How to use the is_in operator of the declarative_authorization?
I have what seems to me to be a simple declarative_authorization rule, but I'm sure it's just my newness that is causing me to have problems getting it to work.
I have开发者_开发技巧 a user and a group. A group has a many-to-one relationship with a user. A particular class (:asset) can have a user & group associated with it. I want to determine authorization to the :asset object if a users is a member of the :asset objects group. Basically, think of the UNIX filesystem security model.
Here is the rule I have written:
has_permission_on [:assets], :to => :manage do
if_attribute :user => is { user }
if_attribute :group => is { user.default_group }
# Idea:
# if_attribute :group => is_in { user.groups }
end
I'm looking to include my "idea" in the code, but it throws an error. I'm sure it's something silly I'm doing, I'm just not sure what?
SQLite3::SQLException: ambiguous column name: created_at:
SELECT "assets"."id" AS t0_r0, "assets"."friendly_id" AS t0_r1, "assets"."purchased_on" AS t0_r2, "assets"."description" AS t0_r3, "assets"."model" AS t0_r4, "assets"."serial" AS t0_r5, "assets"."user_id" AS t0_r6, "assets"."created_at" AS t0_r7, "assets"."updated_at" AS t0_r8, "assets"."group_id" AS t0_r9, "groups"."id" AS t1_r0, "groups"."name" AS t1_r1, "groups"."created_at" AS t1_r2, "groups"."updated_at" AS t1_r3
FROM "assets"
LEFT OUTER
JOIN "groups"
ON "groups".id = "assets".group_id
WHERE ((1=1) OR ("assets"."user_id" = 1) OR ("groups"."id" IN (1,2,3)))
ORDER BY created_at DESC
LIMIT 10
OFFSET 0
I really haven't dug that much into declarative_auth but the rules seem to be ok. Based on the log it seems that the order by created_at is ambiguous as there is a 'created_at' column in the 'groups' table as well.
Don't know a straight off the table solution how to fix that but I think it should say order by t0_r7 or order by t1_r2 as those are the aliases given to created_at columns; I don't know if it matters to you which you use.
加载中,请稍侯......
精彩评论