[decl_auth] Authorizing for a controller depending on value of an attribute of another table

[dev]

Hi,

In my application i have a controller contracts_controller and i
want to apply authorization on it using a column(contract_expiry_date)
of user table.

On searching i find out only if_attribute :user_id => is {user} and
nothing else. that checks the attribute of controller on which we want
to apply authorization.

How can i check contract_expiry_date of user table to authorize
contract controller.

Thanks
Dev

[jearlu]

Try the following:

if_attribute :contract_expiry_date => is {user.contract_expiry_date}

Also, remember to add :attribute_check => true when calling
filter_access_to in the users controller.

filter_access_to :index, :new, :create, :show, :update, :destroy, :attribute_check
=> true

[dev]

I don't have :contract_expiry_date attribute in contracts. it is only
defined in user table. and i want to user this attribute of user table
to apply authorization on contracts controller.

> > How can i check contract_expiry_date of usertableto authorize
> > contract controller.
>
> > Thanks
> > Dev

[jearlu]

I don't believe that you can run an if_attribute check against the
user table from the contracts controller, as if_attribute checks
attributes against the table associated with the controller.

It's seems more natural to have contract_expiry_date as an attribute
of the contracts, as there are many people who are not bound by
contracts. I would instead consider moving this column to the
contracts table... it seems much more at home there.

[dev]

Actually it is for all contracts related to a particular user that is
why it is in user table.
And i knew that i can't use if_attribute..Since it can be used only
for controller on which we want to apply authorization.
I solved it........
Here is my Solution, for reference :---
1. I created Authorization.current_user in application_controller.
2. In authorization_rules.rb

role :normal_user do
if Authorization.current_user.contract_expiry_date >
Time.now
has_permission_on [:timesheets], :to =>
[:new, :create, :edit, :update, :destroy]
end
end

Thanks for your replies Jearlu.. :)

Dev

[dev]

I have one more issue...
In my controller when i use..
filter_access_to :new, :create
or filter_access_to :all, :except => [:show, :index]
i am still not able to view show page...Any Idea

[jearlu]

Check your development log... do you see any errors? It's hard to say
without some more detail.

[Alan]

I think you can do it, can't you? Syntax would be something like

has_permission_on :contract, :to => [:update] do
if_attribute :user => { :contract_expiry_date => ... }
end

No?

[Alan]

> I have to check whether it is greater than Time.now or not.
> With this how will i use greater than(>) sign.

Look in reader.rb. You have the option of using :lt, :gte, etc. I
guess Time.now will work in the block.