Authorization::AuthorizationUsageError on nested models
51 views
Skip to first unread message
Matt
Apr 15, 2012, 12:12:20 PM4/15/12
to declarative_authorization, ma...@12feet.com
I have constructed this nested structure where cobrands have companies
and companies have users. I have established the following roles:
site_admin, cobrand_admin, company_admin and user.
class Cobrand < ActiveRecord::Base
has_many :companies
has_many :users, :through => :companies
class Company < ActiveRecord::Base
belongs_to :cobrand
has_many :users
class User < ActiveRecord::Base
belongs_to :company
Everything seems to be working just fine with the exception of 1
error. When the role cobrand_admin views a cobrand and you chose to
alter the id in the url (for permission testing purposes) I get an
AuthorizationUsageError instead of a permission denied. There seems to
be something with my if_attribute on my authorization rule that is
causing this, but I have been at this same error for 3 days and I
can't seem to get this one figured out.
role :cobrand_admin do
includes :company_admin
# Cobrand Admin
has_permission_on :cobrands, :to => :self_manage do
if_attribute :id => is { user.company.cobrand.id }
end
# Role Admin
has_permission_on :roles, :to => [:show] do
if_attribute :name => is {"Cobrand Admin"}
end
# Company Management
has_permission_on :companies, :to => :create
has_permission_on :companies, :to => :manage do
if_attribute :cobrand_id => is { user.company.cobrand.id }
end
end
As I stated earlier, everything else with this rule set seems to work
fine for the cobrand_admin role. If I chose to edit the cobrand and
alter the id in the url, I get the appropriate permission denied. The
listing of the cobrands returns only those that the user is a part of
with the use of with_permissions_to method.
The if_attribute that I am using "if_attribute :id => is
{ user.company.cobrand.id } seems to work for everything except when I
alter the id of the :show method of my controller. The error that is
generated is:
Error occurred while validating attribute #cobrand on #<Cobrand id: 1,
name: "Cobrand1", address1: "555 Corporate Dr", address2: nil, city:
"Dallas", state: "TX", zip: 75555, phone: "555-555-5555", hostname:
"cobrand1", active: true, logo: "mylogo.png", created_at: "2012-04-15
15:54:29", updated_at: "2012-04-15 15:54:29">: undefined method
`cobrand' for #<Cobrand:0x00000102b3efb8>.
Please check your authorization rules and ensure the attribute is
correctly spelled and
corresponds to a method on the model you are authorizing for.
Any help is greatly appreciated!
~Matt
Stack trace is as follows:
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:617:in `rescue in object_attribute_value'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:614:in `object_attribute_value'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:503:in `block in validate?'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:502:in `each'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:502:in `all?'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:502:in `validate?'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:440:in `block in validate?'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:438:in `each'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:438:in `any?'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:438:in `validate?'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:187:in `block in permit!'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:186:in `each'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:186:in `permit!'
declarative_authorization (0.5.5) lib/declarative_authorization/
in_controller.rb:619:in `permit!'
declarative_authorization (0.5.5) lib/declarative_authorization/
in_controller.rb:115:in `block in filter_access_filter'
declarative_authorization (0.5.5) lib/declarative_authorization/
in_controller.rb:115:in `each'
declarative_authorization (0.5.5) lib/declarative_authorization/
in_controller.rb:115:in `all?'
