Using Goldberg for your Application
Setting up your Rails application in Goldberg involves adding its controllers and actions to Goldberg, and linking actions into your site’s menu where appropriate.
The first step is to set up your application’s controllers. You will need to assign a default permission to each controller. A user who has that permission will be able to execute any of that controller’s actions.
After that you can set up specific actions for your controller. You don’t need to set up individual actions if the default permission for the controller is sufficient, but you might want to do so if:
- a particular action requires a different permission to the default
- you want to add the action to the site’s menu.
Rails Model/View/Controller Setup
The database table to be used in this example would be set up as follows:
You could use scaffold to set this up in your Rails application:
$ script/generate scaffold WidgetController Setup in Goldberg
At this point if you try browsing to the “list” page for your widgets (http://localhost:3000/widgets) you should get a “Permission Denied” error page:
That’s because your controller is unknown to Goldberg at this stage. Goldberg takes the safe approach: it forbids access to your controller and its actions until it has been properly secured.
To gain access to this “widgets” controller, you’ll need to log in as an administrator, go to Administration > Setup > Controllers/Actions and add a new Controller for ‘widgets’.
You should see your controller listed as “Unknown”, i.e. Goldberg has auto-discovered it, but you have not yet set it up in Goldberg. Click on the entry for the controller and edit its details:
(Note that we have given the “widgets” controller a default permission that only allows the administrator access. You can give the users permissions for specific actions later, but it is safer to be “tight” by default.)
Now we should be able to browse to http://localhost:3000/widgets:
Hey, what happened to our beautiful site layout?!? It got eaten by scaffold: when we scaffolded the widgets a default page template was added at app/views/layouts/widgets.rhtml. If you delete this file, Rails will go back to the default site layout and everything will look good:
Action Setup in Goldberg
Setting the default security for a controller at least makes it usable. However you will probably want to add at least onespecific action for your controller so you can:
1. add it to the site’s menu somewhere,
2. set permission so users can do things with the widgets.
Go to Administration > Setup > Controllers/Actions again and click on ‘widgets’:
Click 
Add New Action and add an action such as ‘list’:
Actions and the Goldberg Menu
Once you’ve created that action you can use it to make a menu item in the Menu Editor:
Click next to an existing menu item (or the Root menu item) to add a new sub-item for that menu. You will be prompted to specify the menu item’s name and which action or content page it links to:
Now it should appear in the site’s menu (at least for those users who have the right permissions for it):
REST Actions and the Goldberg Menu
REST (representational state transfer) is one of the hot new topics in the Rails community. It was one of the major features of the recent Rails 1.2 release. Goldberg’s security works just fine for REST-based controllers, but there’s one extra step when adding REST actions to the Goldberg menu.
The issue is that Rails’ new REST URLs don’t look like Rails’ conventional URLs, even though they ultimately map through to controllers and actions just as always. So adding a controller of “widgets” and an action of “list” as we did above works fine for the purposes of security, but when you try adding that action to the menu it won’t work because the conventional URL for such an action (”/widgets/list”) is different from the REST URL (”/widgets”).
In the screenshots above you might have noticed the field “URL to use” on the form to add a new action. Completing that field will cause Goldberg to use that URL if the action is added to the site’s menu. Leaving it blank will cause Goldberg to assign the URL based on Rails’ conventional routing.
