tags:

views:

93

answers:

1
+1  Q: 

declarative_authorization permission on new but related object id is nil

I have an Organization that has_many Affiliations And a mission that has_one Organization

So i can do this:

m = Mission.first
m.organization.affiliations

A user also has_many affiliations so I can do:

u = User.first
u.affiliations

In declarative_authorization I want a user to be able to manage a mission if he is affiliated to the organization of the mission. I have this: 

has_permission_on :missions, :to => [:manage] do
  if_attribute :organization => { :affiliations => intersects_with { user.affiliates.type_admin } }
end

But I'm getting this error:

Permission denied: new not allowed for #<User id: 2, firstname: "Miguel", lastname: "Alho", email: "[email protected]", birthday: "2010-07-05 20:24:00", crypted_password: "...", password_salt: "...", persistence_token: "...", perishable_token: "...", created_at: "2010-03-05 20:25:34", updated_at: "2010-03-30 15:45:36"> on #<Mission id: nil, user_id: nil, organization_id: nil, name: nil, objectives: nil, created_at: nil, updated_at: nil>

The Mission and Organization are nil. I think that is because on the new, the mission.organization dosn't exists.

On the mission controller I have this:

  def new
    if(params[:organization_id])
      session[:organization_id] = params[:organization_id]
      @mission = Organization.find_by_id(params[:organization_id]).missions.build
    end  
  end
+1  A: 

I can't speak to why your technique isn't working, but here's how I accomplished a similar thing.

From what I gather in your code examples you only want users that are affiliated with a mission's organization to be able to manage that mission. Furthermore that user must be of type admin. What I've done in the past is created a has_many relationship in your organization model that has a few extra conditions that filter out affiliations that not of type admin:

has_many :admins, :source => :user, :through => :affiliations, :conditions => "affiliations.type = 'admin'"

Then in your authorization_rules.rb you add in this rule:

has_permission_on :missions, :to => [:manage] do { if_attribute :organization => {:admins => contains {user}}}
schickm  2010-04-17 16:34:03
Thanks this was very helpful!
jspooner  2010-06-22 23:22:54

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.