Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistencies between permit and Model.with_permissions_to #201

Open
hachpai opened this issue Jan 2, 2015 · 1 comment
Open

Inconsistencies between permit and Model.with_permissions_to #201

hachpai opened this issue Jan 2, 2015 · 1 comment

Comments

@hachpai
Copy link

hachpai commented Jan 2, 2015

Hello,

I've the following rule:

role :generic_user do
    has_permission_on :admin_users, :to => [:update,:show,:edit] do
      if_attribute :id => is {user.id}, :test_method => true
    end
end

test_method is defined like that:

class User < ActiveRecord::Base
  has_and_belongs_to_many :roles

  def test_method
    true
 end

  def role_symbols
    roles.select(:name).map {|r| r.name.parameterize.underscore.to_sym} << :generic_user
  end

end

If I try to access the /admin/user page, the rule is well taken in consideration, I can change the return of test_method from true to false and permit seems to make his work correctly because I get the form if true and redirected to access_denied if false.

But if I try to make

  <% User.with_permissions_to(:show, context: :admin_users).each do |u| %>
  <%= u.name %>
  <% end %>

(notice: I must set the context because my user controller is in an admin module)
This fails :

PG::InvalidTextRepresentation: ERROR:  invalid input syntax for integer: "f"
LINE 1: ...ECT "users".* FROM "users" WHERE (("users"."id" = 'f' AND "u...
                                                             ^
: SELECT "users".* FROM "users" WHERE (("users"."id" = 'f' AND "users"."id" = 'f'))

I get 't' or 'f', depending of the return value of the method.

But if I reverse the rule like this:

role :generic_user do
    has_permission_on :admin_users, :to => [:update,:show,:edit] do
      if_attribute :test_method => true, :id => is {user.id}
    end
  end

The access to the page still depends of the return value of test_method, but the with_permission_to doesn't fail and just ignore the first method part of the rule and only consider the "id is user.id" condition attribute.

I do that because I would like to define methods who would perform SQL queries to define hierarchical access rules.

Thank you for you work and future help,

PH
@zeiv
Copy link
Contributor

zeiv commented May 29, 2015

I'm not sure why you're getting that behavior... the DSL is still a tad buggy, in my opinion. Can you try changing your code to

has_permission on :admin_users, :to=> [:update, :show, :edit] do
  if_attribute :test_method => true
  if_attribute :id => is {user.id}
end

and post the result? In my experience sometimes things in the DSL that should be DRY start acting strangely. In the meantime I'll see if I can figure this out... Oh, and would you mind posting your controller as well? Don't forget that you have to set :attribute_check => true

Edit: I just noticed that your post was from 6 months ago... sorry for the late reply!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zeiv @hachpai