Hi Everybody, I am working on authlogic with declarative authorization. I created the authorization rules for guest, admin and superadmin. I have publishers and subjects after one logs in. When a guest logs in he has an authority to view, edit and show,create but not delete a publisher. When i used the declarative authorization, filter_access_to ... I am restricting entire publishers and subjects page. I want the page to be shown. Here is my authorization rules page authorization do role :guest do has_permission_on :publishers, :to => [:manage,:read] end role :author, :title => "Author" do description "The default role for Author" has_permission_on [:publishers,:subjects,:courses], :to => [:new, :create,:show,:edit] end role :admin do has_permission_on :publishers, :to => :manage #has_permission_on [:publishers], :to => [:index, :show, :new, :create, :edit, :update, :destroy] end end privileges do privilege :manage, :includes => [:create, :read, :update, :delete] privilege :read, :includes => [:index, :show] privilege :create, :includes => :new privilege :update, :includes => :edit privilege :delete, :includes => :destroy end In my controller class PublishersController < ApplicationController filter_access_to :index, :require => :read Please see where i went wrong. Thanks in advance. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Fri, Jan 1, 2010 at 2:21 AM, Rails ROR <developrails-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi Everybody, > > I am working on authlogic with declarative authorization. > > I created the authorization rules for guest, admin and superadmin. > > I have publishers and subjects after one logs in. > > When a guest logs in he has an authority to view, edit and show,create but > not delete a publisher. > > When i used the declarative authorization, filter_access_to ... I am > restricting entire publishers and subjects page. > > I want the page to be shown. > > Here is my authorization rules page > > authorization do > > role :guest do > has_permission_on :publishers, :to => [:manage,:read] > end > > role :author, :title => "Author" do > description "The default role for Author" > has_permission_on [:publishers,:subjects,:courses], :to => [:new, > :create,:show,:edit] > end > > role :admin do > has_permission_on :publishers, :to => :manage > #has_permission_on [:publishers], :to => [:index, :show, :new, :create, > :edit, :update, :destroy] > end > end > > privileges do > > privilege :manage, :includes => [:create, :read, :update, :delete] > privilege :read, :includes => [:index, :show] > privilege :create, :includes => :new > privilege :update, :includes => :edit > privilege :delete, :includes => :destroy > end > > In my controller > > class PublishersController < ApplicationController > filter_access_to :index, :require => :read > > Please see where i went wrong.Well you never told us what wrong behavior you are seeing. However, I notice that:> role :guest do > has_permission_on :publishers, :to => [:manage,:read] > endis inconsistent with:> When a guest logs in he has an authority to view, edit and show,create but > not delete a publisher.Since the :manage privilege seems to be set up to give all permissions. Perhaps you meant role :guest do has_permission_on :publishers, :to => [:read, :create, :update] end -- Rick DeNatale Blog: http://talklikeaduck.denhaven2.com/ Twitter: http://twitter.com/RickDeNatale WWR: http://www.workingwithrails.com/person/9021-rick-denatale LinkedIn: http://www.linkedin.com/in/rickdenatale -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Hi, Oops! sorry that i couldn''t post you the exact details. When i log in as the admin , i should be able to perform all the operations but some how the admin is also restricted to perform a new or a create action. I even tried with acl9. I think i am missing some basic point. Please tell me that. Here is my publishers controller[ this is using acl9] access_control :acl do allow :admin allow all, :to => [:index, :show] allow :author, :of => Publisher, :to => [:new, :create] end but when i run the application and log in as an admin. I am restricted to create a new publisher. Am i missing out any point. Sorry i may be silly but please help me in this. Using declarative_authorization also, when i log in as an admin i am restricted to access the publisher page. What i need is to login with different roles and perform their actions only. Hope i am not confusing this...... Thanks and waiting for your reply. On Fri, Jan 1, 2010 at 6:51 AM, Rick DeNatale <rick.denatale-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>wrote:> On Fri, Jan 1, 2010 at 2:21 AM, Rails ROR <developrails-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > Hi Everybody, > > > > I am working on authlogic with declarative authorization. > > > > I created the authorization rules for guest, admin and superadmin. > > > > I have publishers and subjects after one logs in. > > > > When a guest logs in he has an authority to view, edit and show,create > but > > not delete a publisher. > > > > When i used the declarative authorization, filter_access_to ... I am > > restricting entire publishers and subjects page. > > > > I want the page to be shown. > > > > Here is my authorization rules page > > > > authorization do > > > > role :guest do > > has_permission_on :publishers, :to => [:manage,:read] > > end > > > > role :author, :title => "Author" do > > description "The default role for Author" > > has_permission_on [:publishers,:subjects,:courses], :to => [:new, > > :create,:show,:edit] > > end > > > > role :admin do > > has_permission_on :publishers, :to => :manage > > #has_permission_on [:publishers], :to => [:index, :show, :new, :create, > > :edit, :update, :destroy] > > end > > end > > > > privileges do > > > > privilege :manage, :includes => [:create, :read, :update, :delete] > > privilege :read, :includes => [:index, :show] > > privilege :create, :includes => :new > > privilege :update, :includes => :edit > > privilege :delete, :includes => :destroy > > end > > > > In my controller > > > > class PublishersController < ApplicationController > > filter_access_to :index, :require => :read > > > > Please see where i went wrong. > > Well you never told us what wrong behavior you are seeing. > > However, I notice that: > > > role :guest do > > has_permission_on :publishers, :to => [:manage,:read] > > end > > is inconsistent with: > > > When a guest logs in he has an authority to view, edit and show,create > but > > not delete a publisher. > > Since the :manage privilege seems to be set up to give all permissions. > > Perhaps you meant > > role :guest do > has_permission_on :publishers, :to => [:read, :create, :update] > end > > > > -- > Rick DeNatale > > Blog: http://talklikeaduck.denhaven2.com/ > Twitter: http://twitter.com/RickDeNatale > WWR: http://www.workingwithrails.com/person/9021-rick-denatale > LinkedIn: http://www.linkedin.com/in/rickdenatale > > -- > > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org> > . > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Hello I have only 2 roles 1. admin and the other is the author This is my authorization_roles.rb file role :author, :title => "Author" do description "The default role for Author" has_permission_on [:publishers,:subjects,:courses], :to => [:new, :create,:show] end role :admin do has_permission_on :publishers, :to => :manage #has_permission_on [:publishers], :to => [:index, :show, :new, :create, :edit, :update, :destroy] end end privileges do privilege :manage, :includes => [:create, :read, :update, :delete] privilege :read, :includes => [:index, :show] privilege :create, :includes => :new privilege :update, :includes => :edit privilege :delete, :includes => :destroy When i log in with the admin credentials i am restricted to delete a record inspite of me having a permission to delete a record. How are the roles identified? Do i need to write any code in the controller that identifies the author and the admin In the controller i just wrote filter_access method. Am i missing something? Please please......... help me Thankyou. On Fri, Jan 1, 2010 at 6:51 AM, Rick DeNatale <rick.denatale-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>wrote:> On Fri, Jan 1, 2010 at 2:21 AM, Rails ROR <developrails-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > Hi Everybody, > > > > I am working on authlogic with declarative authorization. > > > > I created the authorization rules for guest, admin and superadmin. > > > > I have publishers and subjects after one logs in. > > > > When a guest logs in he has an authority to view, edit and show,create > but > > not delete a publisher. > > > > When i used the declarative authorization, filter_access_to ... I am > > restricting entire publishers and subjects page. > > > > I want the page to be shown. > > > > Here is my authorization rules page > > > > authorization do > > > > role :guest do > > has_permission_on :publishers, :to => [:manage,:read] > > end > > > > role :author, :title => "Author" do > > description "The default role for Author" > > has_permission_on [:publishers,:subjects,:courses], :to => [:new, > > :create,:show,:edit] > > end > > > > role :admin do > > has_permission_on :publishers, :to => :manage > > #has_permission_on [:publishers], :to => [:index, :show, :new, :create, > > :edit, :update, :destroy] > > end > > end > > > > privileges do > > > > privilege :manage, :includes => [:create, :read, :update, :delete] > > privilege :read, :includes => [:index, :show] > > privilege :create, :includes => :new > > privilege :update, :includes => :edit > > privilege :delete, :includes => :destroy > > end > > > > In my controller > > > > class PublishersController < ApplicationController > > filter_access_to :index, :require => :read > > > > Please see where i went wrong. > > Well you never told us what wrong behavior you are seeing. > > However, I notice that: > > > role :guest do > > has_permission_on :publishers, :to => [:manage,:read] > > end > > is inconsistent with: > > > When a guest logs in he has an authority to view, edit and show,create > but > > not delete a publisher. > > Since the :manage privilege seems to be set up to give all permissions. > > Perhaps you meant > > role :guest do > has_permission_on :publishers, :to => [:read, :create, :update] > end > > > > -- > Rick DeNatale > > Blog: http://talklikeaduck.denhaven2.com/ > Twitter: http://twitter.com/RickDeNatale > WWR: http://www.workingwithrails.com/person/9021-rick-denatale > LinkedIn: http://www.linkedin.com/in/rickdenatale > > -- > > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org> > . > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.