issue with acl9 plugin

I am trying to allow users with role "corporate" to access their own company. Currently a user with that role gets blocked.

If i login as admin or change the access control to allow all, it works fine. The issue is pertaining to Corporate user role having a company.

here is all the code http://pastie.org/672733

User controller

class UsersController < ApplicationController
  # GET /users
  # GET /users.xml

  before_filter :load_user_index, :only => ['index' ]
    access_control do
      allow :admin
    end

  before_filter :load_user, :only => ['show', 'destroy', 'edit' ]
    access_control do
      allow :admin
    end

  before_filter :load_user_manage, :only => [ 'create', 'new', 'update', 'destroy' ]
    access_control do
      allow :admin
    end

  def index

    respond_to do |format|
      format.html # index.html.erb
      format.xml  { render :xml => @users }
    end
  end


  # GET /users/1
  # GET /users/1.xml
  def show

    respond_to do |format|
      format.html # show.html.erb
      format.xml  { render :xml => @user }
    end
  end

  # GET /users/new
  # GET /users/new.xml
  def new

    respond_to do |format|
      format.html # new.html.erb
      format.xml  { render :xml => @user }
    end
  end

  # GET /users/1/edit
  def edit

  end

  # POST /users
  # POST /users.xml
  def create

    respond_to do |format|

      if @user.role == "Admin"
        @user.has_role! :admin
      end

      if @user.role == "Corporate"
        @user.has_role!(:corporate, @company)
      end

      if @user.role == "Regional"
        @user.has_role!(:regional, @company)
      end

      if @user.save
        flash[:notice] = "User #{@user.username} was successfully created."
        format.html { redirect_to(:action =>'index') }
        format.xml  { render :xml => @user, :status => :created, :location => @user }
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @user.errors, 
                     :status => :unprocessable_entity }
      end
    end  
  end

  # PUT /users/1
  # PUT /users/1.xml
  def update

    respond_to do |format|
      if @user.update_attributes(params[:user])
        flash[:notice] = 'User #{@user.username} was successfully updated.'
        format.html { redirect_to(:action =>'index') }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
      end
    end
  end

  # DELETE /users/1
  # DELETE /users/1.xml
  def destroy
    begin 
      @user.destroy
      flash[:notice] = "User #{@user.username} deleted"
    rescue Exception => e 
      flash[:notice] = e.message
    end

    respond_to do |format|
      format.html { redirect_to(users_url) }
      format.xml  { head :ok }
    end
  end

  private 

    def load_user
      @company = Company.find(params[:company_id])
      @user = User.find(params[:id])
    end

    def load_user_index
      @company = Company.find(params[:company_id])
      @users = @company.users
    end

    def load_user_manage
      @company = Company.find(params[:company_id])
      @user = @company.users.build(params[:user])
    end

end

Application controller

def current_user    
    @current_user ||= User.find(session[:user_id])      
  end

Company Controller

class CompaniesController < ApplicationController
  # GET /companies
  # GET /companies.xml

  before_filter :load_company_index, :only => ['index']
    access_control do
      allow :admin
    end

  before_filter :load_company, :only => ["show", "edit", "update", "create", "new", "destroy"]
    access_control do
      allow :admin
      allow :corporate, :of => :company, :to => ["show", "edit", "update", "create", "new", "destroy"]
    end

  def index

    respond_to do |format|
      format.html # index.html.erb
      format.xml  { render :xml => @companies }
    end
  end

  # GET /companies/1
  # GET /companies/1.xml
  def show

    respond_to do |format|
      format.html # show.html.erb
      format.xml  { render :xml => @company }
    end
  end

  # GET /companies/new
  # GET /companies/new.xml
  def new
    @company = Company.new

    respond_to do |format|
      format.html # new.html.erb
      format.xml  { render :xml => @company }
    end
  end

  # GET /companies/1/edit
  def edit
  end

  # POST /companies
  # POST /companies.xml
  def create
    @company = Company.new(params[:company])

    respond_to do |format|
      if @company.save
        flash[:notice] = 'Company was successfully created.'
        format.html { redirect_to(@company) }
        format.xml  { render :xml => @company, :status => :created, :location => @company }
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @company.errors, :status => :unprocessable_entity }
      end
    end
  end

  # PUT /companies/1
  # PUT /companies/1.xml
  def update

    respond_to do |format|
      if @company.update_attributes(params[:company])
        flash[:notice] = 'Company was successfully updated.'
        format.html { redirect_to(@company) }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml  { render :xml => @company.errors, :status => :unprocessable_entity }
      end
    end
  end

  # DELETE /companies/1
  # DELETE /companies/1.xml
  def destroy
    @company.destroy

    respond_to do |format|
      format.html { redirect_to(companies_url) }
      format.xml  { head :ok }
    end
  end

  private 

    def load_company
      @company = Company.find(params[:id])
    end

    def load_company_index
      @companies = Company.find(:all)
    end

end

ansaurus

tags:

views:

answers:

issue with acl9 plugin

related questions