declarative_authorization Google Group

Is there a "false" scope?

morto...@gmail.com (David Morton) — Mon, 13 May 2013 15:39:55 UT

I'm wondering if there is a way to create a rule the will always return an
empty result set... I am doing a search like:
@notes = Note.with_permission_to(:read)
But one user role type will never be able to read notes. If I don't
specify a rule for them, though, it throws an error, where I'd like to just

sql problems with has_many :through

jbrambl...@gmail.com (Jonathan Bramble) — Wed, 08 May 2013 11:35:31 UT

I have a user and coshhform models

class Coshhform < ActiveRecord::Base

using_access_control

has_many :coshhform_users

has_many :users, :through => :coshhform_users

end

and the other end of the association on user. I'm using Devise for
Authentication.

I have successfully set up declarative authorization for my other models

if_attribute fails on server but not Rails console

cthie...@gmail.com (Chris) — Wed, 10 Apr 2013 18:44:09 UT

I have an 'Application' model which has_many owners through
application_owner_assignments as well as a similar relation of has_many
operators through application_operator_assignmen ts.
I wrote the following permission to give read access to anybody who owns or
operates an application:
# Operators can read applications

Mountable engine

m...@jakubracek.net (Jakub Racek) — Thu, 07 Feb 2013 12:00:18 UT

Hello is it possible to work with declarative_authorization inside a
mountable engine please ? Let's say I have a model called Dog inside an
engine Zoo. So the constant is Zoo::Dog instead of just Dog. When Im trying
it it says "uninitialized constant Dog". Is there a way to force DA to use
the Zoo prefix module as a prefix for the Dog model? The best would be an

How to apply rules of superclass to subclasses automatically

worldinmyhe...@gmail.com (Chao Yan) — Sat, 02 Feb 2013 05:30:13 UT

I have a model S and many subclass models A, B, C, D. ...
The same rules applied to both S and A B C D ...
However, I have to add the same rules to each subclasses repeatedly.
Is there a way to apply rules for S to A B C D automatically?
Thanks

:role_ids => intersects_with {user.role_ids} != :roles => intersects_with {user.roles}

langho...@neb.com (Brad Langhorst) — Wed, 16 Jan 2013 19:34:39 UT

query
SELECT * FROM "screening_projects" WHERE (("screening_projects"."id" IN
(3,4,5)) OR (1=1))
DA seems to be interpreting the :role_ids symbol as screening_projects.id
( I don't know wehre that or 1=1 is coming from, and it's making the
role_id requirement useless)
SELECT * FROM (SELECT DISTINCT ON ("screening_projects".id)

rule gets canceled out?

morto...@gmail.com (David Morton) — Fri, 04 Jan 2013 21:21:24 UT

When I include both of the following roles into one role, it fails, but if
I remove the _family_manager include, it works.
role :some_kind_of_admin
includes :_family_manager
includes :_family_reader
end
role :_family_manager do
has_permission_on :families, :to => :manage do
if_permitted_to :manage, :children

with_permission_to confusion

marctau...@googlemail.com — Sat, 22 Dec 2012 19:17:27 UT

Users have permission to manage articles for particular combinations of
location and category.
For example Dave may be allowed to manage HR articles for Paris. Paul may
be allowed to manage Business articles for London.
The models and their associations are as follows:
- user has many permissions

check if a group of ids is in array of ids of my user

jerome.lefeu...@gmail.com (Jerome Lefeuvre) — Fri, 16 Nov 2012 11:04:10 UT

Hi,
let's say this:
user.foo_ids = [1,2]
object1.foo_ids = [1] => permitted
object2.foo_ids = [1,2] => permitted
object3.foo_ids = [1,3] => not permitted
object4.foo_ids = [1,2,3] => not permitted
What sort of key should I use for write permission rules ? is_in ? contains
? intersects_with ? a new one ?

integration with Hobo permissions

dev...@galaxygaming.com (Dan) — Tue, 30 Oct 2012 17:32:26 UT

Has anyone integrated with the Hobo library permission system? If so, can
you share your approach? If not, any ideas if these two libraries are
compatible?
I currently use authlogic for basic user authentication but want to use the
Hobo authentication with the declarative_authorization in models and

Javascript permitted_to?

cthie...@gmail.com (Chris) — Fri, 28 Sep 2012 21:39:53 UT

I use declarative_authorization as the last word on permissions
server-side, but I'd like to be able to display my UI on the frontend with
the same knowledge found via permitted_to? . In short, I'd like a JS
version of permitted_to? Is there such a thing, or is there an easy way to
dump all the available contexts and privileges of current_user?

Data-specific permissions

cthie...@gmail.com (Chris) — Fri, 21 Sep 2012 22:30:11 UT

I have an application to manage the various permissions of people and
groups. Different people and groups have different subordinates that they
can assign.
I'm using declarative_authorization and I'm curious if it has a feature for
the following problem, or if the security-conscious folks here have a

permissions on has_many relationships

ur...@outoforder.cc (Edward Rudd) — Sat, 01 Sep 2012 02:28:30 UT

Given this these models
class Developer < ActiveRecord::Base
has_many :games
end
class Game < ActiveRecord::Base
end
I'm trying to grant permission to read a developer IF that user can read
any of the developers games.
something like
has_permission_on :developers, :to => :read do
if_permitted_to :read, :games