2
votes

I am trying to block all default methods except create and update in my users controller using declerative_authorization. But at the time I add filter_resource_access or filter_access_to into my usersController i always get "Couldn't find User without an ID". Anyone care to explain why this could be happening?

    class UsersController < ApplicationController
  filter_resource_access

def new @user = User.new end

def create @user = User.new(params[:user]) if @user.save flash[:notice] = "Account registered!" redirect_to account_url else render :action => :new end end

def show @user = @current_user end

def edit @user = @current_user end

def update @user = @current_user # makes our views "cleaner" and more consistent if @user.update_attributes(params[:user]) flash[:notice] = "Account updated!" redirect_to account_url else render :action => :edit end end end

1

1 Answers

2
votes

You should set the @user variable before the filter_access_to call with a before_filter as declarative_authorization tries to access @user when you call filter_access_to.

before_filter :set_user
filter_access_to :all

...

protected

def set_user
  @user = @current_user
end

Maybe you are setting the attribute_check parameter to true in your filter_access_to call? I have a similar controller and I don't really need the before_filter.

Another thing that might be causing it is a using_access_control call in your User model.