Rules for all roles are applied to users without any role

10 views
Skip to first unread message

betasheet

unread,
Nov 24, 2011, 9:26:12 AM11/24/11
to cantango
Hi,

we're facing another small problem.
If a user does not have any role, then the permissions for every role
are applied to it.
Based on the code in cantango/filters/filter.rb (see below), this
seems to be on purpose - is that true? What's the reason for it?

def in_include_list?
return true if include_list.empty?
include_list.include? item
end

Best regards
Eric

Kristian Mandrup

unread,
Nov 24, 2011, 11:08:38 AM11/24/11
to cant...@googlegroups.com
Oh, that is not the purpose. Could be something @stanislaw added not realizing the effect. Maybe my mistake!?
It's clearly a bug and something we should have covered by the specs. Thanks!
You are most welcome to add a spec for this case… hehe
Otherwise, pull the latest master, make the fix, push to your own fork and send me a pull request. The way to go… let's work together!

Kris

Kristian Mandrup

unread,
Nov 24, 2011, 3:50:03 PM11/24/11
to cant...@googlegroups.com
BTW: There is no reason that you should be in any way constrained that I don't push the fixes directly to my master, instead do the following.

One of you forks cantango:master on his own github account, then have everyone in the project reference this fork via the :git option on the gem

gem 'cantering', :git => 'git://github.com/betasheet/cantango'

Now any changes you make, bugs you fix etc. push these to the fork. Then give me a pull-request from github so I can merge those improvements!
Thanks :)

Kris

On Nov 24, 2011, at 3:26 PM, betasheet wrote:

Kristian Mandrup

unread,
Nov 24, 2011, 5:28:44 PM11/24/11
to cant...@googlegroups.com
Ok, fixed the filter bug and pushed to master

On Nov 24, 2011, at 3:26 PM, betasheet wrote:

betasheet

unread,
Nov 24, 2011, 6:36:07 PM11/24/11
to cantango
Great, thanks a lot :)
The separate github is a good idea, we'll probably go that way for
future bugs or changes.
Sometimes, it's just a little unclear for us, whether it's a bug or
some misconfiguration or similar.
With that empty list, for example, it just might have been that the
statement was necessary for some other "filter" to work correctly and
that we just didn't know about. That's why we're coming back to you
with all of this ;)

Eric

betasheet

unread,
Dec 16, 2011, 9:57:50 AM12/16/11
to cantango
In some way, this fix seems to have broken the RolePermits (which we
tried to add today ..)
When they are built (in role_permit/builder.rb), the RolePermits are
validated using a filter with an empty role list, which now results in
a false message for every call of filter.valid in builder.rb.
I guess, that's the reason why the statement was "return true if
include_list.empty?" previously. Maybe the method should only return
true if the list is nil (i.e. not set), but false if it is empty (but
set)?

Best regards
Eric

Kristian Mandrup

unread,
Dec 16, 2011, 12:50:54 PM12/16/11
to cant...@googlegroups.com
Hi,

I hope you can make it work! I'm working hard in order to release a new CanTango v.1.0 which has 95% spec coverage which should make it much easier to work with and extend. The role filters is actually not very useful, since you already have the ability via config.permits to disable specific permits of a certain type. Good luck!

Kris

Reply all
Reply to author
Forward
0 new messages