acl9 and devise don't seem to work well together
I have a user model whose access controlled by ACL9.
#ACL9 related stuff before_filter :load_user, :only => [:show] access_control do allow :owner, :of => :user, :to => [:show] end def load_user user = User.find(params[:id]) end
rescue_from 'Acl9::AccessDenied', :with => :access_denied def access_denied authenticate_user! # a method from Devise end
It is no problem to type in url for sign in page http://localhost:3000/users/sign_in, but it is a problem when for example I type in the user page first, which I am to expect to be redirected to sign in page automatically through the logic above.
http://localhost:3000/users/1 => infinite redirect hell. It tries to redirect back to users/1 again instead of directing to users/sign_in.
Does anyone have an opinion as to what might be going wrong?
I think you should not use Acl9 in Devise user controller. Since you are not authenticated you have no rights and you will not authenticate :D. You may want to forbid users to delete, so it should be like:
access_control :only => [:destroy] do allow :admin end
For UsersController you should overwrite your access_control if you want to leave it as is in application controller.