Home/ Questions/Q 713575
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T04:58:36+00:00

I am trying to block all default methods except create and update in my

  • 0

I am trying to block all default methods except create and update in my users controller using declerative_authorization. But at the time I add filter_resource_access or filter_access_to into my usersController i always get “Couldn’t find User without an ID”. Anyone care to explain why this could be happening?

    class UsersController < ApplicationController
  filter_resource_access



def new
    @user = User.new
  end



def create
    @user = User.new(params[:user])
    if @user.save
      flash[:notice] = "Account registered!"
      redirect_to account_url
    else
      render :action => :new
    end
  end



def show
    @user = @current_user
  end



def edit
    @user = @current_user
  end



def update
    @user = @current_user # makes our views "cleaner" and more consistent
    if @user.update_attributes(params[:user])
      flash[:notice] = "Account updated!"
      redirect_to account_url
    else
      render :action => :edit
    end
  end
end

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should set the @user variable before the filter_access_to call with a before_filter as declarative_authorization tries to access @user when you call filter_access_to.

    before_filter :set_user
filter_access_to :all

...

protected

def set_user
  @user = @current_user
end

    Maybe you are setting the attribute_check parameter to true in your filter_access_to call? I have a similar controller and I don’t really need the before_filter.

    Another thing that might be causing it is a using_access_control call in your User model.

    • 0