开发者

declarative_authorization permission on new but related object id is nil

问答 作者:

I have an Organization that has_many Affiliations And a mission that has_one Organization

So i can do this:

m = Mission.first
m.organization.affiliations

A user also has_many affiliations so I can do:

u = User.first
u.affiliations

In declarative_authorization I want a user to be able to manage a mission if he is affiliated to the organization of the mission. I have this: 

has_permission_on :missions, :to => [:manage] do
  if_attribute :organization => { :affiliations => intersects_with { user.affiliates.type_admin } }
end

But I'm getting this error:

Permission denied: new not allowed for #<User id: 2, firstname: "Miguel", lastname: "Alho", email: "blah@blah.com", birthday: "2010-07-05 20:24:00", crypted_password: "...", password_salt: "...", persistence_tok开发者_StackOverflow中文版en: "...", perishable_token: "...", created_at: "2010-03-05 20:25:34", updated_at: "2010-03-30 15:45:36"> on #<Mission id: nil, user_id: nil, organization_id: nil, name: nil, objectives: nil, created_at: nil, updated_at: nil>

The Mission and Organization are nil. I think that is because on the new, the mission.organization dosn't exists.

On the mission controller I have this:

  def new
    if(params[:organization_id])
      session[:organization_id] = params[:organization_id]
      @mission = Organization.find_by_id(params[:organization_id]).missions.build
    end  
  end

I can't speak to why your technique isn't working, but here's how I accomplished a similar thing.

From what I gather in your code examples you only want users that are affiliated with a mission's organization to be able to manage that mission. Furthermore that user must be of type admin. What I've done in the past is created a has_many relationship in your organization model that has a few extra conditions that filter out affiliations that not of type admin:

has_many :admins, :source => :user, :through => :affiliations, :conditions => "affiliations.type = 'admin'"

Then in your authorization_rules.rb you add in this rule:

has_permission_on :missions, :to => [:manage] do { if_attribute :organization => {:admins => contains {user}}}

继续阅读:declarative-authorizationruby-on-railsruby-on-rails-plugins

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9