:role_ids => intersects_with {user.role_ids} != :roles => intersects_with {user.roles}

Skip to first unread message

Brad Langhorst

Jan 16, 2013, 2:34:39 PM1/16/13
to declarative_...@googlegroups.com
:role_ids => intersects_with {user.role_ids} generates this (incorrect) query

SELECT * FROM "screening_projects" WHERE (("screening_projects"."id" IN (3,4,5)) OR (1=1))

DA seems to be interpreting the :role_ids symbol as screening_projects.id

:roles => intersects_with {user.roles} generates this nearly correct query ( I don't know wehre that or 1=1 is coming from, and it's making the role_id requirement useless)

SELECT * FROM (SELECT DISTINCT ON ("screening_projects".id) "screening_projects".id, screening_projects.display_order AS alias_0 FROM "screening_projects" LEFT OUTER JOIN "screening_project_roles" ON ("screening_projects"."id" = "screening_project_roles"."screening_project_id") LEFT OUTER JOIN "roles" ON ("roles"."id" = "screening_project_roles"."role_id") WHERE (("roles"."id" IN (3,4,5)) OR (1=1)) ) AS id_list ORDER BY id_list.alias_0 LIMIT 1

Is this a bug, or do I misunderstand what is meant by the :role_ids => intersects_with {user.role_ids}  statement?


Brad Langhorst

Jan 16, 2013, 3:28:41 PM1/16/13
to declarative_...@googlegroups.com
I think the 1=1 business from my previous post is a DA bug.
I've filed a pull request to fix it.

Langhorst, Brad

Jan 16, 2013, 7:56:45 PM1/16/13
to <declarative_authorization@googlegroups.com>
I should have checked more carefully… the 1=1 was coming from another rule that I did not notice.
I have closed that pull request.

Sorry for any confusion.

On Jan 16, 2013, at 3:28 PM, Brad Langhorst <lang...@neb.com>

You received this message because you are subscribed to the Google Groups "declarative_authorization" group.
To view this discussion on the web visit https://groups.google.com/d/msg/declarative_authorization/-/EEH_Dc_hZasJ.
To post to this group, send email to declarative_...@googlegroups.com.
To unsubscribe from this group, send email to declarative_author...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/declarative_authorization?hl=en.

Brad Langhorst

Reply all
Reply to author
0 new messages