Administrative user

snantz · October 25, 2007, 7:05pm

I was just wondering if anyone has a simplier way on how to handle admin
like functionality. In my app of have many users, but a single user can
be choosen to handle and/or modify user profiles that are associated to
them. The problem is that I actually have some really good security
measures in place, such as :before_filters, that catch any unautorized
users from accesing another account. So to handle this admin like
functionality, I am constantly passing a value along that identifies
this person as an admin. Is there a better way to this? Thanks,

-S

snantz · October 25, 2007, 7:56pm

In Rails 2.0 preview release, it is easy to have basic http
authentication for admin related pages.

On Oct 25, 10:05 am, Shandy N. [email protected]

snantz · October 25, 2007, 9:04pm

On 10/25/07, Shandy N. [email protected] wrote:

I was just wondering if anyone has a simplier way on how to handle admin
like functionality. In my app of have many users, but a single user can
be choosen to handle and/or modify user profiles that are associated to
them. The problem is that I actually have some really good security
measures in place, such as :before_filters, that catch any unautorized
users from accesing another account. So to handle this admin like
functionality, I am constantly passing a value along that identifies
this person as an admin. Is there a better way to this? Thanks,

It depends on how you are passing it around.

I have a system where users log in, but access to some objects is
further protected by a password. Entering this password allows users
to manage that one object. Users can be authorized to modify multiple
objects at once.
I use session variables, and set them as such:

#
# Return true if the current user can administrate the provided
# guild.
#
def is_guild_admin?(id)
  id = id.id if id.class == Guild
  return false unless session[:guildadmin]
  return true if session[:guildadmin][id.to_s]
  return false
end

#
# Return a list of guild IDs and names this user may administrate.
#
def guild_admin_list
  return [] unless session[:guildadmin]

  guilds = []
  session[:guildadmin].each { |key, val|
    guilds << [ key, val ] if val
  }
  guilds
end

def become_guild_admin(id, str = nil)
  if id.class == Guild
    str = id.name unless str
    id = id.id
  end
  raise ArgumentError, "str is null and id is not a guild" unless

str
session[:guildadmin] = {} unless session[:guildadmin]
session[:guildadmin][id.to_s] = str
end

def end_guild_admin(id)
  id = id.id if id.class == Guild
  session[:guildadmin] = {} unless session[:guildadmin]
  session[:guildadmin].delete(id.to_s)
end