Can Authority Ruby Gem be used with logged out users? -


i following error:

  undefined method `can_read?' nil:nilclass

..when trying access product page logged-out user. @ moment have 

class productauthorizer < applicationauthorizer    def self.readable_by?(user)     true   end  end

i'd allow non-logged in users see page. possible?

i tried changing default user method to:

config.user_method = :current_user ||= user.new

however, causes problems, , server won't start.

ok found @ https://github.com/nathanl/authority/pull/32:

ok! sake of else reading issue, chris , chatted , agreed best way proceed. here's gist of it.

authority won't specially handle nil users or give specific option so. want limit authority authorization , keep authentication totally separate. if there's no user signed in, that's authentication concern; authority can't meaningfully answer question "can user x?" if isn't given user or quacks one.

besides philosophical point, having authentication handle better user experience. if admin has forgotten sign in , attempts admin-only action, confusing them "access denied". more helpful "please sign in".

what developers using authority can is:

have devise's before_filter :authenticate_user! running prior authority checks on request (since action requires authorization requires authentication). have user method return nulluser object quacks user, have authorizers know authority can improve error gives if pass nil or else doesn't quack user. chris going implement this.

hi i've put this

  class applicationcontroller < actioncontroller::base       def current_or_null_user         if current_user == nil           user.new         else           current_user         end      end   end

...

authority.configure |config|    config.user_method = :current_or_null_user end

Comments

Post a Comment

Popular posts from this blog

c# - Send Image in Json : 400 Bad request -

from android trying send image class of data, iis webservice. (c#) the problem 400 bad request . the image being encoded base64 . , placed json rest of class elements. my guess base64 not valid inside json. server not understand it. if set string "" , post accepted fine. so question is, how make base64 valid within json array? ( tried url.encode no success). or how should send image android webservice? gson gson = new gson(); string json = gson.tojson(record); // record has param { string base64photo } how big image? i'm pretty sure surpassing iis json size limit (default 4 mb). check http://geekswithblogs.net/frankw/archive/2008/08/05/how-to-configure-maxjsonlength-in-asp.net-ajax-applications.aspx or http://www.webtrenches.com/post.cfm/iis7-file-upload-size-limits good luck!
Read more

javascript - addthis share facebook and google+ url -

i attempting use addthis create simple url shares whichever current page user on when click share button. of right now, have twitter working. when user clicks, able see url populated in tweet box. when user clicks facebook or google+, url doesn't seem show in share box. <ul class="addthis_toolbox addthis_default_style "> <li><a class="addthis_button_facebook"><img src="/img/facebook-social.png" width="20" height="20" border="0" alt="share" /></a></li> <li><a class="addthis_button_twitter"><img src="/img/twitter-social.png" width="20" height="20" border="0" alt="share" /></a></li> <li><a class="addthis_button_google_plusone_share"><img src="/img/google-social.png" width="20" height="20" border="0" alt="s...
Read more

ios - Show keyboard with UITextField in the input accessory view -

i have buttona , when buttona clicked, want keyboard show uitextfield in inputaccessoryview. there way have keyboard show manually , set inputaccessoryview without having uitextfield initially? thanks. you cannot summon keyboard without object can become first responder. there 2 ways work around: subclass uiview , implement uikeyinput protocol in it. example: in .h file: @interface inputobject : uiview<uikeyinput> @property (nonatomic, copy) nsstring *text; @property (nonatomic, strong) uiview *inputaccessoryview; // must override inputaccessoryview , since it's readonly default @end in .m file, implement protocol: - (bool)canbecomefirstresponder { return yes; } - (bool)hastext { return [self.text length]; } - (void)inserttext:(nsstring *)text { nsstring *selftext = self.text ? self.text : @""; self.text = [selftext stringbyappendingstring:text]; [[nsnotificationcenter defaultcenter] postnotificationname:kinputobjec...
Read more