Hi Everybody,
I am working on authlogic with declarative authorization.
I created the authorization rules for guest, admin and superadmin.
I have publishers and subjects after one logs in.
When a guest logs in he has an authority to view, edit and show,create but
not delete a publisher.
When i used the declarative authorization, filter_access_to ... I am
restricting entire publishers and subjects page.
I want the page to be shown.
Here is my authorization rules page
authorization do
role :guest do
has_permission_on :publishers, :to => [:manage,:read]
end
role :author, :title => "Author" do
description "The default role for Author"
has_permission_on [:publishers,:subjects,:courses], :to => [:new,
:create,:show,:edit]
end
role :admin do
has_permission_on :publishers, :to => :manage
#has_permission_on [:publishers], :to => [:index, :show, :new, :create,
:edit, :update, :destroy]
end
end
privileges do
privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end
In my controller
class PublishersController < ApplicationController
filter_access_to :index, :require => :read
Please see where i went wrong.
Thanks in advance.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
On Fri, Jan 1, 2010 at 2:21 AM, Rails ROR <developrails-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi Everybody, > > I am working on authlogic with declarative authorization. > > I created the authorization rules for guest, admin and superadmin. > > I have publishers and subjects after one logs in. > > When a guest logs in he has an authority to view, edit and show,create but > not delete a publisher. > > When i used the declarative authorization, filter_access_to ... I am > restricting entire publishers and subjects page. > > I want the page to be shown. > > Here is my authorization rules page > > authorization do > > role :guest do > has_permission_on :publishers, :to => [:manage,:read] > end > > role :author, :title => "Author" do > description "The default role for Author" > has_permission_on [:publishers,:subjects,:courses], :to => [:new, > :create,:show,:edit] > end > > role :admin do > has_permission_on :publishers, :to => :manage > #has_permission_on [:publishers], :to => [:index, :show, :new, :create, > :edit, :update, :destroy] > end > end > > privileges do > > privilege :manage, :includes => [:create, :read, :update, :delete] > privilege :read, :includes => [:index, :show] > privilege :create, :includes => :new > privilege :update, :includes => :edit > privilege :delete, :includes => :destroy > end > > In my controller > > class PublishersController < ApplicationController > filter_access_to :index, :require => :read > > Please see where i went wrong.Well you never told us what wrong behavior you are seeing. However, I notice that:> role :guest do > has_permission_on :publishers, :to => [:manage,:read] > endis inconsistent with:> When a guest logs in he has an authority to view, edit and show,create but > not delete a publisher.Since the :manage privilege seems to be set up to give all permissions. Perhaps you meant role :guest do has_permission_on :publishers, :to => [:read, :create, :update] end -- Rick DeNatale Blog: http://talklikeaduck.denhaven2.com/ Twitter: http://twitter.com/RickDeNatale WWR: http://www.workingwithrails.com/person/9021-rick-denatale LinkedIn: http://www.linkedin.com/in/rickdenatale -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Hi, Oops! sorry that i couldn''t post you the exact details. When i log in as the admin , i should be able to perform all the operations but some how the admin is also restricted to perform a new or a create action. I even tried with acl9. I think i am missing some basic point. Please tell me that. Here is my publishers controller[ this is using acl9] access_control :acl do allow :admin allow all, :to => [:index, :show] allow :author, :of => Publisher, :to => [:new, :create] end but when i run the application and log in as an admin. I am restricted to create a new publisher. Am i missing out any point. Sorry i may be silly but please help me in this. Using declarative_authorization also, when i log in as an admin i am restricted to access the publisher page. What i need is to login with different roles and perform their actions only. Hope i am not confusing this...... Thanks and waiting for your reply. On Fri, Jan 1, 2010 at 6:51 AM, Rick DeNatale <rick.denatale-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>wrote:> On Fri, Jan 1, 2010 at 2:21 AM, Rails ROR <developrails-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > Hi Everybody, > > > > I am working on authlogic with declarative authorization. > > > > I created the authorization rules for guest, admin and superadmin. > > > > I have publishers and subjects after one logs in. > > > > When a guest logs in he has an authority to view, edit and show,create > but > > not delete a publisher. > > > > When i used the declarative authorization, filter_access_to ... I am > > restricting entire publishers and subjects page. > > > > I want the page to be shown. > > > > Here is my authorization rules page > > > > authorization do > > > > role :guest do > > has_permission_on :publishers, :to => [:manage,:read] > > end > > > > role :author, :title => "Author" do > > description "The default role for Author" > > has_permission_on [:publishers,:subjects,:courses], :to => [:new, > > :create,:show,:edit] > > end > > > > role :admin do > > has_permission_on :publishers, :to => :manage > > #has_permission_on [:publishers], :to => [:index, :show, :new, :create, > > :edit, :update, :destroy] > > end > > end > > > > privileges do > > > > privilege :manage, :includes => [:create, :read, :update, :delete] > > privilege :read, :includes => [:index, :show] > > privilege :create, :includes => :new > > privilege :update, :includes => :edit > > privilege :delete, :includes => :destroy > > end > > > > In my controller > > > > class PublishersController < ApplicationController > > filter_access_to :index, :require => :read > > > > Please see where i went wrong. > > Well you never told us what wrong behavior you are seeing. > > However, I notice that: > > > role :guest do > > has_permission_on :publishers, :to => [:manage,:read] > > end > > is inconsistent with: > > > When a guest logs in he has an authority to view, edit and show,create > but > > not delete a publisher. > > Since the :manage privilege seems to be set up to give all permissions. > > Perhaps you meant > > role :guest do > has_permission_on :publishers, :to => [:read, :create, :update] > end > > > > -- > Rick DeNatale > > Blog: http://talklikeaduck.denhaven2.com/ > Twitter: http://twitter.com/RickDeNatale > WWR: http://www.workingwithrails.com/person/9021-rick-denatale > LinkedIn: http://www.linkedin.com/in/rickdenatale > > -- > > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org> > . > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Hello
I have only 2 roles
1. admin and the other is the author
This is my authorization_roles.rb file
role :author, :title => "Author" do
description "The default role for Author"
has_permission_on [:publishers,:subjects,:courses], :to => [:new,
:create,:show]
end
role :admin do
has_permission_on :publishers, :to => :manage
#has_permission_on [:publishers], :to => [:index, :show, :new, :create,
:edit, :update, :destroy]
end
end
privileges do
privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
When i log in with the admin credentials i am restricted to delete a record
inspite of me having a permission to delete a record.
How are the roles identified?
Do i need to write any code in the controller that identifies the author and
the admin
In the controller i just wrote filter_access method.
Am i missing something?
Please please......... help me
Thankyou.
On Fri, Jan 1, 2010 at 6:51 AM, Rick DeNatale
<rick.denatale-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>wrote:
> On Fri, Jan 1, 2010 at 2:21 AM, Rails ROR
<developrails-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > Hi Everybody,
> >
> > I am working on authlogic with declarative authorization.
> >
> > I created the authorization rules for guest, admin and superadmin.
> >
> > I have publishers and subjects after one logs in.
> >
> > When a guest logs in he has an authority to view, edit and show,create
> but
> > not delete a publisher.
> >
> > When i used the declarative authorization, filter_access_to ... I am
> > restricting entire publishers and subjects page.
> >
> > I want the page to be shown.
> >
> > Here is my authorization rules page
> >
> > authorization do
> >
> > role :guest do
> > has_permission_on :publishers, :to => [:manage,:read]
> > end
> >
> > role :author, :title => "Author" do
> > description "The default role for Author"
> > has_permission_on [:publishers,:subjects,:courses], :to =>
[:new,
> > :create,:show,:edit]
> > end
> >
> > role :admin do
> > has_permission_on :publishers, :to => :manage
> > #has_permission_on [:publishers], :to => [:index, :show, :new,
:create,
> > :edit, :update, :destroy]
> > end
> > end
> >
> > privileges do
> >
> > privilege :manage, :includes => [:create, :read, :update,
:delete]
> > privilege :read, :includes => [:index, :show]
> > privilege :create, :includes => :new
> > privilege :update, :includes => :edit
> > privilege :delete, :includes => :destroy
> > end
> >
> > In my controller
> >
> > class PublishersController < ApplicationController
> > filter_access_to :index, :require => :read
> >
> > Please see where i went wrong.
>
> Well you never told us what wrong behavior you are seeing.
>
> However, I notice that:
>
> > role :guest do
> > has_permission_on :publishers, :to => [:manage,:read]
> > end
>
> is inconsistent with:
>
> > When a guest logs in he has an authority to view, edit and show,create
> but
> > not delete a publisher.
>
> Since the :manage privilege seems to be set up to give all permissions.
>
> Perhaps you meant
>
> role :guest do
> has_permission_on :publishers, :to => [:read, :create, :update]
> end
>
>
>
> --
> Rick DeNatale
>
> Blog: http://talklikeaduck.denhaven2.com/
> Twitter: http://twitter.com/RickDeNatale
> WWR: http://www.workingwithrails.com/person/9021-rick-denatale
> LinkedIn: http://www.linkedin.com/in/rickdenatale
>
> --
>
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
>
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
> .
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-talk?hl=en.
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.