authlogic with declarative authorization

Hi Everybody,

I am working on authlogic with declarative authorization.

I created the authorization rules for guest, admin and superadmin.

I have publishers and subjects after one logs in.

When a guest logs in he has an authority to view, edit and show,create but not delete a publisher.

When i used the declarative authorization, filter_access_to … I am restricting entire publishers and subjects page.

I want the page to be shown.

Here is my authorization rules page

authorization do

role :guest do
has_permission_on :publishers, :to => [:manage,:read]
end

role :author, :title => “Author” do
description “The default role for Author”
has_permission_on [:publishers,:subjects,:courses], :to => [:new, :create,:show,:edit]
end

role :admin do
has_permission_on :publishers, :to => :manage
#has_permission_on [:publishers], :to => [:index, :show, :new, :create, :edit, :update, :destroy]
end
end

privileges do

privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end

In my controller

class PublishersController < ApplicationController
filter_access_to :index, :require => :read

Please see where i went wrong.

Thanks in advance.

Hi Everybody,

I am working on authlogic with declarative authorization.

I created the authorization rules for guest, admin and superadmin.

I have publishers and subjects after one logs in.

When a guest logs in he has an authority to view, edit and show,create but
not delete a publisher.

When i used the declarative authorization, filter_access_to ... I am
restricting entire publishers and subjects page.

I want the page to be shown.

Here is my authorization rules page

authorization do

role :guest do
has_permission_on :publishers, :to => [:manage,:read]
end

role :author, :title => "Author" do
description "The default role for Author"
has_permission_on [:publishers,:subjects,:courses], :to => [:new,
:create,:show,:edit]
end

role :admin do
has_permission_on :publishers, :to => :manage
#has_permission_on [:publishers], :to => [:index, :show, :new, :create,
:edit, :update, :destroy]
end
end

privileges do

privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end

In my controller

class PublishersController < ApplicationController
filter_access_to :index, :require => :read

Please see where i went wrong.

Well you never told us what wrong behavior you are seeing.

However, I notice that:

   role :guest do
     has_permission_on :publishers, :to => [:manage,:read]
   end

is inconsistent with:

When a guest logs in he has an authority to view, edit and show,create but
not delete a publisher.

Since the :manage privilege seems to be set up to give all permissions.

Perhaps you meant

  role :guest do
     has_permission_on :publishers, :to => [:read, :create, :update]
  end

Hi,

Oops! sorry that i couldn’t post you the exact details.

When i log in as the admin , i should be able to perform all the operations but some how the admin is also restricted to perform a new or a create action.

I even tried with acl9. I think i am missing some basic point. Please tell me that.

Here is my publishers controller[ this is using acl9]

access_control :acl do
allow :admin
allow all, :to => [:index, :show]
allow :author, :of => Publisher, :to => [:new, :create]
end

but when i run the application and log in as an admin. I am restricted to create a new publisher. Am i missing out any point. Sorry i may be silly but please help me in this.

Using declarative_authorization also, when i log in as an admin i am restricted to access the publisher page.
What i need is to login with different roles and perform their actions only.

Hope i am not confusing this…

Thanks and waiting for your reply.

Hello

I have only 2 roles

  1. admin and the other is the author

This is my authorization_roles.rb file

role :author, :title => “Author” do
description “The default role for Author”
has_permission_on [:publishers,:subjects,:courses], :to => [:new, :create,:show]

end

role :admin do
has_permission_on :publishers, :to => :manage
#has_permission_on [:publishers], :to => [:index, :show, :new, :create, :edit, :update, :destroy]
end
end

privileges do

privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy

When i log in with the admin credentials i am restricted to delete a record inspite of me having a permission to delete a record.
How are the roles identified?
Do i need to write any code in the controller that identifies the author and the admin

In the controller i just wrote filter_access method.

Am i missing something?

Please please… help me

Thankyou.