acl9 and devise don't seem to work well together

I have a user model whose access controlled by ACL9.

in UsersController:

#ACL9 related stuff
before_filter :load_user, :only => [:show]
  access_control do
    allow :owner, :of => :user, :to => [:show]

def load_user
  user = User.find(params[:id])

in ApplicationController:

rescue_from 'Acl9::AccessDenied', :with => :access_denied

def access_denied
  authenticate_user! # a method from Devise

It is no problem to type in url for sign in page http://localhost:3000/users/sign_in, but it is a problem when for example I type in the user page first, which I am to expect to be redirected to sign in page automatically through the logic above.

http://localhost:3000/users/1 => infinite redirect hell. It tries to redirect back to users/1 again instead of directing to users/sign_in.

Does anyone have an opinion as to what might be going wrong?


I think you should not use Acl9 in Devise user controller. Since you are not authenticated you have no rights and you will not authenticate :D. You may want to forbid users to delete, so it should be like:

access_control :only => [:destroy] do
      allow :admin

For UsersController you should overwrite your access_control if you want to leave it as is in application controller.

Need Your Help

sample example to export data to Excel, PDF, CSV and XML using Display tag in spring mvc

java spring spring-mvc displaytag

I need to export table data to excel using display tag . I am using spring mvc.