Don't know if this has been answered before. Have custom routes to users. If I access the user directly /users/5 everything works. If I try /profile or even /users/current_user with Declarative Authorization I get "Couldn't find User without an ID" map.profile "profile", :controller => "users", :action => "show" map.edit_profile 'pro...
I've been having almost the same issues as Victor Martin (you can see the questions asked here). I've got declarative authorization working for just about everything that doesn't involve using conditionals. E.g. has_permission_on :users, :to => [:edit, :update, :destroy] do if_attribute :user => is { current_user } end Are there any ...
I have an application with set limits on subscription attributes i/e a user can have five projects for subscription A but have ten for subscription B At present I run a check on there current usage when linking to the create action and if they are over there limit I do not display the link to create a new project. On the view (for the n...
Hi, Do you know - can declarative_authorization control access to namespace'd resources or not? I've tried something like has_permission_on [:admin, :users], :to => [:index, :show, :new, :create, :edit, :update, :destroy, :search] but it's not working :( any ideas on this? ...
I want to implement declarative authorization with mongoid. But cannot succeeded. It seems like declarative authorization works with ActiveRecord Only. Can I let it work with MOngoid and MongoDB? Any Ideas. ...
Declarative authorization seems to require params[:id] to do its validation and I want to use paths like /profile and /dashboard where the user is stored in the session and not the URL. But it breaks. Any ideas on how I can do this without hacking the gem itself? ...
Hi folks, I want the check a belongs_to model for permission. A user should only create a blog, if he is the owner of the project Model Code User has_many :blogposts has_many :projects end Project has_one :blog belongs_to :user end Blog has_many :blogposts belongs_to :project end Blogpost belongs_to :user belongs_to ...
I have a model that allows a User to mark other Users as Favorites. This HABTM relationship is defined in the User model: class User < ActiveRecord::Base has_and_belongs_to_many :favorites, :class_name => "User", :join_table => "favorites", :association_foreign_key => "favorite_id", :foreign_key => "user_id" end The FavoritesControl...
And again a decl_auth problem I want to achieve, that only active Users are allowed to view (:show) bookings model code User has_many :events has_many :bookings Event belongs_to :user has_many :bookings Booking belongs_to :event belongs_to :user # user.active => true in the authorization file has_permission_on [:b...
Hey, I am trying to use permitted_to to hide/show links but in one of my forms it is not appearing. The form belongs to assignments but the actual edit function is for candidates. <% if permitted_to? :edit, @candidate %> <%= link_to 'Edit', edit_candidate_path(@candidate) %> <% end %> I can navigate to the page by url so i know its ...
I use authlogic to authenticate users. In my controllers I use current_user, defined (as documented) as follows: def current_user_session return @current_user_session if defined?(@current_user_session) @current_user_session = UserSession.find end def current_user return @current_user if defined?(@current_user) @cur...
I am attempting to secure a Rails3 controller using declarative_authorization. The controller has the 7, RESTful actions, three custom member actions (activate, deactivate, copy), and one custom collection action (public). The 'public' action only returns one record, however. Only the custom collection action (public) should be availa...
I will need to provide dynamic role assignments (Roles/ Privileges) .More clearly, an end user should be able to create a role, assign permissions to a new user. So I was thinking of storing roles and privileges in a table for each user. Is there a smart way to do this (any other plugin?),or or should I write code to do this with Decl...
help rails 3 came out yesterday, we have a fully functional rails 2.3.8 app, but our deployment on heroku doesn't work because declarative_authorization demands rails 2.1 or higher That is a very big problem, how can I solve it, any quick hacks, workarounds? ...
I have two models (Item and Theme). They are both owned by a third model Users with a has_many association (User has many Themes and Items). Both Item and Theme have_many :images. The Image model is a polymorphic association so the table has the columns imageable_id and imageable_type. If I had both an Item with ID 1 and a Theme with ...
getting uninitialized constant Authorization::Maintenance in ActiveRecord::Observer. ...
When using Authlogic's HTTP Basic auth, UserSession.find returns nil since the session appears not to be set. As a result, declarative_authorization, which references the usual current_user method (as below), can't find a current user. def current_user_session return @current_user_session if defined?(@current_user_session) @curr...
I'm currently using Declarative Authorization on my application, and trying to catch Exceptions from type Authorization::NotAuthorized. I have an Entity that has a category. Depending on the role a user can create a new category when creating this entity. At my :before_validation callback I assign the category and want to be able to cat...
Hi All, Is there a way to have with_permissions_to in a single place globally so that it applies to EVERY finder method of all models. Actually, I have very big application and just added this plug-in for authorization. I don't want to use with_permissions_to with every find method for all models. Thanks, Imran ...
I'm running bundler with rails 2.3.4. I'm trying to get declarative_authorization to work (I added it to my Gemfile). The error I'm getting is undefined local variable or method 'filter_resource_access'. I'm guessing this means that declarative_authorization isn't loading? Since I'm using bundler I don't have a config.gem line for it...