User Management Using Salted Hash Login Generator

patrick@iws · 2006-11-12 03:42:36

This is a simple tutorial for RoR beginners.

This tutorial is meant for those using the Salted Hash Login Generator.

Problem: You need a login system that will show the user their information only. For example: A user has many blog entries and they should only be able to edit their blog entry.

Solution: Very simple! You just asign a foreign key to the model associated with the user (for this we'll use user_id).

After you install and configure the Slated Hash Login Generator add the following:

1. Relate the Post model with the User model using has_many and belongs_to.

/app/models/user.rb

Code : - fold - unfold

class User < ActiveRecord::Base
has_many :posts,
:class_name => "User",
:foreign_key => "user_id"

/app/models/posts.rb

Code : - fold - unfold

class Posts < ActiveRecord::Base
belongs_to :user,
:class_name => "User",
:foreign_key => "user_id"

2. Edit def create and def list in your Posts controller so you are adding the user's id to each post and calling the correct query for list/show.

/app/controllers/posts_controller.rb

Code : - fold - unfold

class PostsController < ApplicationController
def create
@post = Post.new(params[:post])
@post.user_id = @session['user'].id
...
end
def list
@posts = Post.find(:all,
:conditions => ['user_id = ?', @session['user'].id])
...
end
end

There you have it! It's that simple. If you have questions with this tutorial you can shoot me an email and I will be happy to assist you where possible.

Last edited by patrick@iws (2006-11-12 03:48:20)

Lake · 2006-11-14 17:08:56

Hey, thankss.

mr_jbuck · 2006-11-15 18:54:52

Great Post! Do you think this would also work with the Model Security Gem written by Bruce Perens?

mr_jbuck · 2006-11-16 03:02:44

Thanks again I was able to get it working! Do you think you will make any other ones like this?

patrick@iws · 2006-11-22 17:56:10

I will be posting a complete tutorial on authentication shortly after thanksgiving. It will be a rather long one, so be prepared to spend at least an hour digging through the code and making fit for your use.

And yes, this same method will work with any authentication gem. You just have to make sure you are referring to the same session set in the authentication controller.

mr_jbuck · 2006-11-29 22:02:45

Thanks again!

I can't wait to read your other postings. I hope the posting you are referring to will include how to add more types of before_filters.

Lake · 2006-12-05 00:48:36

dude, this is fantastic.
I love you.
edit:
and i can't wait for the next on.

Last edited by ldenman (2006-12-05 00:48:57)

andy_dick · 2007-03-08 16:17:16

I got a problem with my first try of this.
It works well but...

Ruby version 1.8.5 (i386-mswin32)
Rails version 1.2.2
Database adapter oci

I'm using Oracle and salted_login_generator 1.1.1

As you can see below users have one role:

Code : - fold - unfold

CREATE TABLE "USERS"
( "ID" NUMBER(11,0),
"ROLE_ID" NUMBER(11,0),
"SALTED_PASSWORD" VARCHAR2(250),
"LASTNAME" NVARCHAR2(250),
"FIRSTNAME" NVARCHAR2(100),
"LOGIN" VARCHAR2(100),
"EMAIL" VARCHAR2(60),
"SALT" VARCHAR2(40),
"VERIFIED" NUMBER(1,0),
"SECURITY_TOKEN" VARCHAR2(40),
"TOKEN_EXPIRY" DATE,
"CREATED_AT" DATE,
"UPDATED_AT" DATE,
"LOGGED_IN_AT" DATE,
"DELETED" NUMBER(1,0),
"DELETE_AFTER" DATE,
PRIMARY KEY ("ID") ENABLE,
CONSTRAINT "FK_USERS" FOREIGN KEY ("ROLE_ID")
REFERENCES "ROLES" ("ID") ON DELETE CASCADE ENABLE
)

Code : - fold - unfold

CREATE TABLE "ROLES"
( "ID" NUMBER(11,0),
"TITLE" NVARCHAR2(100),
PRIMARY KEY ("ID") ENABLE
)

Similar in model code:

Code : - fold - unfold

class User < ActiveRecord::Base
...
has_one :role, :class_name => "User", :foreign_key => "role_id"
...
end

Code : - fold - unfold

class Role < ActiveRecord::Base
belongs_to :user
end

But when I'm trying to access

Me wrote:
@session['user'].role.title

it throws NoMethodError, meanwhile

Me wrote:
@session['user'].role.id

works well.

Where did I mistake?

Ruby wrote:
NoMethodError in Project_man#list

Showing app/views/layouts/project_man.rhtml where line #12 raised:

undefined method `title' for #<User:0x7ac90d4>

Extracted source (around line #12):

9: </head>
10: <body>
11:
12: <p>Hello <%= @session['user'].role.title.to_s + " " + @session['user'].login.to_s %></p>

prey · 2007-10-31 11:08:55

Great. I had to deal with the same problem and my personal solution looks exactly the same. Thank you for the confirmation of my work.

#1 2006-11-12 03:42:36

#2 2006-11-14 17:08:56

Re: User Management Using Salted Hash Login Generator

#3 2006-11-15 18:54:52

Re: User Management Using Salted Hash Login Generator

#4 2006-11-16 03:02:44

Re: User Management Using Salted Hash Login Generator

#5 2006-11-22 17:56:10

Re: User Management Using Salted Hash Login Generator

#6 2006-11-29 22:02:45

Re: User Management Using Salted Hash Login Generator

#7 2006-12-05 00:48:36

Re: User Management Using Salted Hash Login Generator

#8 2007-03-08 16:17:16

Re: User Management Using Salted Hash Login Generator

Me wrote:

Me wrote:

Ruby wrote:

#9 2007-10-31 11:08:55

Re: User Management Using Salted Hash Login Generator

Board footer