logged_in?

[Ivan Ukhov]

Hello!

If I understand right, role :guest is for users without roles and for
not logged in users. The question is how to write rules for only
logged in users? For example, only registered users can send comments.

Thanks.

[Steffen Bartsch]

Just assign a default role to all users that you create. Then, you can
specify authorization rules for that role. Does that help?

Steffen

[Ivan Ukhov]

It sure does, but... It's so uncomfortable... The plugin is great, and
it would be much better, if this feature was also implemented =)

like if_attribute

if_user_presents

and also

if_user :attribute => :value

the last one can check some attributes of the current user, it would
be nice too)

Thanks!

[Steffen Bartsch]

Am Freitag, 16. Oktober 2009 schrieb Ivan Ukhov:
> It sure does, but... It's so uncomfortable... The plugin is great, and
> it would be much better, if this feature was also implemented =)

I haven't quite understood yet why assigning a default role is hard.

We always have to weigh the implementation effort on the app developer side
(that might be decreased by such a feature) against increased learning effort
that is needed to read and edit the authorization rules. Thus, there need to
be good reasons for any addition to the authorization DSL.

> and also
>
> if_user :attribute => :value
>
> the last one can check some attributes of the current user, it would
> be nice too)

I haven't seen any example where I'd need this. Normally, there is some
relationship between a user and the object that the user is acting on. Can
you give an example where this is needed and simple role assignment is
unpractical?

Steffen

[Ivan Ukhov]

Let me ask you how you handle user roles? Separate model (Role
(user_id, name), or mb Role(name) + roles_users(user_id, role_id))? Or
just store them in a db column?

So there is an example

has_permissions_on :comments, :to => :create do
if_user :confirmed => true
end

... and yes, sure, I can do it using one more role.