rubyonrailsin

On 21 March 2010 15:25, Jagmit Gabba <lists@ruby-forum.com> wrote:
> I have several questions and i need clear understanding on how i should
> approach them, my target is for creating something called "fakebook",
> facebooks copy but not going live at all (uni project).
>
> Security Question
> This is the code that helps me protect my "user/index"..
>
> private
>  def protect
>  unless session[:user_id]
>      flash[:notice] = "Please Login to view this page, or Register if
> you do not have an account!"
>      redirect_to :action => :login
>    return false
>  end
>  end
>
> It works perfectly, as it checks for the session ID and when it finds
> the user is logged in, he can view the user/index (another code is
> placed on top with this).
> Otherwise, they cannot view it and it takes them to the login page and a
> flash message is displayed.
>
> When the user is logged in, i want it to redirect the "user/register"
> and "user/login" to the "user/index", and if they are NOT logged in,
> they can view them. I have done this with the IF command in my menu but
> physically they can type the address aka user/register or user/login and
> view them again.

You have already shown us how you redirect from index to login if the
user is not logged in. You are asking how to redirect from register
and login if not logged in. Just use basically the same technique but
the test will be the the other way round ('if' instead of 'unless').

Colin

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.