has_permission_on with non attribute condition

38 views
Skip to first unread message

Benjamin Moses Lieb

unread,
Jun 28, 2011, 10:15:59 AM6/28/11
to declarative_authorization
I want to give authorization to a specific action if a session
variable is set in my app. I can't figure out how to do this.
Something like:

has_permission_on :admin, :to => :action do
true if session[:key]
end

I don't understand how to accomplish this basic task. Any help
appreciated.

Steffen Bartsch

unread,
Jul 1, 2011, 2:11:47 PM7/1/11
to declarative_...@googlegroups.com
Am Dienstag, 28. Juni 2011 schrieb Benjamin Moses Lieb:
> I want to give authorization to a specific action if a session
> variable is set in my app. I can't figure out how to do this.
> Something like:
>
> has_permission_on :admin, :to => :action do
> true if session[:key]
> end

Wouldn't it be easier to set the user's role based on session[:key]?

Please have a look at the examples in the README.

Steffen

Benjamin Moses Lieb

unread,
Jul 5, 2011, 1:00:51 PM7/5/11
to declarative_authorization
I don't personally think so, but that's not really my question. I
tried to indicated this in the title of my post by "non attribute
condition". I want to know how to refer to the environment of my app
and allow or deny access based on arbitrary conditions, not just roles
of the user, and attributes of once particular class variable, ie
@my_controller. What If I want to allow :member access if they own the
record, but not on weekends? I of course could put the weekend check
in the controller, but that's an auth issue to me, not a logic issue.

So regardless of what would be easier/better/different, I would still
like to understand how I can pass or flunk auth in the do block based
on arbitrary conditions. If this is not possible, I will probably be
moving to another auth library. I would prefer not to do this. Please,
anyone with some information let me know.

I also emailed the gem author last week, but have not heard back.

Steffen Bartsch

unread,
Jul 6, 2011, 2:49:23 AM7/6/11
to declarative_...@googlegroups.com
Am Dienstag, 5. Juli 2011 schrieb Benjamin Moses Lieb:
> So regardless of what would be easier/better/different, I would still
> like to understand how I can pass or flunk auth in the do block based
> on arbitrary conditions.

It isn't possible. Conditions are meant to be object/user-specific.

There have been discussions on this list on how to implement arbitrary
conditions, but I have yet to receive a patch on that. The primary problem is
that we should be able to turn the conditions into db query conditions.

> I also emailed the gem author last week, but have not heard back.

That's me :)

Steffen

Benjamin Moses Lieb

unread,
May 7, 2012, 4:37:57 PM5/7/12
to declarative_...@googlegroups.com
Has this situation been addressed or changed? I would still like to flunk/pass auth tests based on arbitrary ruby conditions...
Reply all
Reply to author
Forward
0 new messages