开发者

Help with rails declarative_authorization

问答 作者:

I cant get this rule to be enforced at all... it allows anyone to get to this action.

Here's my rule 

role :student do
    has_permission_on :relationships do 
      to :index
      if_attribute :student_id=> is {user.student.id}
    end
  end

Heres my controller action

class RelationshipsController < ApplicationController

filter_resource_access :nested_in => :students

 def index
   @guardians = @student.guardians  
  end

I know I have it set up correctly cause this rule is wor开发者_运维知识库king fine

has_permission_on :students do 
      to :show
      if_attribute :id => is {user.student.id}
    end

Where is the error in my rule definition?

Please Help

It's hard to test, but try this:

if_attribute :id=> is {user.student.id}

继续阅读:declarative-authorizationruby-on-rails

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9