I am working on authlogic with declarative authorization.
I created the authorization rules for guest, admin and superadmin.
I have publishers and subjects after one logs in.
When a guest logs in he has an authority to view, edit and show,create but not delete a publisher.
When i used the declarative authorization, filter_access_to … I am restricting entire publishers and subjects page.
I want the page to be shown.
Here is my authorization rules page
role :guest do
has_permission_on :publishers, :to => [:manage,:read]
role :author, :title => “Author” do
description “The default role for Author”
has_permission_on [:publishers,:subjects,:courses], :to => [:new, :create,:show,:edit]
role :admin do
has_permission_on :publishers, :to => :manage
#has_permission_on [:publishers], :to => [:index, :show, :new, :create, :edit, :update, :destroy]
privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
In my controller
class PublishersController < ApplicationController
filter_access_to :index, :require => :read
Please see where i went wrong.
Thanks in advance.