declarative_authorization (0.5.5) lib/declarative_authorization/
in_controller.rb:115:in `filter_access_filter'
activesupport (3.1.2) lib/active_support/callbacks.rb:448:in
`_run__2628741942951986680__process_action__3335355623496268153__callbacks'
activesupport (3.1.2) lib/active_support/callbacks.rb:386:in
`_run_process_action_callbacks'
activesupport (3.1.2) lib/active_support/callbacks.rb:81:in
`run_callbacks'
actionpack (3.1.2) lib/abstract_controller/callbacks.rb:17:in
`process_action'
actionpack (3.1.2) lib/action_controller/metal/rescue.rb:17:in
`process_action'
actionpack (3.1.2) lib/action_controller/metal/instrumentation.rb:
30:in `block in process_action'
activesupport (3.1.2) lib/active_support/notifications.rb:53:in `block
in instrument'
activesupport (3.1.2) lib/active_support/notifications/instrumenter.rb:
21:in `instrument'
activesupport (3.1.2) lib/active_support/notifications.rb:53:in
`instrument'
actionpack (3.1.2) lib/action_controller/metal/instrumentation.rb:
29:in `process_action'
actionpack (3.1.2) lib/action_controller/metal/params_wrapper.rb:
201:in `process_action'
activerecord (3.1.2) lib/active_record/railties/controller_runtime.rb:
18:in `process_action'
actionpack (3.1.2) lib/abstract_controller/base.rb:121:in `process'
actionpack (3.1.2) lib/abstract_controller/rendering.rb:45:in
`process'
actionpack (3.1.2) lib/action_controller/metal.rb:193:in `dispatch'
actionpack (3.1.2) lib/action_controller/metal/rack_delegation.rb:
14:in `dispatch'
actionpack (3.1.2) lib/action_controller/metal.rb:236:in `block in
action'
actionpack (3.1.2) lib/action_dispatch/routing/route_set.rb:65:in
`call'
actionpack (3.1.2) lib/action_dispatch/routing/route_set.rb:65:in
`dispatch'
actionpack (3.1.2) lib/action_dispatch/routing/route_set.rb:29:in
`call'
rack-mount (0.8.3) lib/rack/mount/route_set.rb:152:in `block in call'
rack-mount (0.8.3) lib/rack/mount/code_generation.rb:96:in `block in
recognize'
rack-mount (0.8.3) lib/rack/mount/code_generation.rb:89:in
`optimized_each'
rack-mount (0.8.3) lib/rack/mount/code_generation.rb:95:in `recognize'
rack-mount (0.8.3) lib/rack/mount/route_set.rb:141:in `call'
actionpack (3.1.2) lib/action_dispatch/routing/route_set.rb:532:in
`call'
actionpack (3.1.2) lib/action_dispatch/middleware/
best_standards_support.rb:17:in `call'
rack (1.3.6) lib/rack/etag.rb:23:in `call'
rack (1.3.6) lib/rack/conditionalget.rb:25:in `call'
actionpack (3.1.2) lib/action_dispatch/middleware/head.rb:14:in `call'
actionpack (3.1.2) lib/action_dispatch/middleware/params_parser.rb:
21:in `call'
actionpack (3.1.2) lib/action_dispatch/middleware/flash.rb:247:in
`call'
rack (1.3.6) lib/rack/session/abstract/id.rb:195:in `context'
rack (1.3.6) lib/rack/session/abstract/id.rb:190:in `call'
actionpack (3.1.2) lib/action_dispatch/middleware/cookies.rb:331:in
`call'
activerecord (3.1.2) lib/active_record/query_cache.rb:64:in `call'
activerecord (3.1.2) lib/active_record/connection_adapters/abstract/
connection_pool.rb:477:in `call'
actionpack (3.1.2) lib/action_dispatch/middleware/callbacks.rb:29:in
`block in call'
activesupport (3.1.2) lib/active_support/callbacks.rb:392:in
`_run_call_callbacks'
activesupport (3.1.2) lib/active_support/callbacks.rb:81:in
`run_callbacks'
actionpack (3.1.2) lib/action_dispatch/middleware/callbacks.rb:28:in
`call'
actionpack (3.1.2) lib/action_dispatch/middleware/reloader.rb:68:in
`call'
rack (1.3.6) lib/rack/sendfile.rb:101:in `call'
actionpack (3.1.2) lib/action_dispatch/middleware/remote_ip.rb:48:in
`call'
actionpack (3.1.2) lib/action_dispatch/middleware/show_exceptions.rb:
47:in `call'
railties (3.1.2) lib/rails/rack/logger.rb:13:in `call'
rack (1.3.6) lib/rack/methodoverride.rb:24:in `call'
rack (1.3.6) lib/rack/runtime.rb:17:in `call'
activesupport (3.1.2) lib/active_support/cache/strategy/local_cache.rb:
72:in `call'
rack (1.3.6) lib/rack/lock.rb:15:in `call'
actionpack (3.1.2) lib/action_dispatch/middleware/static.rb:53:in
`call'
railties (3.1.2) lib/rails/engine.rb:456:in `call'
rack (1.3.6) lib/rack/content_length.rb:14:in `call'
railties (3.1.2) lib/rails/rack/log_tailer.rb:14:in `call'
rack (1.3.6) lib/rack/handler/webrick.rb:59:in `service'
and companies have users. I have established the following roles:
site_admin, cobrand_admin, company_admin and user.
