Databases
StackOverflow2013
Postsdbo
POrails before_filter preventing access to controllers
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POrails before_filter preventing access to controllers
    text
    copied!<p>I've got an app where the user can nominate a keyholder who can also view their account. I've got a before_filter than means that only the account holder, or their keyholder, can view their account. This code works fine for either person viewing the user's home page, but I can't do anything further - I am currently logged in as the keyholder, and I can't log out, or add 'notes' to either account (right now the keyholder has unrestricted access to their own account and the person they are keyholder for). Please can anyone help?</p> <p>The before_filter is:</p> <pre><code>def correct_user @user = User.find(params[:id]) unless (@user &amp;&amp; current_user.id == @user.id) || ((current_user.access_id==@user.id)&amp;&amp;(current_user.id==@user.access_id)) redirect_to root_path end end </code></pre> <p>and the error I am getting when trying to e.g. create a note is:</p> <pre><code>ActiveRecord::RecordNotFound in NotesController#new Couldn't find User without an ID </code></pre> <p>it is referring to the @user line in the before_filter.</p> <p>How come when I am logged in as the keyholder, I can view the homepage, but do nothing else? Thanks!</p> <p>UPDATE:</p> <p>Updated before_filter (in application_controller.rb):</p> <pre><code>def correct_user if params[:id] @user = User.find(params[:id]) unless (@user &amp;&amp; current_user.id == @user.id) || ((current_user.access_id==@user.id)&amp;&amp;(current_user.id==@user.access_id)) redirect_to root_path end else redirect_to root_path end end </code></pre> <p>Console output on note creation:</p> <pre><code>Started POST "/notes" for 127.0.0.1 at 2013-02-28 14:10:49 +0000 Processing by NotesController#create as HTML Parameters: {"utf8"=&gt;"V", "authenticity_token"=&gt;"qMDHQAoC4l3Be5YZKSH1AJ9E5zS1D kMNCW2KzUZ38gM=", "note"=&gt;{"user_id"=&gt;"16", "content"=&gt;""}, "commit"=&gt;"Update Note"} Redirected to http://localhost:3000/ Filter chain halted as :correct_user rendered or redirected Completed 302 Found in 98ms (ActiveRecord: 0.0ms) Started GET "/" for 127.0.0.1 at 2013-02-28 14:10:49 +0000 Processing by PublicController#index as HTML ←[1m←[36mUser Load (3.0ms)←[0m ←[1mSELECT "users".* FROM "users" WHERE "users "."id" = 16 LIMIT 1←[0m Rendered public/index.html.erb within layouts/application (5.0ms) ←[1m←[36mTimeline Load (3.0ms)←[0m ←[1mSELECT "timelines".* FROM "timelines" WHERE "timelines"."user_id" = 16 LIMIT 1←[0m ←[1m←[36mMessageBoard Load (2.0ms)←[0m ←[1mSELECT "message_boards".* FROM "me ssage_boards" WHERE "message_boards"."user_id" = 16 LIMIT 1←[0m Rendered partials/_menuoptions.html.erb (53.0ms) Completed 200 OK in 551ms (Views: 535.0ms | ActiveRecord: 16.0ms) </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload