That works, thanks. Now my problem is that I need to do that for users, clippings, posts, photos, ... everything. They are all written with before_filters that list all the mutating actions in an :only list, so I have to gather all those specific lists and copy them into my controllers, then edit them. That's going to create so much fragility that I want to seek a better solution if I can.
What I don't understand, and have not found with Google, is a definitive statement about how filters behave between engines and the app. I want to override the filters, so it feels like saying "before_filter :login_required" in my copy of base_controller.rb (or users_controller.rb) ought to fire the filter before :show and all the other methods not mentioned in CE's :only list, but somehow the fact that CE uses :only makes that trump instead. On Nov 3, 8:30 pm, Jim Ruther Nill <[email protected]> wrote: > Try this. > > Copy the before_filter :login_required line in the users controller in the > CE plugin. > paste it in users_controller and add the show action. > > before_filter :login_required, :only => [:edit, :edit_account, :update, > :welcome_photo, :welcome_about, > :welcome_invite, :return_admin, :assume, :featured, > :toggle_featured, :edit_pro_details, :update_pro_details, :dashboard, > :deactivate, > :crop_profile_photo, :upload_profile_photo, :show] > > that should keep anonymous users to browse user profiles. > > > > > > On Wed, Nov 4, 2009 at 9:14 AM, GregL <[email protected]> wrote: > > > Thank you Jim, that was very helpful. I want my site to be completely > > hidden from non-logged-in users, so I needed to know which was the > > appropriate before_filter for that. Sounds like login_required is the > > best, though adding it to my override of base_controller did not stop > > me from being able to see a user's profile ('/username', the show > > action of the users controller), so I'm still debugging that. > > > On Nov 2, 10:19 pm, Jim Ruther Nill <[email protected]> wrote: > > > find_user: > > > - finds the user whose login_slug is <APP_URL>/<login_slug> > > > - used mostly in the users controller to determine to whom a certain > > blog, > > > photo, clipping, etc belongs to. > > > > require_current_user > > > - first finds user whose login_slug is <APP_URL>/<login_slug> and > > compares > > > it with current user > > > - mostly used in actions that requires the current_users permission > > (edit, > > > update, create, new) > > > > login_required > > > - user needs to be logged in before performing a certain action like > > > creating a comment. > > > > the conditions > > > > if logged_in? > > > if current user > > > > are basically the same. :D > > > > On Tue, Nov 3, 2009 at 10:53 AM, GregL <[email protected]> wrote: > > > > > Could someone help me understand the different use cases for these > > > > methods: > > > > > find_user > > > > require_current_user > > > > login_required > > > > > For example, all three of those are used inside the photos_controller > > > > as before filters and I don't understand why. I want to make sure I > > > > have consistent behavior between the built-in CE areas and my own > > > > app's areas, so I need to understand the purpose of these to be able > > > > to use them correctly. > > > > > And also, in some views like _header.html.haml, I see two similar- > > > > looking conditions like: > > > > > if logged_in? > > > > if current_user > > > > > I can read the code for these, but it would be super-helpful if > > > > someone could give me the high-level idea. > > > > -- > > > "We do not believe in ourselves until someone reveals that deep inside us > > is > > > valuable, worth listening to, worthy of our trust, sacred to our touch." > > - > > > E. E. Cummings > > -- > "We do not believe in ourselves until someone reveals that deep inside us is > valuable, worth listening to, worthy of our trust, sacred to our touch." - > E. E. Cummings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CommunityEngine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/communityengine?hl=en -~----------~----~----~----~------~----~------~--~---