class Cobrand < ActiveRecord::Base
has_many :companies
has_many :users, :through => :companies
class Company < ActiveRecord::Base
belongs_to :cobrand
has_many :users
class User < ActiveRecord::Base
belongs_to :company
Everything seems to be working just fine with the exception of 1
error. When the role cobrand_admin views a cobrand and you chose to
alter the id in the url (for permission testing purposes) I get an
AuthorizationUsageError instead of a permission denied. There seems to
be something with my if_attribute on my authorization rule that is
causing this, but I have been at this same error for 3 days and I
can't seem to get this one figured out.
role :cobrand_admin do
includes :company_admin
# Cobrand Admin
has_permission_on :cobrands, :to => :self_manage do
if_attribute :id => is { user.company.cobrand.id }
end
# Role Admin
has_permission_on :roles, :to => [:show] do
if_attribute :name => is {"Cobrand Admin"}
end
# Company Management
has_permission_on :companies, :to => :create
has_permission_on :companies, :to => :manage do
if_attribute :cobrand_id => is { user.company.cobrand.id }
end
end
As I stated earlier, everything else with this rule set seems to work
fine for the cobrand_admin role. If I chose to edit the cobrand and
alter the id in the url, I get the appropriate permission denied. The
listing of the cobrands returns only those that the user is a part of
with the use of with_permissions_to method.
The if_attribute that I am using "if_attribute :id => is
{ user.company.cobrand.id } seems to work for everything except when I
alter the id of the :show method of my controller. The error that is
generated is:
Error occurred while validating attribute #cobrand on #<Cobrand id: 1,
name: "Cobrand1", address1: "555 Corporate Dr", address2: nil, city:
"Dallas", state: "TX", zip: 75555, phone: "555-555-5555", hostname:
"cobrand1", active: true, logo: "mylogo.png", created_at: "2012-04-15
15:54:29", updated_at: "2012-04-15 15:54:29">: undefined method
`cobrand' for #<Cobrand:0x00000102b3efb8>.
Please check your authorization rules and ensure the attribute is
correctly spelled and
corresponds to a method on the model you are authorizing for.
Any help is greatly appreciated!
~Matt
Stack trace is as follows:
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:617:in `rescue in object_attribute_value'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:614:in `object_attribute_value'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:503:in `block in validate?'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:502:in `each'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:502:in `all?'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:502:in `validate?'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:440:in `block in validate?'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:438:in `each'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:438:in `any?'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:438:in `validate?'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:187:in `block in permit!'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:186:in `each'
declarative_authorization (0.5.5) lib/declarative_authorization/
authorization.rb:186:in `permit!'
declarative_authorization (0.5.5) lib/declarative_authorization/
in_controller.rb:619:in `permit!'
declarative_authorization (0.5.5) lib/declarative_authorization/
in_controller.rb:115:in `block in filter_access_filter'
declarative_authorization (0.5.5) lib/declarative_authorization/
in_controller.rb:115:in `each'
declarative_authorization (0.5.5) lib/declarative_authorization/
in_controller.rb:115:in `all?'
