déclaratif_authorization contient et ressources héritées
Question
J'ai des rails3 app avec déclarative_authorisation et héritéd_resources gemmes installées.Laissez-moi vous montrer du code de mon application:
class Blog < ActiveRecord::Base
has_many :posts
has_many :memberships, :class_name => "BlogMembership"
has_many :subscribers, :through => :memberships, :source => :user, :conditions => "blog_memberships.membership_type = #{BlogMembership::SUBSCRIBER} or blog_memberships.membership_type = #{BlogMembership::AUTHOR} or blog_memberships.membership_type = #{BlogMembership::MODERATOR}"
has_many :authors, :through => :memberships, :source => :user, :conditions => "blog_memberships.membership_type = #{BlogMembership::AUTHOR} or blog_memberships.membership_type = #{BlogMembership::MODERATOR}"
has_many :moderators, :through => :memberships, :source => :user, :conditions => "blog_memberships.membership_type = #{BlogMembership::MODERATOR}"
end
class Post < ActiveRecord::Base
belongs_to :blog, :counter_cache => true
belongs_to :author, :class_name => "User", :foreign_key => "user_id"
end
class BlogMembership < ActiveRecord::Base
belongs_to :user
belongs_to :blog
# Membership types:
SUBSCRIBER = 0
AUTHOR = 1
MODERATOR = 2
end
Mes règles d'autorisation:
authorization do
role :guest do
description "Not logged in users and users not assigned to any group"
##### Blogs and Posts
has_permission_on :blogs, :to => [ :read, :list ]
has_permission_on :posts, :to => [ :read, :feed ]
has_permission_on :posts, :to => :flag if User.current
end
role :admin do
description "Administrators"
has_omnipotence # Can manage all
end
role :moderator do
description "Blog moderators"
includes [ :guest, :blogger ]
has_permission_on :posts, :to => :manage do
if_attribute :blog => { :moderators => contains { user } }
end
end
role :blogger do
description "Blog authors"
includes :guest
has_permission_on :posts, :to => :create do
if_attribute :blog => { :authors => contains { user } }
end
has_permission_on :posts, :to => :manage do
if_attribute :author => is { user }
end
end
end
privileges do
# default privilege hierarchies to facilitate RESTful Rails apps
privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end
dans les messages / index.html.haml J'utilise
- if permitted_to? :create, :posts
.button.add-post
= link_to "New post", new_resource_path
et dans mes messages_controller
class PostsController < InheritedResources::Base
respond_to :html
belongs_to :blog
filter_access_to :all
end
semble bon, mais ne fonctionne pas: (
L'utilisateur de test a le rôle de modérateur avec l'adhésion du modérateur pour l'un des blogs, mais sans adhésion au deuxième blog.
avec les règles et le code suivant tout utilisateur avec le rôle de modérateurs peut créer un article dans n'importe quel blog.
Pourriez-vous me dire s'il vous plaît - ce que je dois changer pour autoriser uniquement les auteurs de blogs et le modérateur à envoyer des messages sur les blogs, mais pas sur les autres blogs?
La solution
Not so elegant way, but i solved it with following:
changed access filter in posts_controller:
filter_resource_access :nested_in => :blog
Added method to posts controller
protected
def new_post_for_collection @post = Blog.find(params[:blog_id]).posts.new end
Changes in index.html.haml
- if permitted_to? :create, @post .button.add-post = link_to "New post", new_resource_path