Authorization to update a model attribute.

[Arthur]

Hi, thanks for your plugin.

For a project of mine, I may need to have something more specific that
CRUD rights on records.
I want read and update rights per attributes for some of them.

Did you know some plugins that do that,
or do you think that this feature could be added to
declarative_authorization ? (by me or someone else...)

Thanks,
Arthur

[Steffen Bartsch]

Hi Arthur,

Am Dienstag, 3. Februar 2009 schrieb Arthur:
> For a project of mine, I may need to have something more specific that
> CRUD rights on records.
> I want read and update rights per attributes for some of them.

It obviously depends on the granularity that you need. One simpler solution
is to separate the models into a model hierarchy (using STI). Thus, you
could define permissions on different models again.

> Did you know some plugins that do that,

I'm not aware of any plugin that specifically does that. I haven't
specifically sought for that, yet, though.

> or do you think that this feature could be added to
> declarative_authorization ? (by me or someone else...)

There are two parts to this. On the one hand, one needs to define a syntax
for the authorization rules.

The second part is the actual checking of the attributes. For named scopes
this is quite difficult, I'd say, as we currently only rewrite the query for
additional conditions.

For checking before any update or create, this should be fairly straight
forward.

I can't currently imagine how attribute-based restrictions would work on the
controller level.

Steffen