biedenharn
>> R...@AgileConsultingLLC.com http://AgileConsultingLLC.com/
>> r...@GaslightSoftware.com http://GaslightSoftware.com/
>
> --
> You received this message because you are subscribed to the Google
> Groups "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails-
> talk@googlegroups.com.
> To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com
> .
> For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en
> .
>

Rob Biedenharn http://agileconsultingllc.com
Rob@AgileConsultingLLC.com
+1 513-295-4739
Skype: rob.biedenharn

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.