Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>I found an alternative solution using the built in if-attribute method. I originally moved away from it because I was using non-namespaced models and namespaced controllers and views. This structure is an artifact form the original version of the project I am working on. Most of my work has been getting declarative authorization to deal with this structure.</p> <p>The major piece of information that was not clear to me was how to name the permissions in a partially namespaced environment. The model expected the model name (:people), the controller expected the namespace and the model (:staff_people), and the views didn't care as long as you picked one. The solution I picked was to use the model name and explicitly set the context in every controller. If the context is not set in the controller, using filter_access_to does not work because it would be looking for the staff_people permission rather than the correct permission, people.</p> <p>In the declarative authorization config file, I am giving full permissions to administration and partial permissions to supervisor. person.supervised returns an array of itself and all other supervised people. </p> <pre><code>roles do role :administrator has_permission_on :people, :to =&gt; [:create, :read, :update, :delete] end role :supervisor has_permission_on :people do to =&gt; [:create, :read, :update, :delete] if_attribute :id =&gt; is_in { Person.find_by_user_id(user.id).supervised } end end end </code></pre> <p>To access this information in a Namespaced controller, I am using filer_resource_access. </p> <pre><code>module Staff class PeopleController &lt; ApplicationController filter_resource_access :context =&gt; :people def index @people = People.with_permissions_to(:read) end </code></pre> <p>I found that using</p> <pre><code>filter_access_to :all, :with_attribute =&gt; true </code></pre> <p>did not work for methods that need to use with_permissions_to and an if_attribute permission. I am not sure why this was a problem</p> <p>It is still necessary to use filter_access_to for nonstandard controller actions that do not include an id fetching a single record as part of the arguments. For example, if an action called part_timers returns a list of people, this solution seems like it should work:</p> <pre><code>filter_resource_access :context =&gt; :people, :additional_member =&gt; { :part_timers =&gt; :read } </code></pre> <p>The correct solution is to keep the filter_resource_access as is and add a filter_access_to for that action</p> <pre><code>filter_resource_access :context =&gt; :people fitler_access_to :part_timers, :required =&gt; :read, :context =&gt; people </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload