Declarative Authenication, Unable to register user
https://stackoverflow.com/questions/4381657
-
09-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm using declarative authentication but when ever I' click on the link to register a user I am told you are not allow to view that page. I even get this when giving guest omnipotence.
authorization_rules
authorization do
role :guest do
has_omnipotence
#has_permission_on :channels, :to => :read
#has_permission_on :user_session, :to => [:create, :read]
#has_permission_on :users, :to => [:manage, :read, :update, :update]
end
role :admin do
has_omnipotence
end
role :moderator do
has_permission_on :channels, :to => :manage
has_permission_on :users, :to => :read
has_permission_on :messages , :to => :manage
end
end
privileges do
# default privilege hierarchies to facilitate RESTful Rails apps
privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :register, :includes => [:new, :create]
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end
users controller
class UsersController < ApplicationController
filter_resource_access
# GET /users
# GET /users.xml
def index
@users = User.all
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @users }
end
end
# GET /users/1
# GET /users/1.xml
def show
#@user = User.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @user }
end
end
# GET /users/new
# GET /users/new.xml
def new
#@user = User.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @user }
end
end
# GET /users/1/edit
def edit
#@user = User.find(params[:id])
end
def create
#@user = User.new(params[:user])
#@user.roles << 'subscriber'
@user.channels << Channel.find(1)
respond_to do |format|
if @user.save
format.html { redirect_to(:channels, :notice => 'Registration successfully.') }
format.xml { render :xml => @user, :status => :created, :location => @user }
else
format.html { render :action => "new" }
format.xml { render :xml => @user.errors, :status => :unprocessable_entity }
end
end
end
def profile
@user = User.find(params[:id])
end
# PUT /users/1
# PUT /users/1.xml
def update
#@user = current_user
respond_to do |format|
if @user.update_attributes(params[:user])
format.html { redirect_to(@user, :notice => 'User was successfully updated.') }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @user.errors, :status => :unprocessable_entity }
end
end
end
# DELETE /users/1
# DELETE /users/1.xml
def destroy
@user = User.find(params[:id])
@user.destroy
respond_to do |format|
format.html { redirect_to(users_url) }
format.xml { head :ok }
end
end
def delete
@user = User.find(params[:user_id])
@user.destroy
redirect_to :users
end
def subs
@user = User.find(params[:id])
end
end
layout view
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title><%= h(yield(:title) || "Untitled") %></title>
<%= stylesheet_link_tag 'application' %>
<%= yield(:head) %>
</head>
<body>
<ul id="nav">
<li>
<% if current_user %>
<%= link_to "Logout: " + current_user.login, :logout %>
<%else %>
<%= link_to "Login", :login %>
<% end %>
</li>
<li><%= link_to "Users", :users %></li>
<li><%= link_to "Channels", :channels %></li>
<li><%= link_to "My Profile", :profile %></li>
<li><%= link_to "My Channels", '#'%></li>
<% if current_user %>
<li></li>
<% else %>
<li> <%= link_to "Register", new_user_path %></li>
<% end %>
</ul>
<div id="container">
<%- flash.each do |name, msg| -%>
<%= content_tag :div, msg, :id => "flash_#{name}" %>
<%- end -%>
<%- if show_title? -%>
<h1><%=h yield(:title) %></h1>
<%- end -%>
<%= yield %>
</div>
</body>
</html>
Solution
Why don't you try giving explicit authorization for guests to create user?
role :guest do
has_permission_on :users, :to => [:register]
end
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
