It would be great if the instructions would cover a bit more how to use
it. I'm just fighting with it.
undefined local variable or method `error_url' is the error I have now.
And I only added before_filter :has_permission? to one controller. I'm
not so experienced with RoR but anyway...
undefined local variable or method `error_url' is the error I have now.
And I only added before_filter :has_permission? to one controller. I'm
not so experienced with RoR but anyway...
It seems as though you're using the first revision of RESTful_ACL that
expected a few named routes to exist. I've taken these requirements out
in the latest versions, so if you update the plugin you should be ready
to roll right away.
I started looking at it but decided to put it away since I'm not so
experienced.
I hope you could make some example about how to use it and integrate it
to a simple app.
The contents of the readme is pasted below (not much help there)
I started looking at it but decided to put it away since I'm not so
experienced.
I hope you could make some example about how to use it and integrate it
to a simple app.
The contents of the readme is pasted below (not much help there)
But again that's for experienced people. What kind of user model is
needed, role model? Again a simple example would be much more helpful.
undefined local variable or method `error_url'
Thas was the first problem I had. Besides not knowing how to get the
plugin in the first place since you assume that people know how to add
the repository before intalling. I didn't so I had to ask again.
Still the error_url was not fixed. Now based on some other info from the
last days it might be that I just need to create a "error" route in the
routes file and that's what you are calling. But still it requires some
further additions.
Part of your documentation is "and a smattering of mapped URLs in order
to work." Well, that's something I would really ellaborate a "bit" more.
Of course you can target your plugin to people with lot of experience
but I'm sure many people will look at the info available before deciding
to try it out.
I guess this is some feedback already
Cheers!
Good point about the readme file; I will update that with the contents
from the Google repository.
The write up says that this plugin expects that you are using the
RESTful_Authentication plugin; it creates the User model for you and
also supplies other needed methods. All you need to do is add the
before_filter to the User controller and the four CRUD functions to the
User model and RESTful_ACL is ready to work. Just follow the steps in
the Google write up and you'll be up and running in seconds.
The write up now includes directions on how to add the required named
routes to your routes.rb file.
Experience is all relative; I'd only used RoR for a few months at the
time of writing RESTful_ACL
Sorry if my question looks stupid but I am quite new with RoR, I am
looking at an ACL plugin for my projects (I have already decided for
Restful_Authentication) and I have a question about restful_acl.
Let's say that I have 2 roles : teachers and students and a note model
teacher can create, update, view, delete his notes (note the one from
an other teacher) and a student can only see his notes.
If I understood correctly in the note.rb (my model), I need to define
the 4 methods described in the plugin documentation (is_updatable, is
deletable, ...). But I am not sure how to write these method to
restrict the access depending on the note I am "evaluating and not
only the role?
def is_updatable_by(user) # note should be updatable
only by the teacher who created it
user.is_teacher? and ???
end
def self.is_readable_by(user, object = nil) # note should be
readable only by all the teachers or by the student who has this note
user.is_student? or user.eql?(object.author)
end
Thanks very much for your help.
Additional question : why are some of the method "self." and not the
others?
def is_updatable_by(user) # note should be updatable
only by the teacher who created it
user.is_teacher? and ???
end
def self.is_readable_by(user, object = nil) # note should be
readable only by all the teachers or by the student who has this note
user.is_student? or user.eql?(object.author)
end
Thanks very much for your help.
Additional question : why are some of the method "self." and not the
others?
Hi Tranquiliste, thanks for using RESTful_ACL! To answer your questions:
To restrict editing of a Note to only the Teacher who created it I would
do (in Note)
When you say 'note should be readable by the student who has this note'
I've assumed that you're linking each Note with a Student in some
fashion.
As for your last question: the is_readable_by and is_creatable_by
methods are class methods, meaning that they operate at the class level
and not with just a single object. (Note instead of note, if you get my
drift). That's where the 'self' comes into play.
Sorry to bother you again but what if several teachers can modify the
note and a teacher can modify several notes? (which means we have a
model note-owner?)
Sorry to bother you again but what if several teachers can modify the
note and a teacher can modify several notes? (which means we have a
model note-owner?)
Tranquiliste a �crit :
In Note.rb:
def is_updatable_by(user)
user.eql?(author) || user.is_a?(Teacher)
end
Sorry I am stupid, I have just understood something (I won't tell you
what because I will look even more stupid), and I think I am ready now
to do what I want.
Me again, because I don't understand why the is_readable_by method is
defined as a class method. If I have an class Invoice and that someone
ask to view an invoice it should call
@invoice.is_readable_by(current_user) and not with a generic
Invoice.is_readable_by(current_user) .
Me again, because I don't understand why the is_readable_by method is
defined as a class method. If I have an class Invoice and that someone
ask to view an invoice it should call
@invoice.is_readable_by(current_user) and not with a generic
Invoice.is_readable_by(current_user) .
Would you mind explaining this choice?
Thanks very much
Nicolas
Sure thing.
The is_readable_by() method pulls double duty. It is a class method as
it supports the Object::index action, along with the Object::show
action.
Since the index action usually deals with a collection of objects, it
must be a class method. The method includes a parameter variable,
object, that can represent a singular object when checking access on
that singular object. This takes care of the Object::show action (that
normally deals with just one object).
In your case, if you want to check access on a singular invoice object,
you can do:
Invoice.is_readable_by(current_user, @invoice).