Forum: Ruby on Rails restful urls and has_permission?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Patrick A. (Guest)
on 2007-06-08 22:27
(Received via mailing list)
hey all,

I'm using simple_access_control this way:

<%= link_to 'list', :controller=>'profiles',:action=>'list'  if
has_permission?('admin')%>

and now that I'm using restful path it doesn't seem to work anymore:

<%= link_to 'list', list_profiles_path  if has_permission?('admin')%>

anyone had the same problem and found a workaround?


thanx in advance

Pat
Rick O. (Guest)
on 2007-06-09 01:37
(Received via mailing list)
On 6/8/07, Patrick A. <removed_email_address@domain.invalid> wrote:
> <%= link_to 'list', list_profiles_path  if has_permission?('admin')%>
>
> anyone had the same problem and found a workaround?

You didn't give an error message, so there's no way to tell, but I'd
guess that your given route doesn't exist.  Read the docs for an
overview of the routes that map.resources creates:
http://rails.rubyonrails.org/classes/ActionControl...

--
Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com
Patrick A. (Guest)
on 2007-06-09 07:00
(Received via mailing list)
On 6/8/07, Rick O. <removed_email_address@domain.invalid> wrote:
> You didn't give an error message, so there's no way to tell, but I'd
> guess that your given route doesn't exist.  Read the docs for an
> overview of the routes that map.resources creates:
> http://rails.rubyonrails.org/classes/ActionControl...

I do have this in my route:
  map.resources :shootings, :collection =>{:list => :get, :search =>
:get}

should I add something? I don't have any error from the log.
Patrick A. (Guest)
on 2007-06-09 07:01
(Received via mailing list)
On 6/8/07, Patrick A. <removed_email_address@domain.invalid> wrote:
> I do have this in my route:
>   map.resources :shootings, :collection =>{:list => :get, :search => :get}

I meant:
  map.resources :profiles, :collection =>{:list => :get, :search =>
:get}
Trevor S. (Guest)
on 2007-06-09 08:10
(Received via mailing list)
Patrick,

it's definitely helpful to see the map.resources call you're making
(and I assume that's literally what you've right?  As in, you're not
failing to tell us that it's a nested resource or something?).

Even so, this isn't enough information to go on.  You need to supply
details of any error messages and any other clues about what happens
when list_profiles_path() executes.

"doesn't work any more" is too vague I'm afraid.

Regards,
Trevor

On 6/8/07, Patrick A. <removed_email_address@domain.invalid> wrote:
>
> On 6/8/07, Patrick A. <removed_email_address@domain.invalid> wrote:
> > I do have this in my route:
> >   map.resources :shootings, :collection =>{:list => :get, :search => :get}
>
> I meant:
>   map.resources :profiles, :collection =>{:list => :get, :search => :get}
>
> >
>


--
--
Trevor S.
http://somethinglearned.com
Patrick A. (Guest)
on 2007-06-09 09:07
(Received via mailing list)
There isn't any error message, it's just that when I use:

<%= link_to 'list', :controller=>'profiles',:action=>'list'  if
has_permission?('admin')%>

the link is not display if the current_user is not part of the admin
role. But when I use:

<%= link_to 'list', list_profiles_path  if has_permission?('admin')%>

the link is displayed whether the current_user is part or not of the
admin role. I couldn't spot any error message :/

> failing to tell us that it's a nested resource or something?).
No it's not a nested resource.

thanx in advance

Pat
Trevor S. (Guest)
on 2007-06-09 09:27
(Received via mailing list)
Okay, this does seem odd.

If you try:

<%= link_to 'list', list_profiles_path if false %>

and the link does *not* get displayed then your assumptions about
has_permission?(:admin) are wrong because clearly it's returning true
when you don't expect.

however, if it *does* display the link then you seem to have some
strange parsing problem (that doesn't make sense to me).  Try changing
it to this:

<%= link_to('list', list_profiles_path) if has_permission?(:admin) %>

HTH,
Trevor

On 6/8/07, Patrick A. <removed_email_address@domain.invalid> wrote:
>
> >
>


--
--
Trevor S.
http://somethinglearned.com
Patrick A. (Guest)
on 2007-06-09 19:07
(Received via mailing list)
On 6/9/07, Trevor S. <removed_email_address@domain.invalid> wrote:
>
> Okay, this does seem odd.
>
> If you try:
>
> <%= link_to 'list', list_profiles_path if false %>
>
> and the link does *not* get displayed then your assumptions about
> has_permission?(:admin) are wrong because clearly it's returning true
> when you don't expect.

