Re: [Rails] authlogic with declarative authorization

Fri, 01 Jan 2010 06:51:35 -0800 

On Fri, Jan 1, 2010 at 2:21 AM, Rails ROR <developra...@gmail.com> wrote:
> Hi Everybody,
>
> I am working on authlogic with declarative authorization.
>
> I created the authorization rules for guest, admin and superadmin.
>
> I have publishers and subjects after one logs in.
>
> When a guest logs in he has an authority to view, edit and show,create but
> not delete a publisher.
>
> When i used the declarative authorization, filter_access_to ... I am
> restricting entire publishers and subjects page.
>
> I want the page to be shown.
>
> Here is my authorization rules page
>
> authorization do
>
>    role :guest do
>      has_permission_on :publishers, :to => [:manage,:read]
>    end
>
>   role :author, :title => "Author" do
>     description "The default role for Author"
>     has_permission_on [:publishers,:subjects,:courses], :to => [:new,
> :create,:show,:edit]
>   end
>
>  role :admin do
>  has_permission_on :publishers, :to => :manage
>  #has_permission_on [:publishers], :to => [:index, :show, :new, :create,
> :edit, :update, :destroy]
>  end
> end
>
> privileges do
>
>   privilege :manage, :includes => [:create, :read, :update, :delete]
>   privilege :read, :includes => [:index, :show]
>   privilege :create, :includes => :new
>   privilege :update, :includes => :edit
>   privilege :delete, :includes => :destroy
> end
>
> In my controller
>
> class PublishersController < ApplicationController
>   filter_access_to :index, :require => :read
>
> Please see where i went wrong.

Well you never told us what wrong behavior you are seeing.

However, I notice that:

>    role :guest do
>      has_permission_on :publishers, :to => [:manage,:read]
>    end

is inconsistent with:

> When a guest logs in he has an authority to view, edit and show,create but
> not delete a publisher.

Since the :manage privilege seems to be set up to give all permissions.

Perhaps you meant

  role :guest do
     has_permission_on :publishers, :to => [:read, :create, :update]
  end



-- 
Rick DeNatale

Blog: http://talklikeaduck.denhaven2.com/
Twitter: http://twitter.com/RickDeNatale
WWR: http://www.workingwithrails.com/person/9021-rick-denatale
LinkedIn: http://www.linkedin.com/in/rickdenatale

--

You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to rubyonrails-t...@googlegroups.com.
To unsubscribe from this group, send email to 
rubyonrails-talk+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/rubyonrails-talk?hl=en.

Reply via email to