I have 4 different levels of access; admin, partner, employee and client. Admin, Partner, and Employee have administrative access over clients. Basically开发者_如何学编程 what I have done is created a
I cant get this rule to be enforced at all... it allows anyone to get to this action. Here\'s my rule
What\'s a cool way to protect attributes by role using declarative_authorization?For example, a user can edit his contact information but not his role.
I am using declarative_authorization and I have the following in a controller: filte开发者_开发技巧r_access_to :index, :new, :edit, :step, :create, :update, :destroy
my authorization rules: role :tester do has_permission_on [:regression_test_test_runs, :regression_test_jobs], :to => :manage
The authorization works nicely, but when a user accesses an action/controller that they don\'t have access to, they see:
i have rails3 app with declarative_authorization and inherited_resources gems installed. Let me show you some code from my app:
I have a little problem with declarative-authorization. I have a User and Role Model with a has_and_belongs_to_many association.
I\'ve been using a bitmask in a current project for keeping track of user roles, but now have a situation where I need to be able to do a find for all users who are a certain role.
I would like to publish my application to a selected set of individuals for a private beta.I created a sub-domain for this task: beta.company.com.
加载中,请稍侯......