Question about users and restful_authentication

[Eric Gruber]

I've installed the restful_authentication plugin to my list-creating
application and so far, so good. You need a username and password to
sign in to create a list and add items to it, which is just what I
wanted.

However, no matter what name you sign in with, you can access all the
lists. My initial thought was that I needed to create associations to
limit this. For example, each user can have many lists, but each lists
can have only one user. I added that to the correct models, and
nothing changed.

Am I headed down the right path? Let me know if my question doesn't
make sense.

- Eric

[Aaron Sumner]

>
>
> However, no matter what name you sign in with, you can access all the
> lists. My initial thought was that I needed to create associations to
> limit this. For example, each user can have many lists, but each lists
> can have only one user. I added that to the correct models, and
> nothing changed.

That's the first step, but there's one more thing to do. For it work
you'll need some sort of authorization system--restful_authentication
just attempts to prove that someone is who they say they are, through
their access credentials. There are a lot of them out there but I
prefer one called restful_acl (find it on GitHub). It does require
that you're using RESTful controllers with standard CRUD actions--but
assuming that's so you can just add methods to your List model like

def is_readable_by(user, parent = nil)
self.user == user
end

In other words, if the user trying to access the list is the same as
the user associated with the list, let him view it. Otherwise he'll be
directed to an "access denied" view. Of course, you can also dictate
who's allowed to update or delete a list.

If you don't need something that complex, you could just check in the
list controller's #show method that @list.user == current_user.

[Eric Gruber]

I've added config.gem "mdarby-restful_acl", :lib => "restful_acl" to
environment.rb.

When I go to start Mongrel, I get this message:
-------------------------------
Missing these required gems:
mdarby-restful_acl

You're running:
ruby 1.8.6.287 at /System/Library/Frameworks/Ruby.framework/Versions/
1.8/usr/bin/ruby
rubygems 1.3.1 at /Users/rumblestrut/.gem/ruby/1.8, /Library/Ruby/
Gems/1.8, /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/
lib/ruby/gems/1.8

Run `rake gems:install` to install the missing gems.
-------------------------------

So, I run rake gems:install. Then I get this:

ERROR: could not find gem mdarby-restful_acl locally or in a
repository

I've Googled that error message that haven't found anything. Ideas on
what I'm doing wrong? The restful_acl page is here:
http://wiki.github.com/mdarby/restful_acl.

Eric

[Aaron Sumner]

So, I run rake gems:install. Then I get this:

ERROR:  could not find gem mdarby-restful_acl locally or in a
repository

I've Googled that error message that haven't found anything. Ideas on
what I'm doing wrong? The restful_acl page is here:
http://wiki.github.com/mdarby/restful_acl.

You may need to add github as a source for gems:

gem sources -a http://gems.github.com

Then install the gem as instructed.

[Eric Gruber]

That makes sense. And Mongrel is running now!

I'll have to work on integrating the acl tomorrow.

Thanks for the help!

Eric

On Jun 10, 9:53 pm, Aaron Sumner <asum...@mac.com> wrote:
> > So, I run rake gems:install. Then I get this:
>
> > ERROR:  could not find gem mdarby-restful_acl locally or in a
> > repository
>
> > I've Googled that error message that haven't found anything. Ideas on
> > what I'm doing wrong? The restful_acl page is here:
> >http://wiki.github.com/mdarby/restful_acl.
>
> You may need to add github as a source for gems:
>

> gem sources -ahttp://gems.github.com