0

I am not using Devise but have implemented a simple authentication scheme (basically outlined here http://railscasts.com/episodes/250-authentication-from-scratch) with the relevant part being here:

application_controller.rb 

helper_method :current_user

private
def current_user
  @current_user ||= User.find(session[:user_id]) if session[:user_id]
end

I have a list of assets that a user must be authorized to add. I am using paperclip. A user can has_many and a asset belongs_to a user (although this is essentially irrelevant to where it is assigned since my asset model is polymorphic for different assetable_types).

Where should I assign the current_user id to an asset? I would think in the model; maybe I should do a default_values using the session[:user_id] but that seems to be kinda ugly.

Also, these are nested_attributes and the models that these are nested to, currently don't know anything about the user. So really the source of information for the current_user isn't part of the current association.

thx

edit 1 should I create an instance of a User based upon the session[:user_id] value or just push it in?

timpone
  • 19,235
  • 36
  • 121
  • 211
  • Similar question was raised some time ago: http://stackoverflow.com/questions/2513383/access-current-user-in-model/2513456#2513456 – Harish Shetty Feb 23 '12 at 00:21
  • thx for posting that - I had seen that. I actually don't fully agree with the idea that current user shouldn't be in the model. Seems to be a railism esp when the value if part of the logic. I'd be much more concerned if the type of logic was implemented inconsistently across the app (sometimes in controller, sometimes in model) than it being put in model in scenarios like this 100% of the time. Especially, in a scenario where the controller doesn't need to touch the model by default which. based upon the fact that that happens often in rails, is clearly a design goal. – timpone Feb 23 '12 at 02:32

1 Answers1

1

If I understand your question correctly, why not assign the user to the asset in whichever controller first finds out that the asset belongs to the user? It's the controller's responsibility to translate web requests (including the session / current user) into something applicable to the model.

Dan Wich
  • 4,923
  • 1
  • 26
  • 22
  • hmm... so right now, I am able to save assets without a user and in this case the user isn't truly required. One issue with doing it in the controller is that these assets basically aren't touched in the controller so it would seem a little crufty and error-prone to introduce it there. – timpone Feb 22 '12 at 22:53
  • This guy is right; the controller is the right place to do this. The controller is where models are tied together with the application's state, and the current_user is definitely part of the application's state. – Veraticus Feb 22 '12 at 23:04
  • right - the issue is that is have nested_attributes, your form data essentially bypasses the controller. Where should a nested_attribute value be handled such as user_id. Not arguing - that's the gist of what I'm trying to figure out. – timpone Feb 22 '12 at 23:16
  • In my mind, the controller isn't really being bypassed. While it is convenient that the nested form parameters are in a format that the model understands, it's still the controller's job to process those values (if necessary) before applying them to the the model. So I would have the controller add the user_id to the nested parameters, because the user was implicitly submitting that as part of their session. – Dan Wich Feb 23 '12 at 05:30