Databases
StackOverflow2013
Postsdbo
POGetting the current request in rails from a file in lib/
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POGetting the current request in rails from a file in lib/
    text
    copied!<p>I've put all of my user-authentication code in one place, namely lib/auth.rb. It looks like this:</p> <p><strong>lib/auth.rb</strong></p> <pre><code>module Admin def do_i_have_permission_to?(permission) # Code to check all of this goes here end end </code></pre> <p>I include this module as part of the application helper, so these functions are available in all the views:</p> <p><strong>application_helper.rb</strong></p> <pre><code>require 'auth' module ApplicationHelper include Admin # other stuff here end </code></pre> <p>And I also include it as part of the application controller, so the controllers likewise can call the functions:</p> <p><strong>application.rb</strong></p> <pre><code>require 'auth' class ApplicationController &lt; ActionController::Base include Admin end </code></pre> <p>So far, so good. </p> <p>The problem is that my application is not like a normal web app. Specifically, more than one user can be logged into the system from the same computer at the same time (using the same browser). I do authentication for actions by looking at all the people who are logged in from that IP and if they can all do it, it passes. </p> <p>What this means is that, if an admin wants to do something, that admin has to log everyone else out first, which is annoying. But we want the admin seal of approval on everything the admin does. So the suggestion given to me was to have it so the admin can supply a username/password combo on any page they would not normally have access to (e.g. an 'edit user' page would have these extra input fields) and the authentication routines would check for that. This means</p> <pre><code>Admin::do_i_have_permission_to?(permission) </code></pre> <p>needs to get at the current request parameters. I can't just use params[:foo] like I would in a controller, because params isn't defined; similarly request.parameters[:foo] will also not work. My searching has revealed:</p> <ul> <li>The current search parameters are in the current request,</li> <li>The current request is in the current controller,</li> <li>The current controller is in the current dispatcher, and</li> <li>I'm not sure the current dispatcher is kept anywhere.</li> </ul> <p>That said, experience tells me that when I'm jumping through this many hoops, I'm very probably Doing It Wrong. So what is the right way to do it? Options I've considered are:</p> <ul> <li>Just move all the functions currently in auth.rb into the ApplicationHelper where (I think) they'll have access to the request and such. Works, but clutters the hell out of the helper.</li> <li>Move all the functions somewhere else they'll see those methods (I don't know where)</li> <li>I'm just plain missing something.</li> </ul>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload