Combining :and and :or logic in a has_permission_to block
28 views
Skip to first unread message
Edward Rudd
Oct 19, 2011, 11:57:24 AM10/19/11
to declarative_authorization
I would like to some how express this kind of logic
has_permission_on :model, :to => :read do
# (
if_attribute :author => is { user }
# OR
if_attribute :reporter => is { user }
# )
# AND
if_attribute :site => is_in { user.sites }
end
Of course that in reality treats everything as "or" and if i
specify :join_by => :and, it treats all as "and"..
Is there anyway to do a mixed?
has_permission_on :model, :to => :read do
# (
if_attribute :author => is { user }
# OR
if_attribute :reporter => is { user }
# )
# AND
if_attribute :site => is_in { user.sites }
end
Of course that in reality treats everything as "or" and if i
specify :join_by => :and, it treats all as "and"..
Is there anyway to do a mixed?
MattS
Jan 13, 2012, 10:52:44 PM1/13/12
to declarative_...@googlegroups.com
Hi Edward,
Yes, you can do a mixed boolean expression this way. It's not very elegant but it's the only way I know how.
Putting attribute checks on the same line ANDs them so you have to duplicate them in this case.
Not very DRY at all but it's all I know. I hope there would a better way since this is pretty common.
has_permission_on :user_levels, :to => [:manage] do
if_attribute :author => is { user } , if_attribute :site => is_in { user.sites }
if_attribute :reporter => is { user } , if_attribute :site => is_in { user.sites }
end
MattS
Jan 13, 2012, 11:31:21 PM1/13/12
to declarative_...@googlegroups.com
Oops, I copy/pasted wrong. This is right:
has_permission_on :model, :to => :read do
if_attribute :author => is { user } , :site => is_in { user.sites }
if_attribute :reporter => is { user } , :site => is_in { user.sites }
end
Edward Rudd
Jan 14, 2012, 9:46:43 AM1/14/12
to declarative_...@googlegroups.com, declarative_...@googlegroups.com
Hmm.. I'll try that. What I have been doing is splitting it up into fake permissions.
has_permission_on :model, :to => :read_base do
if_attribute :author => is { user }
if_attribute :reporter => is { user }
end
has_permission_on :model, :to => :read, :join_by => :and do
if_permitted_to :read_base
If_attribute :site => is_in { user.sites }
end
It's a tad bit more verbose, but is more dry. It is nice to know that I can do multiple attribute checks in a line though to do and.
Sent from my iPad
--
You received this message because you are subscribed to the Google Groups "declarative_authorization" group.
To view this discussion on the web visit https://groups.google.com/d/msg/declarative_authorization/-/ANGu9PK9Cc8J.
To post to this group, send email to declarative_...@googlegroups.com.
To unsubscribe from this group, send email to declarative_author...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/declarative_authorization?hl=en.
Reply all
Reply to author
Forward
0 new messages