Hi Everybody,
I am working on authlogic with declarative authorization.
I created the authorization rules for guest, admin and superadmin.
I have publishers and subjects after one logs in.
When a guest logs in he has an authority to view, edit and show,create
but
not delete a publisher.
When i used the declarative authorization, filter_access_to … I am
restricting entire publishers and subjects page.
I want the page to be shown.
Here is my authorization rules page
authorization do
role :guest do
has_permission_on :publishers, :to => [:manage,:read]
end
role :author, :title => “Author” do
description “The default role for Author”
has_permission_on [:publishers,:subjects,:courses], :to => [:new,
:create,:show,:edit]
end
role :admin do
has_permission_on :publishers, :to => :manage
#has_permission_on [:publishers], :to => [:index, :show, :new, :create,
:edit, :update, :destroy]
end
end
privileges do
privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end
In my controller
class PublishersController < ApplicationController
filter_access_to :index, :require => :read
Please see where i went wrong.
Thanks in advance.
–
You received this message because you are subscribed to the Google
Groups “Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.