I have a user model whose access controlled by ACL9.
in UsersController:
#ACL9 related stuff
before_filter :load_user, :only => [:show]
access_control do
allow :owner, :of => :user, :to => [:show]
end
def load_user
user = User.find(params[:id])
end
in ApplicationController:
rescue_from 'Acl9::AccessDenied', :with => :access_denied
def access_denied
authenticate_user! # a method from Devise
end
It is no problem to type in url for sign in page http://localhost:3000/users/sign_in, but it is a problem when for example I type in the user page first, which I am to expect to be redirected to sign in page automatically through the logic above.
http://localhost:3000/users/1 => infinite redirect hell. It tries to redirect back to users/1 again instead of directing to users/sign_in.
Does anyone have an opinion as to what might be going wrong?
I think you should not use Acl9 in Devise user controller. Since you are not authenticated you have no rights and you will not authenticate :D. You may want to forbid users to delete, so it should be like:
For UsersController you should overwrite your access_control if you want to leave it as is in application controller.