Authorization for array of objects

14 views
Skip to first unread message

Rubish

unread,
Jan 29, 2010, 7:42:43 AM1/29/10
to acl9-discuss
I am pretty new to ruby and even new acl9 and started using acl9 2
days back. I am stuck at a point and need help.

I get the ids of applications from the view and using them i create an
array of applications in the before filter. User should have a role
for each one of them to be authorized to proceed.

Approach 1
I was trying some thing like
in before filter:
@applications = Application.find_all_by_id(params[:app_ids])

In access control block
allow :super_admin, :publisher_admin, :demo_user, :of
=> :applications, :to => pages_require_application_role

But that gives me an error : undefined method `base_class' for
Array:Class

Approach 2
Then i thought that i have already loaded the applications in my
before filter, so i will iterate over them in access control block and
deny if the user doesn't have a the role for any of the applications

In access control block
if !@applications.blank?
@applications.each do |application|
if !@current_user.has_role(:owner, application)
deny all
end
allow :owner
end
else
puts "In else block"
end

But this always throws me in the else block. On printing messages at
different places i reached to a conclusion that access control block
is called before before_filters, although the before filters are
called before the access control block in the controller.

I am not sure what i am doing wrong and also am very confused about
the flow of access control block and before filters.

Looking forward for a quick and helpful response.

-- Rubish

Rubish

unread,
Jan 31, 2010, 3:15:18 PM1/31/10
to acl9-discuss
I am still struggling with the problem. Trying out different things
and looking at the allow and deny methods, although not sure, i think
that acl9 creates rules when allow and deny are called. After that
before filters are called and after that rules are applied. So now i
need to figure out a way to call or execute the before filters before
the access control block or i can call the method generating instance
variables required in acl9 block before calling allow and deny. I
couldn't find a way to do the first, but tried second and that one
also didn't helped me much. Seems like i can not call controller
methods in acl9 block. sad :(
Please help.

On Jan 29, 5:42 pm, Rubish <rubishgupt...@gmail.com> wrote:
> I am pretty new to ruby and even new acl9 and started using acl9 2
> days back. I am stuck at a point and need help.
>
> I get the ids of applications from the view and using them i create an
> array of applications in the before filter. User should have a role
> for each one of them to be authorized to proceed.
>
> Approach 1
> I was trying some thing like
> in before filter:
> @applications = Application.find_all_by_id(params[:app_ids])
>
> In access control block
> allow :super_admin, :publisher_admin, :demo_user, :of
> => :applications, :to => pages_require_application_role
>
> But that gives me an error : undefined method `base_class' for
> Array:Class
>
> Approach 2
> Then i thought that i have already loaded the applications in my
> before filter, so i will iterate over them in access control block and
> deny if the user doesn't have a the role for any of the applications
>
> In access control block

> if !...@applications.blank?

Jeremiah Messerer

unread,
Jan 31, 2010, 4:08:50 PM1/31/10
to acl9-d...@googlegroups.com
I am not familiar with the details of ACL9. I tried to use it for my project but it wasn't a great fit, so I moved on to something else. I am looking into CanCan.

Sorry I am not much help :-(,

Jeremiah

oleg dashevskii

unread,
Feb 1, 2010, 12:14:22 AM2/1/10
to acl9-d...@googlegroups.com
access_control block generates before_filter itself.

So, if you have something like

class MyController < ApplicationController
    before_filter :set_ivars

    access_control do
        allow :role, :of => :foo
        deny :role2, :of => :bar
    end

    private
    
    def set_ivars
        @foo = ...
        @bar = ....
    end
end

acl block will "execute" after set_ivars method and @foo, @bar will be available.

2010/2/1 Rubish <rubish...@gmail.com>



--
Олег.

Rubish

unread,
Feb 1, 2010, 12:58:02 AM2/1/10
to acl9-discuss
@oleg, Thanks for the reply:
I understand that the @foo and @bar will be available in final acl
block, which applies the rules, that works well for me :)

However in my application I want to check "authorization" over an
array of objects. In case the authorization fails on any one of the
objects, the user should get access denied. Any idea on how can I
setup this up using ACL9.

-Thanks,
</Rubish>


On Feb 1, 10:14 am, oleg dashevskii <olegdashevs...@gmail.com> wrote:
> access_control block generates before_filter itself.
>
> So, if you have something like
>
> class MyController < ApplicationController
>     before_filter :set_ivars
>
>     access_control do
>         allow :role, :of => :foo
>         deny :role2, :of => :bar
>     end
>
>     private
>
>     def set_ivars
>         @foo = ...
>         @bar = ....
>     end
> end
>
> acl block will "execute" after set_ivars method and @foo, @bar will be
> available.
>

> 2010/2/1 Rubish <rubishgupt...@gmail.com>

Rubish

unread,
Feb 1, 2010, 2:49:31 AM2/1/10
to acl9-discuss
Problem solved :)

I didn't explored the :if and :unless in allow and deny. Using :if
solved my problem. Now i have a method
def has_bars_access
if !@bars.blank?
@bars.each do |bar|
return false if !current_user.has_role(:owner, bar)
end
end
return true
end

and in access control block i do
allow :owner, :to => :whatever, :if => :has_bars_access

Thanks to all for help :)

Reply all
Reply to author
Forward
0 new messages