The link doesn't get display if I put "false".

> however, if it *does* display the link then you seem to have some
> strange parsing problem (that doesn't make sense to me).  Try changing
> it to this:
>
> <%= link_to('list', list_profiles_path) if has_permission?(:admin) %>

doesn't solve the problem :/
maybe it's because the plugin I'm using is kind of old (08/2006) and
can't parse restful path?
(http://mabs29.googlecode.com/svn/trunk/plugins/sim...)
Rick O. (Guest)
on 2007-06-09 19:49
(Received via mailing list)
> > <%= link_to('list', list_profiles_path) if has_permission?(:admin) %>
>
> doesn't solve the problem :/
> maybe it's because the plugin I'm using is kind of old (08/2006) and
> can't parse restful path?
> (http://mabs29.googlecode.com/svn/trunk/plugins/sim...)

It's an if loop, you need to verify that has_permission? is working.
Trevor's "if false" trick proved that the syntax and the link are
correct.

--
Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com
Patrick A. (Guest)
on 2007-06-09 20:09
(Received via mailing list)
On 6/9/07, Rick O. <removed_email_address@domain.invalid> wrote:
> It's an if loop, you need to verify that has_permission? is working.
> Trevor's "if false" trick proved that the syntax and the link are
> correct.

Well, it looks like has_permission? is not working with restful path,
this is why I asked in my initial post if any of you using the
simple_access_control plugin had the same problem  with
has_permission? and restful path, sorry if I didn't make it very
clear. If you're not using simple_access_control then I guess you
can't help me on that issue (unless you install it and test it for me
:).
dima (Guest)
on 2007-06-10 00:13
(Received via mailing list)
As we come to the point where it is determined that has_permission? is
not behaving as expected.
The most reasonable thing you can do is to do a little debugging to
determine what's happening.

I do not use simple_access_control, but if you find the cause for this
behavior and way to fix it the community will appreciate your effort.
dima (Guest)
on 2007-06-10 00:16
(Received via mailing list)
Today I find the http://unroller.rubyforge.org/ - Ruby Unroller is a
tool for generating human-readable "execution traces". While it is
enabled, it will watch every Ruby statement and method call that gets
executed and will display the source code on your screen in real-time
as it is being executed.

Perhaps you will get a better view on what is going on in your app.
Patrick A. (Guest)
on 2007-06-10 02:43
(Received via mailing list)
On 6/9/07, dima <removed_email_address@domain.invalid> wrote:
>
> As we come to the point where it is determined that has_permission? is
> not behaving as expected.
> The most reasonable thing you can do is to do a little debugging to
> determine what's happening.

Actually that's the first thing I did before posting to the list but
the code was a little scriptic for a noob like me so I asked to the
list :-). I'm gonna give it another try though.
Patrick A. (Guest)
on 2007-06-10 02:44
(Received via mailing list)
On 6/9/07, Patrick A. <removed_email_address@domain.invalid> wrote:
> Actually that's the first thing I did before posting to the list but
> the code was a little scriptic

I meant cryptic of course :-)
dima (Guest)
on 2007-06-10 23:32
(Received via mailing list)
The SimpleAccessControl code snippet shows that it depend on
user.roles data.
I spouses that you do the installation procedure described in Readme
file.
But in any case check the data in database and check the
SimpleAccessControl:: AccessControlHandler#check method :-)

# The heart of the system, all credit to Ezra for the original
algorithm
# Defaults to false if there is no user or that user does not have a
roles association
# Defaults to true if the role is blank
    def check(role, user)
      return(false) if user.blank? || !user.respond_to?(:roles)
      return(true) if role.blank?
      user.roles.map{ |r| r.title.downcase }.include? role.downcase
    end

On Jun 10, 12:42 am, "Patrick A." <removed_email_address@domain.invalid> wrote:
> On 6/9/07, Patrick A. <removed_email_address@domain.invalid> wrote:
>
> > Actually that's the first thing I did before posting to the list but
> > the code was a little scriptic
>
> I
meant cryptic of course :-)
This topic is locked and can not be replied to.