Hi,
Just starting out, but getting:
Processing WebfileController#new (for 10.1.1.1 at 2009-12-14 09:45:14) [GET]
Parameters: {"action"=>"new", "controller"=>"webfile"}
User Columns (2.0ms) SHOW FIELDS FROM `users`
User Indexes (0.3ms) SHOW KEYS FROM `users`
Permission denied: No matching rules found for create for #<Authorization::GuestUser:0x24ee088 @role_symbols=[:guest]> (roles [:guest], privileges [:create], context :webfile).
Filter chain halted as [:filter_access_filter] rendered_or_redirected.
Completed in 19ms (View: 1, DB: 3) | 403 Forbidden [http://localhost/webfile/new]
I've got:
authorization do
role :guest do
has_permission_on :webfile, :to => :create
end
end
privileges do
privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end
======================================
class WebfileController < ApplicationController
#before_filter :require_user
filter_access_to :new, :require => :create
.
.
.
======================================
Q1 - I would have thought for a Guest account this should have been enough? Is there something I'm missing?
Q2 - Do I need to have a "guest" user in the USERS table with relationships to the ROLES to use the declarative_authorization "guest" account?
Q3 - IF in authorization_roles.rb one models that "guest" has permission on controller X, to privilege Y (e.g. ":manage), THEN does this mean in the controller one only needs to put "filter_access_to :all" and it should work? In other words, when people use controller lines such as "filter_access_to :new, :require => :read", I'm confused between the usage of the "require" field here and then what may be already in the uthorization_roles.rb?