CODEWITHSUNDEEP
ruby-on-railsauthorization
Xeroxoid
Xeroxoid

Reputation: 2155

declerative_authorization on User problem

I am trying to block all default methods except create and update in my users controller using declerative_authorization. But at the time I add filter_resource_access or filter_access_to into my usersController i always get "Couldn't find User without an ID". Anyone care to explain why this could be happening? 

    class UsersController < ApplicationController
  filter_resource_access



def new
    @user = User.new
  end



def create
    @user = User.new(params[:user])
    if @user.save
      flash[:notice] = "Account registered!"
      redirect_to account_url
    else
      render :action => :new
    end
  end



def show
    @user = @current_user
  end



def edit
    @user = @current_user
  end



def update
    @user = @current_user # makes our views "cleaner" and more consistent
    if @user.update_attributes(params[:user])
      flash[:notice] = "Account updated!"
      redirect_to account_url
    else
      render :action => :edit
    end
  end
end

Upvotes: 2

Views: 382

Answers (1)

Tomas Markauskas
Tomas Markauskas

Reputation: 11596

You should set the @user variable before the filter_access_to call with a before_filter as declarative_authorization tries to access @user when you call filter_access_to.

before_filter :set_user
filter_access_to :all

...

protected

def set_user
  @user = @current_user
end

Maybe you are setting the attribute_check parameter to true in your filter_access_to call? I have a similar controller and I don't really need the before_filter.

Another thing that might be causing it is a using_access_control call in your User model.

Upvotes: 2

Related Questions