Topic: User Management Using Salted Hash Login Generator

This is a simple tutorial for RoR beginners. 

This tutorial is meant for those using the Salted Hash Login Generator.

Problem:  You need a login system that will show the user their information only.  For example:  A user has many blog entries and they should only be able to edit their blog entry.

Solution:  Very simple!  You just asign a foreign key to the model associated with the user (for this we'll use user_id).

After you install and configure the Slated Hash Login Generator add the following:

1.  Relate the Post model with the User model using has_many and belongs_to.

/app/models/user.rb

class User < ActiveRecord::Base
  has_many :posts,
      :class_name => "User",
      :foreign_key => "user_id"

/app/models/posts.rb

class Posts < ActiveRecord::Base
  belongs_to :user,
         :class_name => "User",
             :foreign_key => "user_id"

2. Edit def create and def list in your Posts controller so you are adding the user's id to each post and calling the correct query for list/show.

/app/controllers/posts_controller.rb

class PostsController < ApplicationController
  def create
    @post = Post.new(params[:post])
    @post.user_id = @session['user'].id
    ...
  end

  def list
    @posts = Post.find(:all,
               :conditions => ['user_id = ?', @session['user'].id])
    ...
  end
end


There you have it!  It's that simple.  If you have questions with this tutorial you can shoot me an email and I will be happy to assist you where possible.

Last edited by patrick@iws (2006-11-11 23:48:20)

Re: User Management Using Salted Hash Login Generator

Hey, thankss.

Re: User Management Using Salted Hash Login Generator

Great Post!  Do you think this would also work with the Model Security Gem written by Bruce Perens?

Re: User Management Using Salted Hash Login Generator

Thanks again I was able to get it working!  Do you think you will make any other ones like this?

Re: User Management Using Salted Hash Login Generator

I will be posting a complete tutorial on authentication shortly after thanksgiving.  It will be a rather long one, so be prepared to spend at least an hour digging through the code and making fit for your use.

And yes, this same method will work with any authentication gem.  You just have to make sure you are referring to the same session set in the authentication controller.

Re: User Management Using Salted Hash Login Generator

Thanks again! 

I can't wait to read your other postings.  I hope the posting you are referring to will include how to add more types of before_filters.

Re: User Management Using Salted Hash Login Generator

dude, this is fantastic.
I love you.
edit:
and i can't wait for the next on.

Last edited by ldenman (2006-12-04 20:48:57)

Re: User Management Using Salted Hash Login Generator

I got a problem with my first try of this.
It works well but...

Ruby version    1.8.5 (i386-mswin32)
Rails version    1.2.2
Database adapter    oci

I'm using Oracle and salted_login_generator 1.1.1

As you can see below users have one role:

CREATE TABLE  "USERS" 
   (    "ID" NUMBER(11,0),
    "ROLE_ID" NUMBER(11,0),
    "SALTED_PASSWORD" VARCHAR2(250),
    "LASTNAME" NVARCHAR2(250),
    "FIRSTNAME" NVARCHAR2(100),
    "LOGIN" VARCHAR2(100),
    "EMAIL" VARCHAR2(60),
    "SALT" VARCHAR2(40),
    "VERIFIED" NUMBER(1,0),
    "SECURITY_TOKEN" VARCHAR2(40),
    "TOKEN_EXPIRY" DATE,
    "CREATED_AT" DATE,
    "UPDATED_AT" DATE,
    "LOGGED_IN_AT" DATE,
    "DELETED" NUMBER(1,0),
    "DELETE_AFTER" DATE,
     PRIMARY KEY ("ID") ENABLE,
     CONSTRAINT "FK_USERS" FOREIGN KEY ("ROLE_ID")
      REFERENCES  "ROLES" ("ID") ON DELETE CASCADE ENABLE
   )

CREATE TABLE  "ROLES" 
   (    "ID" NUMBER(11,0),
    "TITLE" NVARCHAR2(100),
     PRIMARY KEY ("ID") ENABLE
   )

Similar in model code:
class User < ActiveRecord::Base
  ...
  has_one :role, :class_name => "User", :foreign_key => "role_id"
  ...
end

class Role < ActiveRecord::Base
  belongs_to :user
end

But when I'm trying to access

Me wrote:

@session['user'].role.title

it throws NoMethodError, meanwhile

Me wrote:

@session['user'].role.id

works well.

Where did I mistake?

Ruby wrote:

NoMethodError in Project_man#list

Showing app/views/layouts/project_man.rhtml where line #12 raised:

undefined method `title' for #<User:0x7ac90d4>

Extracted source (around line #12):

9: </head>
10: <body>
11:
12: <p>Hello <%= @session['user'].role.title.to_s + " " + @session['user'].login.to_s %></p>

Re: User Management Using Salted Hash Login Generator

Great. I had to deal with the same problem and my personal solution looks exactly the same. Thank you for the confirmation of my work.

Re: User Management Using Salted Hash Login Generator

The message '...already exists' seems to be spurious. AKA it aint true. If you run it without 'step 3' it didnt work for me. Maybe the message gets generated as the rusult of some out of place error checking. Dont know. I'm a newb.




sell gold Long Island

Last edited by ricky.martin4545 (2010-11-24 06:53:50)