authlogic with declarative authorization

rubyonrails-talk
1

Hi Everybody,

I am working on authlogic with declarative authorization.

I created the authorization rules for guest, admin and superadmin.

I have publishers and subjects after one logs in.

When a guest logs in he has an authority to view, edit and show,create but not delete a publisher.

When i used the declarative authorization, filter_access_to … I am restricting entire publishers and subjects page.

I want the page to be shown.

Here is my authorization rules page

authorization do

role :guest do has_permission_on :publishers, :to => [:manage,:read] end

role :author, :title => “Author” do description “The default role for Author” has_permission_on [:publishers,:subjects,:courses], :to => [:new, :create,:show,:edit] end

role :admin do has_permission_on :publishers, :to => :manage #has_permission_on [:publishers], :to => [:index, :show, :new, :create, :edit, :update, :destroy] end end

privileges do

privilege :manage, :includes => [:create, :read, :update, :delete] privilege :read, :includes => [:index, :show] privilege :create, :includes => :new privilege :update, :includes => :edit privilege :delete, :includes => :destroy end

In my controller

class PublishersController < ApplicationController filter_access_to :index, :require => :read

Please see where i went wrong.

Thanks in advance.

2

Hi Everybody,

I am working on authlogic with declarative authorization.

I created the authorization rules for guest, admin and superadmin.

I have publishers and subjects after one logs in.

When a guest logs in he has an authority to view, edit and show,create but not delete a publisher.

When i used the declarative authorization, filter_access_to ... I am restricting entire publishers and subjects page.

I want the page to be shown.

Here is my authorization rules page

authorization do

role :guest do has_permission_on :publishers, :to => [:manage,:read] end

role :author, :title => "Author" do description "The default role for Author" has_permission_on [:publishers,:subjects,:courses], :to => [:new, :create,:show,:edit] end

role :admin do has_permission_on :publishers, :to => :manage #has_permission_on [:publishers], :to => [:index, :show, :new, :create, :edit, :update, :destroy] end end

privileges do

privilege :manage, :includes => [:create, :read, :update, :delete] privilege :read, :includes => [:index, :show] privilege :create, :includes => :new privilege :update, :includes => :edit privilege :delete, :includes => :destroy end

In my controller

class PublishersController < ApplicationController filter_access_to :index, :require => :read

Please see where i went wrong.

Well you never told us what wrong behavior you are seeing.

However, I notice that:

   role :guest do      has_permission_on :publishers, :to => [:manage,:read]    end

is inconsistent with:

When a guest logs in he has an authority to view, edit and show,create but not delete a publisher.

Since the :manage privilege seems to be set up to give all permissions.

Perhaps you meant

  role :guest do      has_permission_on :publishers, :to => [:read, :create, :update]   end

3

Hi,

Oops! sorry that i couldn’t post you the exact details.

When i log in as the admin , i should be able to perform all the operations but some how the admin is also restricted to perform a new or a create action.

I even tried with acl9. I think i am missing some basic point. Please tell me that.

Here is my publishers controller[ this is using acl9]

access_control :acl do allow :admin allow all, :to => [:index, :show] allow :author, :of => Publisher, :to => [:new, :create] end

but when i run the application and log in as an admin. I am restricted to create a new publisher. Am i missing out any point. Sorry i may be silly but please help me in this.

Using declarative_authorization also, when i log in as an admin i am restricted to access the publisher page. What i need is to login with different roles and perform their actions only.

Hope i am not confusing this…

Thanks and waiting for your reply.

4

Hello

I have only 2 roles

  1. admin and the other is the author

This is my authorization_roles.rb file

role :author, :title => “Author” do description “The default role for Author” has_permission_on [:publishers,:subjects,:courses], :to => [:new, :create,:show]

end

role :admin do has_permission_on :publishers, :to => :manage #has_permission_on [:publishers], :to => [:index, :show, :new, :create, :edit, :update, :destroy] end end

privileges do

privilege :manage, :includes => [:create, :read, :update, :delete] privilege :read, :includes => [:index, :show] privilege :create, :includes => :new privilege :update, :includes => :edit privilege :delete, :includes => :destroy

When i log in with the admin credentials i am restricted to delete a record inspite of me having a permission to delete a record. How are the roles identified? Do i need to write any code in the controller that identifies the author and the admin

In the controller i just wrote filter_access method.

Am i missing something?

Please please… help me

Thankyou.