Databases
StackOverflow2013
Postsdbo
POissue with acl9 plugin
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POissue with acl9 plugin
    text
    copied!<p>I am trying to allow users with role "corporate" to access their own company. Currently a user with that role gets blocked.</p> <p>If i login as admin or change the access control to allow all, it works fine. The issue is pertaining to Corporate user role having a company.</p> <p>here is all the code <a href="http://pastie.org/672733" rel="nofollow noreferrer">http://pastie.org/672733</a></p> <p>User controller</p> <pre><code>class UsersController &lt; ApplicationController # GET /users # GET /users.xml before_filter :load_user_index, :only =&gt; ['index' ] access_control do allow :admin end before_filter :load_user, :only =&gt; ['show', 'destroy', 'edit' ] access_control do allow :admin end before_filter :load_user_manage, :only =&gt; [ 'create', 'new', 'update', 'destroy' ] access_control do allow :admin end def index respond_to do |format| format.html # index.html.erb format.xml { render :xml =&gt; @users } end end # GET /users/1 # GET /users/1.xml def show respond_to do |format| format.html # show.html.erb format.xml { render :xml =&gt; @user } end end # GET /users/new # GET /users/new.xml def new respond_to do |format| format.html # new.html.erb format.xml { render :xml =&gt; @user } end end # GET /users/1/edit def edit end # POST /users # POST /users.xml def create respond_to do |format| if @user.role == "Admin" @user.has_role! :admin end if @user.role == "Corporate" @user.has_role!(:corporate, @company) end if @user.role == "Regional" @user.has_role!(:regional, @company) end if @user.save flash[:notice] = "User #{@user.username} was successfully created." format.html { redirect_to(:action =&gt;'index') } format.xml { render :xml =&gt; @user, :status =&gt; :created, :location =&gt; @user } else format.html { render :action =&gt; "new" } format.xml { render :xml =&gt; @user.errors, :status =&gt; :unprocessable_entity } end end end # PUT /users/1 # PUT /users/1.xml def update respond_to do |format| if @user.update_attributes(params[:user]) flash[:notice] = 'User #{@user.username} was successfully updated.' format.html { redirect_to(:action =&gt;'index') } format.xml { head :ok } else format.html { render :action =&gt; "edit" } format.xml { render :xml =&gt; @user.errors, :status =&gt; :unprocessable_entity } end end end # DELETE /users/1 # DELETE /users/1.xml def destroy begin @user.destroy flash[:notice] = "User #{@user.username} deleted" rescue Exception =&gt; e flash[:notice] = e.message end respond_to do |format| format.html { redirect_to(users_url) } format.xml { head :ok } end end private def load_user @company = Company.find(params[:company_id]) @user = User.find(params[:id]) end def load_user_index @company = Company.find(params[:company_id]) @users = @company.users end def load_user_manage @company = Company.find(params[:company_id]) @user = @company.users.build(params[:user]) end end </code></pre> <p>Application controller</p> <pre><code>def current_user @current_user ||= User.find(session[:user_id]) end </code></pre> <p>Company Controller</p> <pre><code>class CompaniesController &lt; ApplicationController # GET /companies # GET /companies.xml before_filter :load_company_index, :only =&gt; ['index'] access_control do allow :admin end before_filter :load_company, :only =&gt; ["show", "edit", "update", "create", "new", "destroy"] access_control do allow :admin allow :corporate, :of =&gt; :company, :to =&gt; ["show", "edit", "update", "create", "new", "destroy"] end def index respond_to do |format| format.html # index.html.erb format.xml { render :xml =&gt; @companies } end end # GET /companies/1 # GET /companies/1.xml def show respond_to do |format| format.html # show.html.erb format.xml { render :xml =&gt; @company } end end # GET /companies/new # GET /companies/new.xml def new @company = Company.new respond_to do |format| format.html # new.html.erb format.xml { render :xml =&gt; @company } end end # GET /companies/1/edit def edit end # POST /companies # POST /companies.xml def create @company = Company.new(params[:company]) respond_to do |format| if @company.save flash[:notice] = 'Company was successfully created.' format.html { redirect_to(@company) } format.xml { render :xml =&gt; @company, :status =&gt; :created, :location =&gt; @company } else format.html { render :action =&gt; "new" } format.xml { render :xml =&gt; @company.errors, :status =&gt; :unprocessable_entity } end end end # PUT /companies/1 # PUT /companies/1.xml def update respond_to do |format| if @company.update_attributes(params[:company]) flash[:notice] = 'Company was successfully updated.' format.html { redirect_to(@company) } format.xml { head :ok } else format.html { render :action =&gt; "edit" } format.xml { render :xml =&gt; @company.errors, :status =&gt; :unprocessable_entity } end end end # DELETE /companies/1 # DELETE /companies/1.xml def destroy @company.destroy respond_to do |format| format.html { redirect_to(companies_url) } format.xml { head :ok } end end private def load_company @company = Company.find(params[:id]) end def load_company_index @companies = Company.find(:all) end end </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload