Authlogic with declarative authorization

Rails
1

Hi Everybody,

I am working on authlogic with declarative authorization.

I created the authorization rules for guest, admin and superadmin.

I have publishers and subjects after one logs in.

When a guest logs in he has an authority to view, edit and show,create
but
not delete a publisher.

When i used the declarative authorization, filter_access_to … I am
restricting entire publishers and subjects page.

I want the page to be shown.

Here is my authorization rules page

authorization do

role :guest do
has_permission_on :publishers, :to => [:manage,:read]
end

role :author, :title => “Author” do
description “The default role for Author”
has_permission_on [:publishers,:subjects,:courses], :to => [:new,
:create,:show,:edit]
end

role :admin do
has_permission_on :publishers, :to => :manage
#has_permission_on [:publishers], :to => [:index, :show, :new, :create,
:edit, :update, :destroy]
end
end

privileges do

privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end

In my controller

class PublishersController < ApplicationController
filter_access_to :index, :require => :read

Please see where i went wrong.

Thanks in advance.

You received this message because you are subscribed to the Google
Groups “Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

2

On Fri, Jan 1, 2010 at 2:21 AM, Rails ROR [email protected]
wrote:

 has_permission_on :publishers, :to => [:manage,:read]

#has_permission_on [:publishers], :to => [:index, :show, :new, :create,
privilege :delete, :includes => :destroy
end

In my controller

class PublishersController < ApplicationController
filter_access_to :index, :require => :read

Please see where i went wrong.

Well you never told us what wrong behavior you are seeing.

However, I notice that:

role :guest do
has_permission_on :publishers, :to => [:manage,:read]
end

is inconsistent with:

When a guest logs in he has an authority to view, edit and show,create but
not delete a publisher.

Since the :manage privilege seems to be set up to give all permissions.

Perhaps you meant

role :guest do
has_permission_on :publishers, :to => [:read, :create, :update]
end


Rick DeNatale

Blog: http://talklikeaduck.denhaven2.com/
Twitter: http://twitter.com/RickDeNatale
WWR: http://www.workingwithrails.com/person/9021-rick-denatale
LinkedIn: Rick DeNatale - Developer - IBM | LinkedIn

You received this message because you are subscribed to the Google
Groups “Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

3

Hello

I have only 2 roles

  1. admin and the other is the author

This is my authorization_roles.rb file

role :author, :title => “Author” do
description “The default role for Author”
has_permission_on [:publishers,:subjects,:courses], :to => [:new,
:create,:show]

end

role :admin do
has_permission_on :publishers, :to => :manage
#has_permission_on [:publishers], :to => [:index, :show, :new, :create,
:edit, :update, :destroy]
end
end

privileges do

privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy

When i log in with the admin credentials i am restricted to delete a
record
inspite of me having a permission to delete a record.
How are the roles identified?
Do i need to write any code in the controller that identifies the author
and
the admin

In the controller i just wrote filter_access method.

Am i missing something?

Please please… help me

Thankyou.
On Fri, Jan 1, 2010 at 6:51 AM, Rick DeNatale
[email protected]wrote:

but

role :admin do
privilege :create, :includes => :new

When a guest logs in he has an authority to view, edit and show,create

You received this message because you are subscribed to the Google
Groups “Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

4

Hi,

Oops! sorry that i couldn’t post you the exact details.

When i log in as the admin , i should be able to perform all the
operations
but some how the admin is also restricted to perform a new or a create
action.

I even tried with acl9. I think i am missing some basic point. Please
tell
me that.

Here is my publishers controller[ this is using acl9]

access_control :acl do
allow :admin
allow all, :to => [:index, :show]
allow :author, :of => Publisher, :to => [:new, :create]
end

but when i run the application and log in as an admin. I am restricted
to
create a new publisher. Am i missing out any point. Sorry i may be silly
but
please help me in this.

Using declarative_authorization also, when i log in as an admin i am
restricted to access the publisher page.
What i need is to login with different roles and perform their actions
only.

Hope i am not confusing this…

Thanks and waiting for your reply.
On Fri, Jan 1, 2010 at 6:51 AM, Rick DeNatale
[email protected]wrote:

but

role :admin do
privilege :create, :includes => :new

When a guest logs in he has an authority to view, edit and show,create

You received this message because you are subscribed to the Google
Groups “Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.