Sign in through GitHub

Please read for an updated status on RailsCasts:

Learn more or hide this

Mohamad El-Husseini's Profile

GitHub User: abitdodgy

Site: http://mohamad.im

Comments by Mohamad El-Husseini

Avatar

Did you solve this issue? I've having the same problem.

Avatar

Were you able to solve this issue? I'm running into the same problem.

Avatar

Where you able to find a solution to this? I'm facing the same problem.

Avatar

Can partials be cached with this approach?

Avatar

Sorry for sounding obtuse, but does that solve the issue with nested properties?

Avatar

Can you explain why find_by_user name is different than than the User.where example? I guess I don't understand why one should belong there and the other one is debatable...

Avatar

Totally agreed. Writing authentication from scratch is so simple. The ugly side of Devise comes out when you start customising your app, and you spend more time fixing such issues than you would have had you written authentication from scratch.

Avatar

What would be really helpful is how to extend this to handle nested resources... Has anyone extended this to use nested resources and have some guidance to share?

Avatar

How do you adapt when authorization depends on a parent model when the resource is not a singleton? Say topics#index can only be accessed if the forum is public. The topics#index returns an array, not a singleton, so we can't call topics.forum.private?

Avatar

I figured it out. Stupidly, my yield was inside of my if condition!

Avatar

Does anyone have any idea to how to make this work with reserved subdomains? I want to render a StaticPages controller if no subdomain is present, or if it's a reserved one.

Originally I scoped everything through a current_account method as Ryan briefly mentioned in this episode. I only asked for the current_account if the subdomain was not reserved, or if there was no subdomain.

ruby
def current_account
if request.subdomain.present? && !Account.reserved_subdomain?(request.subdomain)
@account ||= Account.find_by_subdomain!(request.subdomain)
end
end

This meant www or no subdomain can be routed to a controller of my choice. Using Ryna's approach, however, prevents the view from rendering when no subdomain is specified, or when it's reserved.

Any ideas how to get around this limitation? This is what I get, but the page is completely blank:


Started GET "/" for 127.0.0.1 at 2012-10-22 21:47:06 -0200
Processing by StaticPagesController#home as HTML
Completed 200 OK in 0ms (ActiveRecord: 0.0ms)

Avatar

+1 for testing... if not talk about it, include some example tests in the episode source code!

Avatar

In addition to this, does anyone know how we can authorise child objects based on an association of the parent? I also posted about this here:

http://stackoverflow.com/questions/12885246/authorising-child-objects-through-a-parents-association-using-cancan

The docs breifly discuss this under "Accessing parent ability" (https://github.com/ryanb/cancan/wiki/Nested-Resources) but no mention of associations is made.

Avatar

Are there any gotcha for using authorize_resource as opposed to load and authorize_resource? I'm getting different behaviour, where load and authorize works, but authorize does not prevent access to a resouce.

I posted a question on this: http://stackoverflow.com/questions/12860146/cancan-not-preventing-access-when-it-should

I have no clue why this is behaving in such a way!

Avatar

Can you elaborate on why using attr_accessible as: :admin is a better approach than Ryan's approach?