authlogic with declarative authorization

48 views
Skip to first unread message

Rails ROR

unread,
Jan 1, 2010, 2:21:45 AM1/1/10
to rubyonrails-talk
Hi Everybody,

I am working on authlogic with declarative authorization.

I created the authorization rules for guest, admin and superadmin.

I have publishers and subjects after one logs in.

When a guest logs in he has an authority to view, edit and show,create but not delete a publisher.

When i used the declarative authorization, filter_access_to ... I am restricting entire publishers and subjects page.

I want the page to be shown.

Here is my authorization rules page

authorization do
  
   role :guest do
     has_permission_on :publishers, :to => [:manage,:read]
   end

  role :author, :title => "Author" do
    description "The default role for Author"
    has_permission_on [:publishers,:subjects,:courses], :to => [:new, :create,:show,:edit]
  end
 
 role :admin do 
 has_permission_on :publishers, :to => :manage
 #has_permission_on [:publishers], :to => [:index, :show, :new, :create, :edit, :update, :destroy] 
 end
end
 
privileges do
 
  privilege :manage, :includes => [:create, :read, :update, :delete]
  privilege :read, :includes => [:index, :show]
  privilege :create, :includes => :new
  privilege :update, :includes => :edit
  privilege :delete, :includes => :destroy
end

In my controller

class PublishersController < ApplicationController
  filter_access_to :index, :require => :read

Please see where i went wrong.

Thanks in advance.

Rick DeNatale

unread,
Jan 1, 2010, 9:51:23 AM1/1/10
to rubyonra...@googlegroups.com

Well you never told us what wrong behavior you are seeing.

However, I notice that:

> role :guest do
> has_permission_on :publishers, :to => [:manage,:read]
> end

is inconsistent with:

> When a guest logs in he has an authority to view, edit and show,create but
> not delete a publisher.

Since the :manage privilege seems to be set up to give all permissions.

Perhaps you meant

role :guest do
has_permission_on :publishers, :to => [:read, :create, :update]
end

--
Rick DeNatale

Blog: http://talklikeaduck.denhaven2.com/
Twitter: http://twitter.com/RickDeNatale
WWR: http://www.workingwithrails.com/person/9021-rick-denatale
LinkedIn: http://www.linkedin.com/in/rickdenatale

Rails ROR

unread,
Jan 2, 2010, 12:38:29 AM1/2/10
to rubyonra...@googlegroups.com
Hi,

Oops! sorry that i couldn't post you the exact details.

When i log in as the admin , i should be able to perform all the operations but some how the admin is also restricted to perform a new or a create action.

I even tried with acl9. I think i am missing some basic point. Please tell me that.

Here is my publishers controller[ this is using acl9]

access_control :acl do
  allow :admin
  allow all, :to => [:index, :show]
  allow :author, :of => Publisher, :to => [:new, :create]
  end

but when i run the application and log in as an admin. I am restricted to create a new publisher. Am i missing out any point. Sorry i may be silly but please help me in this.

Using declarative_authorization also, when i log in as an admin i am restricted to access the publisher page.
What i need is to login with different roles and perform their actions only.

Hope i am not confusing this......

Thanks and waiting for your reply.

--

You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonra...@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-ta...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.



Rails ROR

unread,
Jan 2, 2010, 3:51:26 AM1/2/10
to rubyonra...@googlegroups.com
Hello

I have only 2 roles
1. admin and the other is the author

This is my authorization_roles.rb file


role :author, :title => "Author" do
    description "The default role for Author"
    has_permission_on [:publishers,:subjects,:courses], :to => [:new, :create,:show]

   
  end
 
 role :admin do 
 has_permission_on :publishers, :to => :manage
 #has_permission_on [:publishers], :to => [:index, :show, :new, :create, :edit, :update, :destroy] 
 end
end
 
privileges do
 
  privilege :manage, :includes => [:create, :read, :update, :delete]
  privilege :read, :includes => [:index, :show]
  privilege :create, :includes => :new
  privilege :update, :includes => :edit
  privilege :delete, :includes => :destroy

When i log in with the admin credentials i am restricted to delete a record inspite of me having a permission to delete a record.
How are the roles identified?
Do i need to write any code in the controller that identifies the author and the admin

In the controller i just wrote filter_access method.

Am i missing something?

Please please......... help me

Thankyou.
On Fri, Jan 1, 2010 at 6:51 AM, Rick DeNatale <rick.d...@gmail.com> wrote:
Reply all
Reply to author
Forward
0 new messages