tags:

views:

283

answers:

1
Q: 

declarative_authorization and /authorization_rules access problem

Hi, i have configured to use authlogic and declarative_authorization and configured authorization_rules.rb. All is fine but on attemp to access localhost/authorization_rules i see "You are not allowed to access this action.". I've added 

has_permission_on :authorization_rules, :to => [:index, :show]

but nothing changed :( In logs i see

Processing AuthorizationRulesController#index (for 127.0.0.1 at 2010-05-08 14:00:01) [GET]
  Parameters: {"action"=>"index", "controller"=>"authorization_rules"}
  User Load (1.0ms)   SELECT * FROM "users" WHERE ("users"."id" = 1) LIMIT 1
  SQL (1.8ms)   BEGIN
  User Update (0.6ms)   UPDATE "users" SET "updated_at" = '2010-05-08 10:00:01.443532', "perishable_token" = E'Narj4gmDdGiCuna9p_ht', "last_request_at" = '2010-05-08 10:00:01.440280' WHERE "id" = 1
  SQL (1.4ms)   COMMIT
  Role Load (1.3ms)   SELECT "roles".* FROM "roles" INNER JOIN "assignments" ON "roles".id = "assignments".role_id WHERE (("assignments".user_id = 1)) 
Permission denied: No matching rules found for read for #<User id: 1, login: "alec", email: "[email protected]", crypted_password: "cb0af876f2ae63f40b82eb7b8eb24e1f739a3d80e6afd4e9e36...", password_salt: "SBdGRsh5roMoaYOANkHN", persistence_token: "e356eb5d39c032ca3088f2fe9868941f70c396a7ed7eb082028...", single_access_token: "nABARs1vURbXmp1Yuc6e", perishable_token: "Narj4gmDdGiCuna9p_ht", confirmed: true, active: true, activation_code: nil, activated_at: "2010-03-07 20:51:46", login_count: 9, failed_login_count: 0, last_request_at: "2010-05-08 10:00:01", current_login_at: "2010-04-09 18:38:24", last_login_at: "2010-04-06 20:03:25", current_login_ip: "127.0.0.1", last_login_ip: "127.0.0.1", friends_count: 0, created_at: "2010-03-07 20:51:20", updated_at: "2010-05-08 10:00:01"> (roles [:admin, :super_moderator, :news_moderator, :news_maker], privileges [:read], context :authorization_rules).
Filter chain halted as [:filter_access_filter] rendered_or_redirected.

any idea?

A: 

Hi, Alexey!

I use both authlogic and declarative_authorization in my application and it works fine for me.

In config/authorization_rules.rb I have:

authorization do
  role :guest do
    has_permission_on :roles, :to => :read
    has_permission_on :permissions, :to => :read # assignments in your case.
  end

  role :user do
    includes :guest
  end

  role :admin do
    has_permission_on :authorization_rules, :to => :read
    has_permission_on :authorization_usages, :to => :read    
  end
end

privileges do
  privilege :manage, :includes => [:create, :read, :update, :delete]
  privilege :read, :includes => [:index, :show]
  privilege :create, :includes => :new
  privilege :update, :includes => :edit
  privilege :delete, :includes => :destroy
end

Of cause my account has :user and :admin roles. My models are:

class Role < ActiveRecord::Base
  using_access_control

  attr_accessible :name

  has_many :permissions, :dependent => :destroy
  has_many :users, :through => :permissions, :uniq => true  
end

class Permission < ActiveRecord::Base
  using_access_control

  attr_accessible :role_id, :user_id

  belongs_to :user
  belongs_to :role
end

class User < ActiveRecord::Base
  has_many :permissions, :dependent => :destroy
  has_many :roles, :through => :permissions

  acts_as_authentic

  def role_symbols
    @role_symbols ||= (roles || []).map {|r| r.name.underscore.to_sym}
  end
end

If you properly configured declarative_authorization, you should have in your User model (or whatever model you use with authlogic) role_symbols method (btw not necessary exactly the same as in the example above):

At last my routes are:

suggest_change_authorization_rules GET    /authorization_rules/suggest_change(.:format)    {:controller=>"authorization_rules", :action=>"suggest_change"}
        change_authorization_rules GET    /authorization_rules/change(.:format)            {:controller=>"authorization_rules", :action=>"change"}
         graph_authorization_rules GET    /authorization_rules/graph(.:format)             {:controller=>"authorization_rules", :action=>"graph"}
               authorization_rules GET    /authorization_rules(.:format)                   {:controller=>"authorization_rules", :action=>"index"}
              authorization_usages GET    /authorization_usages(.:format)                  {:controller=>"authorization_usages", :action=>"index"}

And you should have ruby_parser gem installed.

Maybe it help you.

p.s: Весело писать по-английски, сидя в Москве, человеку, который тоже находится в Москве :)

Voldy  2010-05-08 19:39:09
весело :) i have checked my config and models again - the same result :( strange :(
Alexey Poimtsev  2010-05-17 21:28:25

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.