rubyonrailsin

On Sun, Mar 21, 2010 at 12:25 PM, Jagmit Gabba <lists@ruby-forum.com> wrote:
> I have several questions and i need clear understanding on how i should
> approach them, my target is for creating something called "fakebook",
> facebooks copy but not going live at all (uni project).
>
> Security Question
> This is the code that helps me protect my "user/index"..
>
> private
>  def protect
>  unless session[:user_id]
>      flash[:notice] = "Please Login to view this page, or Register if
> you do not have an account!"
>      redirect_to :action => :login
>    return false
>  end
>  end
>
> It works perfectly, as it checks for the session ID and when it finds
> the user is logged in, he can view the user/index (another code is
> placed on top with this).
> Otherwise, they cannot view it and it takes them to the login page and a
> flash message is displayed.
>
> When the user is logged in, i want it to redirect the "user/register"
> and "user/login" to the "user/index", and if they are NOT logged in,
> they can view them. I have done this with the IF command in my menu but
> physically they can type the address aka user/register or user/login and
> view them again.
>
> How can i redirect this?
>
> thank you for your help!
>
I'd strongly suggest you to take a look at Authlogic[1] gem. Even when
this is a very simple/personal project, and implement this gem might
look too much overhead for you, you'll get very interesting concepts
for authentication.

[1]http://github.com/binarylogic/authlogic

Hope it helps.

--
Leonardo Mateo.
There's no place like ~

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.