Nested Security
6 views
Skip to first unread message
Meech
Jan 1, 2008, 5:16:03 PM1/1/08
to ActiveScaffold : Ruby on Rails plugin
I'm like 2 for 5 in asking questions here, but lets try another....
I have an AS that has several nested links, ala client->[contacts,
comments, purchase_orders]
How do I specify whether or not those links appear, and how limited
their functionality is?
I see that the nested_authorized method is called for each, but
without any context as to which one it's calling for. It is
essentially a blind all nested or no nested toggle.
AS still calls Client.authorized_for_read? on each nested link, which
seems to serve no purpose.
If I disable the read right on the child model, I still get rendered
blank rows (ugh)
Unless anybody has already tackled this and has a more elegant
solution, my options seem to be:
#1 - Use a virtual column
#2 - hack _list_actions to set/pass the current link in a way that
nested_authorized? can read it.
I'd like to keep all the actions in the actions column, and use the
native nested_link capabilities within AS, so I'm leaning towards #2.
I have an AS that has several nested links, ala client->[contacts,
comments, purchase_orders]
How do I specify whether or not those links appear, and how limited
their functionality is?
I see that the nested_authorized method is called for each, but
without any context as to which one it's calling for. It is
essentially a blind all nested or no nested toggle.
AS still calls Client.authorized_for_read? on each nested link, which
seems to serve no purpose.
If I disable the read right on the child model, I still get rendered
blank rows (ugh)
Unless anybody has already tackled this and has a more elegant
solution, my options seem to be:
#1 - Use a virtual column
#2 - hack _list_actions to set/pass the current link in a way that
nested_authorized? can read it.
I'd like to keep all the actions in the actions column, and use the
native nested_link capabilities within AS, so I'm leaning towards #2.
Meech
Jan 2, 2008, 11:56:22 AM1/2/08
to ActiveScaffold : Ruby on Rails plugin
Answering my own question....
After getting a good nights sleep, I came up with 2 better
alternatives.
#1 - Skip using the nested.add_link in favor of a regular
action_links.add
#2 - Enhance nested.add_link to accept a :security_method
I like the brevity of the nested.add_link, so I just modified config/
nested.rb to accept an options hash:
def add_link(label, models, options={})
options = {
:security_method => :nested_authorized?
}.merge(options)
@core.action_links.add('nested', :label => label, :type
=> :record, :security_method => options[:security_method], :position
=> :after, :parameters => {:associations => models.join(' ')})
end
After getting a good nights sleep, I came up with 2 better
alternatives.
#1 - Skip using the nested.add_link in favor of a regular
action_links.add
#2 - Enhance nested.add_link to accept a :security_method
I like the brevity of the nested.add_link, so I just modified config/
nested.rb to accept an options hash:
def add_link(label, models, options={})
options = {
:security_method => :nested_authorized?
}.merge(options)
@core.action_links.add('nested', :label => label, :type
=> :record, :security_method => options[:security_method], :position
=> :after, :parameters => {:associations => models.join(' ')})
end
Reply all
Reply to author
Forward
0 new messages