[Rails] Re: Where is the best place to check whether it is admin or normal user logged in?

Ruby on Rails Wednesday, July 8, 2015

I inserted some suggestions into your code..

module SessionsHelper
def log_in(user)
    session[:user_id] = user.id
  end
 
  def current_user
    @current_user ||= User.find_by(id: session[:user_id])
  end
 
  # Returns true if the given user is the current user.
  def current_user?(user)
    user == current_user
  end
 
  def logged_in?
    !current_user.nil?
  end
 
  # Redirects to stored location (or to the default).
  def redirect_back_or(default)
    redirect_to(session[:forwarding_url] || default)
    session.delete(:forwarding_url)
  end
 
  # Stores the URL trying to be accessed.
  def store_location
    session[:forwarding_url] = request.url if request.get?
  end
 
  def log_out
    session.delete(:user_id)
    @current_user = nil
    session.delete(:isitadmin)
  end
 
  def admin(role)
    session[:isitadmin] = role
  end
 
  I don't think you need this
 
 #def checkadmin
 #   admin?(session[:isitadmin])
 # end
 
 

    You are making the call to admin? to verify whether or not a current_user has roleid type '1', eg is an admin.  I believe this should read

     def admin?    (no argument)
        current_user.roleid == "1" ? true : false    (roleid, as you indicate below,  is the field that is storing that flag.  Need to test it as a string.  
      end
def admin?(rolea)
   rolea == 1  
  end    
 
  end
end

 
This is my sessions_controller.rb file

def loginnow
    role = User.where(userid: params[:session][:userid]).pluck(:roleid)   ## This call isn't necessary
   
   
user = User.find_by(userid: params[:session][:userid])    ## you should verify validity of session[:userid], and then check validity of user 
    if user && user.authenticate(params[:session][:password])
      # Log the user in and redirect to the user's show page.
      admin user.roleid.to_s    ## to_s may not be necessary
      log_in user
     
     
        Change this to     if user.admin?
  if admin?(role)
        flash.now[:info] = 'You are logged in as Admin and your roleid is #{role}'      ## Remove .now, see http://api.rubyonrails.org/classes/ActionDispatch/Flash/FlashHash.html#method-i-now
        redirect_to dashboard_index_path     ## are you displaying flash in view... Something like <% flash.each .... %>
        puts "*******************************************************************************************************"      
        puts "The roleid is #{rolea} executed in if part"                
        puts "*******************************************************************************************************"
      else
        flash.now[:danger] = 'For some reason you are not recognized as Admin and the roleid is #{role}'
        redirect_to dashboard_index_path
        puts "*******************************************************************************************************"
        puts "The roleid is #{role} executed in else part"                
        puts "*******************************************************************************************************"
      end


--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/8af5edba-9c04-4580-8c26-8899c06c63ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Posted by Ruby on Rails at 5:38 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)