Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
declarative_authorization
Home
+ new post
About this group
Join this group
permissions on has_many relationships
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   9 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Edward Rudd  
View profile  
 More options Aug 31 2012, 10:28 pm
From: Edward Rudd <ur...@outoforder.cc>
Date: Fri, 31 Aug 2012 19:28:30 -0700 (PDT)
Local: Fri, Aug 31 2012 10:28 pm
Subject: permissions on has_many relationships
Print | Individual message | Show original | Report this message | Find messages by this author

Given this these models

class Developer < ActiveRecord::Base
   has_many :games
end

class Game < ActiveRecord::Base
end

I'm trying to grant permission to read a developer IF that user can read
any of the developers games.

something like

has_permission_on :developers, :to => :read do
  if_permitted_to :read, :games
end

However, that does not work. And I am having to re-define each of the
"game" permissions again as related to the developers (this duplicated
logic in my rules file)


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Eric Hu  
View profile  
 More options Sep 5 2012, 2:16 pm
From: Eric Hu <e...@lemurheavy.com>
Date: Wed, 5 Sep 2012 11:16:10 -0700
Local: Wed, Sep 5 2012 2:16 pm
Subject: Re: [decl_auth] permissions on has_many relationships
Print | Individual message | Show original | Report this message | Find messages by this author
Does it make sense to have a read permission on an individual game?  What about?

if_permitted_to :show, :games

My other idea is a total shot in the dark, but it's the only other
thing I see reading the docs on the source[1]

if_permitted_to :read, :games, context: :companies

[1]: https://github.com/stffn/declarative_authorization/blob/master/lib/de...


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Edward Rudd  
View profile  
 More options Sep 5 2012, 4:51 pm
From: Edward Rudd <ur...@outoforder.cc>
Date: Wed, 5 Sep 2012 16:51:24 -0400
Local: Wed, Sep 5 2012 4:51 pm
Subject: Re: [decl_auth] permissions on has_many relationships
Print | Individual message | Show original | Report this message | Find messages by this author

On Sep 5, 2012, at 14:16 , Eric Hu wrote:

> Does it make sense to have a read permission on an individual game?  What about?

> if_permitted_to :show, :games

This is what I tried, however it does't work.

Really I need something like a if_permitted_to :read, any { :games }

> My other idea is a total shot in the dark, but it's the only other
> thing I see reading the docs on the source[1]

> if_permitted_to :read, :games, context: :companies

Not sure if that would work, as :games isn't a single game, but a collection.  I'll have to do a lot more debugging into the depths of decl_auth and see if I can figure it out..  Right now I have a working, albeit an annoying one.

Edward Rudd
OutOfOrder.cc
Skype: outoforder_cc
317-674-3296

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Eric Hu  
View profile  
 More options Sep 5 2012, 5:25 pm
From: Eric Hu <e...@lemurheavy.com>
Date: Wed, 5 Sep 2012 14:25:23 -0700
Local: Wed, Sep 5 2012 5:25 pm
Subject: Re: [decl_auth] permissions on has_many relationships
Print | Individual message | Show original | Report this message | Find messages by this author
It seems like what you described makes sense as the default behavior
for your syntax above.  It would be consistent with the nested
'if_permitted_to' syntax:

      # if_permitted_to associations may be nested as well:
      # if_permitted_to :read, :branch => :company
      #
      # You can even use has_many associations as target. Then, it is checked
      # if the current user has the required privilege on *any* of the
target objects.
      # if_permitted_to :read, :branch => :employees

https://github.com/stffn/declarative_authorization/blob/master/lib/de...


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Edward Rudd  
View profile  
 More options Sep 5 2012, 5:32 pm
From: Edward Rudd <ur...@outoforder.cc>
Date: Wed, 5 Sep 2012 17:32:29 -0400
Local: Wed, Sep 5 2012 5:32 pm
Subject: Re: [decl_auth] permissions on has_many relationships
Print | Individual message | Show original | Report this message | Find messages by this author
On Sep 5, 2012, at 17:25, Eric Hu <e...@lemurheavy.com> wrote:

> It seems like what you described makes sense as the default behavior
> for your syntax above.  It would be consistent with the nested
> 'if_permitted_to' syntax:

>      # if_permitted_to associations may be nested as well:
>      # if_permitted_to :read, :branch => :company
>      #
>      # You can even use has_many associations as target. Then, it is checked
>      # if the current user has the required privilege on *any* of the
> target objects.
>      # if_permitted_to :read, :branch => :employees

Hmm, then I may have found a bug, as I'm not checking a nested association below games, but games itself and it is not working.  I'll write up some test cases in the decl Auth code and see if I can narrow it down.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Eric Hu  
View profile  
 More options Sep 5 2012, 5:40 pm
From: Eric Hu <e...@lemurheavy.com>
Date: Wed, 5 Sep 2012 14:40:26 -0700
Local: Wed, Sep 5 2012 5:40 pm
Subject: Re: [decl_auth] permissions on has_many relationships
Print | Individual message | Show original | Report this message | Find messages by this author
This may be a bit hacky, but is it possible to simulate a nested
association with

if_permitted_to :read, self: :games

If it does work, it would be a nice stopgap until you have time to
hunt down the bug


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Steffen Bartsch  
View profile  
 More options Sep 6 2012, 6:47 am
From: Steffen Bartsch <sbart...@tzi.de>
Date: Thu, 06 Sep 2012 12:47:44 +0200
Local: Thurs, Sep 6 2012 6:47 am
Subject: Re: [decl_auth] permissions on has_many relationships
Print | Individual message | Show original | Report this message | Find messages by this author
Am 01.09.2012 04:28, schrieb Edward Rudd:

> has_permission_on :developers, :to => :read do
>    if_permitted_to :read, :games
> end

I just checked the test cases.  There actually is a similar case that
works in authorization_tests#test_attribute_with_has_many_permissions:

         role :test_role do
           has_permission_on :permissions, :to => :test do
             if_attribute :test_attr => 1
           end
           has_permission_on :permission_children, :to => :test do
             if_permitted_to :test, :permissions
           end
         end

Or is this somehow different?

Steffen


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Edward Rudd  
View profile  
 More options Sep 6 2012, 9:37 am
From: Edward Rudd <ur...@outoforder.cc>
Date: Thu, 6 Sep 2012 09:36:58 -0400
Local: Thurs, Sep 6 2012 9:36 am
Subject: Re: [decl_auth] permissions on has_many relationships
Print | Individual message | Show original | Report this message | Find messages by this author

Sent from my iPad

On Sep 6, 2012, at 6:47, Steffen Bartsch <sbart...@tzi.de> wrote:

That does look to be exactly the same.  I'm on vaca until Friday so I'll take a deeper look at it over the weekend and extract out a more detailed error message.

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Edward Rudd  
View profile  
 More options Nov 5 2012, 9:15 am
From: Edward Rudd <ur...@outoforder.cc>
Date: Mon, 5 Nov 2012 06:15:07 -0800 (PST)
Local: Mon, Nov 5 2012 9:15 am
Subject: Re: [decl_auth] permissions on has_many relationships
Print | Individual message | Show original | Report this message | Find messages by this author

I finally got back around to this project, and I tried, and it's still not
quite working. .I've found a slight alteration that got it to work w/o the
duplication, but I'm thinking there might be some kind of bug.

Anyways.  The project is now open source under AGPLv3 at
http://github.com/humble/HumbleBugs/  The rule is on line 81,

This is what I've managed to get working

    has_permission_on :developers, :to => [:read, :read_address] do
      if_permitted_to :is_member, :games => { :ports => :developer }
    end

This is what I *assumed* should have been able to work

    has_permission_on :developers, :to => [:read, :read_address] do
      if_permitted_to :is_porter, :games
    end

However it blows an error that it can't read.  the spec test is in
specs/roles/porter_role_spec.rb line 37 ('can read including address info
for developers with games I am porting')


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google