Declarative_Autorización contiene y sus recursos heredados.

Question

Tengo RAILS3 APP con Declarative_Authorization e inhered_resources gemas instaladas.Déjame mostrarte un código de mi aplicación:

class Blog < ActiveRecord::Base
  has_many :posts
  has_many :memberships, :class_name => "BlogMembership"

  has_many :subscribers, :through => :memberships, :source => :user, :conditions => "blog_memberships.membership_type = #{BlogMembership::SUBSCRIBER} or blog_memberships.membership_type = #{BlogMembership::AUTHOR} or blog_memberships.membership_type = #{BlogMembership::MODERATOR}"
  has_many :authors, :through => :memberships, :source => :user, :conditions => "blog_memberships.membership_type = #{BlogMembership::AUTHOR} or blog_memberships.membership_type = #{BlogMembership::MODERATOR}"
  has_many :moderators, :through => :memberships, :source => :user, :conditions => "blog_memberships.membership_type = #{BlogMembership::MODERATOR}"
end


class Post < ActiveRecord::Base
  belongs_to :blog, :counter_cache => true
  belongs_to :author, :class_name => "User", :foreign_key => "user_id"
end


class BlogMembership < ActiveRecord::Base
  belongs_to :user
  belongs_to :blog

  # Membership types:
  SUBSCRIBER = 0
  AUTHOR = 1
  MODERATOR = 2
end

Mis reglas de autorización:

authorization do
  role :guest do
    description "Not logged in users and users not assigned to any group"

    ##### Blogs and Posts
    has_permission_on :blogs, :to => [ :read, :list ]

    has_permission_on :posts, :to => [ :read, :feed ]
    has_permission_on :posts, :to => :flag if User.current
  end

  role :admin do
    description "Administrators"
    has_omnipotence # Can manage all
  end

  role :moderator do
    description "Blog moderators"

    includes [ :guest, :blogger ]

    has_permission_on :posts, :to => :manage do
      if_attribute :blog => { :moderators => contains { user } }
    end
  end

  role :blogger do
    description "Blog authors"

    includes :guest
    has_permission_on :posts, :to => :create do
      if_attribute :blog => { :authors => contains { user } }
    end
    has_permission_on :posts, :to => :manage do
      if_attribute :author => is { user }
    end
  end
end

privileges do
  # default privilege hierarchies to facilitate RESTful Rails apps
  privilege :manage, :includes => [:create, :read, :update, :delete]
  privilege :read, :includes => [:index, :show]
  privilege :create, :includes => :new
  privilege :update, :includes => :edit
  privilege :delete, :includes => :destroy
end

en publicaciones / index.html.haml i use

- if permitted_to? :create, :posts
  .button.add-post
    = link_to "New post", new_resource_path

y en mi posts_controller

class PostsController < InheritedResources::Base
  respond_to :html

  belongs_to :blog
  filter_access_to :all
end

se ve bien, pero no funciona: (

El usuario de la prueba tiene el papel del moderador con la membresía del moderador para uno de los blogs, pero sin ninguna membresía en el segundo blog.

Con las siguientes reglas y código, cualquier usuario con el rol de los moderadores puede crear una publicación en cualquier blog.

¿Podría decirme por favor - lo que necesito para cambiar para permitir que solo los autores de blog y el moderador envíen publicaciones a los blogs, pero no a los otros blogs?

Answer 1

Not so elegant way, but i solved it with following:

1. changed access filter in posts_controller:

   filter_resource_access :nested_in => :blog

2. Added method to posts controller

   protected

   def new_post_for_collection @post = Blog.find(params[:blog_id]).posts.new end

3. Changes in index.html.haml

   • if permitted_to? :create, @post .button.add-post = link_to "New post", new_resource_path