checking permission to link_to
18 views
Skip to first unread message
suranyami
May 13, 2009, 3:48:07 AM5/13/09
to Rails Authorization Plugin
Hi... just started using rails-authorization-plugin... very nice.
Just wondering: we'd like to make some custom button_to and link_to
methods that would only show if the user is allowed to actually go
there.
Ideally, I'd like to say:
<% link_to_if_permitted "Edit", edit_thing_path(@thing) %>
We can do this the quick and dirty way by wrapping the link_to in a
conditional like this:
<% link_to "Edit", edit_thing_path(@thing) if permit?('admin or
superuser') %>
But, the problem with this is that we have already defined the role
requirements in our controller:
class ThingController < ActiveRecord::Base
permit 'admin or superuser', :only => [:edit, :update]
...
end
Unfortunately, having to define this in multiple places (Controller +
View), in very different ways is a bit of a maintenance problem for
us, since our actual controllers, views, models, etc... are quite
complex and there are lots of different roles.
Our first initial attempts at implementing an automatic way of doing
this showed up some unexpected complexity.
1. Extracting the controller and action from the polymorphic route can
be complicated.
2. Finding and interpreting what all of the :only and :except settings
defined in the controller and mapping that to the polymorphic route is
tricky.
We need to have something like this, so we'll implement it if we have
to, but it smells like something that others may have already worked
on.
Has anybody attempted anything like this? If not, any hints on how to
simplify the above goals?
Thanks in advance.
Just wondering: we'd like to make some custom button_to and link_to
methods that would only show if the user is allowed to actually go
there.
Ideally, I'd like to say:
<% link_to_if_permitted "Edit", edit_thing_path(@thing) %>
We can do this the quick and dirty way by wrapping the link_to in a
conditional like this:
<% link_to "Edit", edit_thing_path(@thing) if permit?('admin or
superuser') %>
But, the problem with this is that we have already defined the role
requirements in our controller:
class ThingController < ActiveRecord::Base
permit 'admin or superuser', :only => [:edit, :update]
...
end
Unfortunately, having to define this in multiple places (Controller +
View), in very different ways is a bit of a maintenance problem for
us, since our actual controllers, views, models, etc... are quite
complex and there are lots of different roles.
Our first initial attempts at implementing an automatic way of doing
this showed up some unexpected complexity.
1. Extracting the controller and action from the polymorphic route can
be complicated.
2. Finding and interpreting what all of the :only and :except settings
defined in the controller and mapping that to the polymorphic route is
tricky.
We need to have something like this, so we'll implement it if we have
to, but it smells like something that others may have already worked
on.
Has anybody attempted anything like this? If not, any hints on how to
simplify the above goals?
Thanks in advance.
Reply all
Reply to author
Forward
0 new messages