User doesn't implement #has_role?
19 views
Skip to first unread message
spacemeli
Jun 25, 2009, 5:41:00 AM6/25/09
to Rails Authorization Plugin
Hi,
I'm using this plugin with the restful-authentication one. I created a
user with a role "admin"
I log the user and want to access to the UserAdmin controller :
class AdminUserController < ApplicationController
before_filter :login_required
permit 'admin'
def show
@users = User.find(:all)
end
end
But when I get to this url http://localhost:3000/admin_user/show I got
this error User doesn't implement #has_role?
I made some research but found nothing. I hope someone could help me.
Thanks in advance.
I'm using this plugin with the restful-authentication one. I created a
user with a role "admin"
I log the user and want to access to the UserAdmin controller :
class AdminUserController < ApplicationController
before_filter :login_required
permit 'admin'
def show
@users = User.find(:all)
end
end
But when I get to this url http://localhost:3000/admin_user/show I got
this error User doesn't implement #has_role?
I made some research but found nothing. I hope someone could help me.
Thanks in advance.
erwin
Jun 25, 2009, 5:44:01 PM6/25/09
to Rails Authorization Plugin
did you put
acts_as_authorized_user
acts_as_authorizable
in your User Model ?
On 25 juin, 11:41, spacemeli <spacem...@googlemail.com> wrote:
> Hi,
>
> I'm using this plugin with the restful-authentication one. I created a
> user with a role "admin"
> I log the user and want to access to the UserAdmin controller :
>
> class AdminUserController < ApplicationController
> before_filter :login_required
> permit 'admin'
>
> def show
> @users = User.find(:all)
> end
>
> end
>
> But when I get to this urlhttp://localhost:3000/admin_user/showI got
acts_as_authorized_user
acts_as_authorizable
in your User Model ?
On 25 juin, 11:41, spacemeli <spacem...@googlemail.com> wrote:
> Hi,
>
> I'm using this plugin with the restful-authentication one. I created a
> user with a role "admin"
> I log the user and want to access to the UserAdmin controller :
>
> class AdminUserController < ApplicationController
> before_filter :login_required
> permit 'admin'
>
> def show
> @users = User.find(:all)
> end
>
> end
>
Melissa Verduci
Jun 26, 2009, 3:50:41 AM6/26/09
to yves_...@mac.com, Rails Authorization Plugin
Yes I did, It worked, but now I have another problem :
Declare either attr_protected or attr_accessible for User, but not both.
Do you know where it can come frome ?
Declare either attr_protected or attr_accessible for User, but not both.
Do you know where it can come frome ?
2009/6/25 erwin <yves_...@mac.com>
Glenn Rempe
Jun 26, 2009, 1:16:14 PM6/26/09
to Rails Authorization Plugin
From the plugin changelog:
* Removed attr_protected declaration from acts_as_authorized_user,
acts_as_authorizable methods. These conflicted with usage of the
Authorization plugin with models generated by the
restful_authentication generator or any model that specified the safer
attr_accessible whitelist. RA encourages the safer attr_accessible
whitelisting of attributes that are accessible from its models. You
cannot apply both attr_accessible and attr_protected in the same
model. Users are encouraged to specify a whitelist of attr_accessible
model attributes for their applications security.
Here is a little more background:
http://somethinglearned.com/articles/2006/05/24/best-practices-a-strong-case-for-attr_accessible-part-2
Cheers
On Jun 26, 12:50 am, Melissa Verduci <spacem...@googlemail.com> wrote:
> Yes I did, It worked, but now I have another problem :
> Declare either attr_protected or attr_accessible for User, but not both.
>
> Do you know where it can come frome ?
>
> 2009/6/25 erwin <yves_duf...@mac.com>
* Removed attr_protected declaration from acts_as_authorized_user,
acts_as_authorizable methods. These conflicted with usage of the
Authorization plugin with models generated by the
restful_authentication generator or any model that specified the safer
attr_accessible whitelist. RA encourages the safer attr_accessible
whitelisting of attributes that are accessible from its models. You
cannot apply both attr_accessible and attr_protected in the same
model. Users are encouraged to specify a whitelist of attr_accessible
model attributes for their applications security.
Here is a little more background:
http://somethinglearned.com/articles/2006/05/24/best-practices-a-strong-case-for-attr_accessible-part-2
Cheers
On Jun 26, 12:50 am, Melissa Verduci <spacem...@googlemail.com> wrote:
> Yes I did, It worked, but now I have another problem :
> Declare either attr_protected or attr_accessible for User, but not both.
>
> Do you know where it can come frome ?
>
Reply all
Reply to author
Forward
0 new messages