declarative_authorization (0.5.5) lib/declarative_authorization/
in_controller.rb:115:in `filter_access_filter'
activesupport (3.1.2) lib/active_support/callbacks.rb:448:in
`_run__2628741942951986680__process_action__3335355623496268153__callbacks'
activesupport (3.1.2) lib/active_support/callbacks.rb:386:in
`_run_process_action_callbacks'
activesupport (3.1.2) lib/active_support/callbacks.rb:81:in
`run_callbacks'
actionpack (3.1.2) lib/abstract_controller/callbacks.rb:17:in
`process_action'
actionpack (3.1.2) lib/action_controller/metal/rescue.rb:17:in
`process_action'
actionpack (3.1.2) lib/action_controller/metal/instrumentation.rb:
30:in `block in process_action'
activesupport (3.1.2) lib/active_support/notifications.rb:53:in `block
in instrument'
activesupport (3.1.2) lib/active_support/notifications/instrumenter.rb:
21:in `instrument'
activesupport (3.1.2) lib/active_support/notifications.rb:53:in
`instrument'
actionpack (3.1.2) lib/action_controller/metal/instrumentation.rb:
29:in `process_action'
actionpack (3.1.2) lib/action_controller/metal/params_wrapper.rb:
201:in `process_action'
activerecord (3.1.2) lib/active_record/railties/controller_runtime.rb:
18:in `process_action'
actionpack (3.1.2) lib/abstract_controller/base.rb:121:in `process'
actionpack (3.1.2) lib/abstract_controller/rendering.rb:45:in
`process'
actionpack (3.1.2) lib/action_controller/metal.rb:193:in `dispatch'
actionpack (3.1.2) lib/action_controller/metal/rack_delegation.rb:
14:in `dispatch'
actionpack (3.1.2) lib/action_controller/metal.rb:236:in `block in
action'
actionpack (3.1.2) lib/action_dispatch/routing/route_set.rb:65:in
`call'
actionpack (3.1.2) lib/action_dispatch/routing/route_set.rb:65:in
`dispatch'
actionpack (3.1.2) lib/action_dispatch/routing/route_set.rb:29:in
`call'
rack-mount (0.8.3) lib/rack/mount/route_set.rb:152:in `block in call'
rack-mount (0.8.3) lib/rack/mount/code_generation.rb:96:in `block in
recognize'
rack-mount (0.8.3) lib/rack/mount/code_generation.rb:89:in
`optimized_each'
rack-mount (0.8.3) lib/rack/mount/code_generation.rb:95:in `recognize'
rack-mount (0.8.3) lib/rack/mount/route_set.rb:141:in `call'
actionpack (3.1.2) lib/action_dispatch/routing/route_set.rb:532:in
`call'
actionpack (3.1.2) lib/action_dispatch/middleware/
best_standards_support.rb:17:in `call'
rack (1.3.6) lib/rack/etag.rb:23:in `call'
rack (1.3.6) lib/rack/conditionalget.rb:25:in `call'
actionpack (3.1.2) lib/action_dispatch/middleware/head.rb:14:in `call'
actionpack (3.1.2) lib/action_dispatch/middleware/params_parser.rb:
21:in `call'
actionpack (3.1.2) lib/action_dispatch/middleware/flash.rb:247:in
`call'
rack (1.3.6) lib/rack/session/abstract/id.rb:195:in `context'
rack (1.3.6) lib/rack/session/abstract/id.rb:190:in `call'
actionpack (3.1.2) lib/action_dispatch/middleware/cookies.rb:331:in
`call'
activerecord (3.1.2) lib/active_record/query_cache.rb:64:in `call'
activerecord (3.1.2) lib/active_record/connection_adapters/abstract/
connection_pool.rb:477:in `call'
actionpack (3.1.2) lib/action_dispatch/middleware/callbacks.rb:29:in
`block in call'
activesupport (3.1.2) lib/active_support/callbacks.rb:392:in
`_run_call_callbacks'
activesupport (3.1.2) lib/active_support/callbacks.rb:81:in
`run_callbacks'
actionpack (3.1.2) lib/action_dispatch/middleware/callbacks.rb:28:in
`call'
actionpack (3.1.2) lib/action_dispatch/middleware/reloader.rb:68:in
`call'
rack (1.3.6) lib/rack/sendfile.rb:101:in `call'
actionpack (3.1.2) lib/action_dispatch/middleware/remote_ip.rb:48:in
`call'
actionpack (3.1.2) lib/action_dispatch/middleware/show_exceptions.rb:
47:in `call'
railties (3.1.2) lib/rails/rack/logger.rb:13:in `call'
rack (1.3.6) lib/rack/methodoverride.rb:24:in `call'
rack (1.3.6) lib/rack/runtime.rb:17:in `call'
activesupport (3.1.2) lib/active_support/cache/strategy/local_cache.rb:
72:in `call'
rack (1.3.6) lib/rack/lock.rb:15:in `call'
actionpack (3.1.2) lib/action_dispatch/middleware/static.rb:53:in
`call'
railties (3.1.2) lib/rails/engine.rb:456:in `call'
rack (1.3.6) lib/rack/content_length.rb:14:in `call'
railties (3.1.2) lib/rails/rack/log_tailer.rb:14:in `call'
rack (1.3.6) lib/rack/handler/webrick.rb:59:in `service'
Reply all
Reply to author
Forward
0 new messages