permissions issue
Mike
This is probably a silly issue, but I can't seem to find a way to
search for the answer.
I'm setting the def view_permitted?(field) on a custom object that
belongs to a user with three possible conditions:
def view_permitted?(field)
owner_is? acting_user ||
acting_user.administrator? ||
acting_user.super?
logger.info "OK"
end
When I add any logger line in, everything works fine - if I comment
that out, or remove it, then I get a permission denied error.
def super? is defined for the user model, and so is the owner
relationship. Truly, everything works fine if I leave a logging
message in....any ideas?
Thanks,
Mike
Henry Baragar
On September 26, 2011 10:49:22 PM Mike wrote:
> Hi all,
>
> This is probably a silly issue, but I can't seem to find a way to
> search for the answer.
>
> I'm setting the def view_permitted?(field) on a custom object that
> belongs to a user with three possible conditions:
>
> def view_permitted?(field)
>
> owner_is? acting_user ||
> acting_user.administrator? ||
> acting_user.super?
>
This statement is interpretted as:
owner_is?(acting_user || acting_user.administrator? || acting_user.super?)
because || binds tighter than method call.
It further reduces to
owner_is?(acting_user)
because if acting_user is true, then it will never evaluate the rest.
The solution is
owner_is(acting_user) ||
...
> logger.info "OK"
>
The always returns true, so I believe that you are testing an administrator or super, and not the owning user.
Hope this helps,
Henry
> end
>
> When I add any logger line in, everything works fine - if I comment
> that out, or remove it, then I get a permission denied error.
>
> def super? is defined for the user model, and so is the owner
> relationship. Truly, everything works fine if I leave a logging
> message in....any ideas?
>
> Thanks,
>
> Mike
--
Henry Baragar
Instantiated Software
kevinpfromnm
return false unless owner_is?(acting_user) or acting_user.administrator? or acting_user.super?
logger.info "OK"
Or as a one liner:
logger.info "OK" if owner_is?...