But then shouldn't it be called upon the record to be rendered both times, rather than on a default record once and then the actual record? By calling it on a default record you stand a decent way of getting different results. I suppose in my case it is likely just because I set a default for one of the values, so I can fix that, but maybe there should be something in the wiki about how this works. Of course, maybe I'm going about it all the wrong way. I just know I can't use new_record? as one of the checks in authorized_for_create? since it will always return true since that link is always called with a new record, and I want that link to appear depending on the current user in relation to the currently selected Universe (which is set as a session variable).
Thanks, Carl On Thu, May 28, 2009 at 11:44 PM, Sergio Cambra .:: entreCables S.L. ::. <[email protected]> wrote: > On Jueves, 28 de Mayo de 2009 20:51:21 Kenny Ortmann escribió: >> Well the reason it is calling it once with a default record is because the >> create action for instance is an action that is Model based not record >> based. >> >> so it creates a new record, with the default values and checks permissions >> against that. I don't know why it is running these for every record >> though. >> >> You should see on call to create_authorized and then on call per record to >> update show and delete > > This happens in _list_actions.html.erb > <% active_scaffold_config.action_links.each :record do |link| -%> > <% next if controller.respond_to? link.security_method and > !controller.send(link.security_method) -%> > <td> > <%= record.authorized_for?(:action => link.crud_type) ? > render_action_link(link, url_options) : "<a > class='disabled'>#{link.label}</a>" -%> > </td> > <% end -%> > > It calls security_method and record.authorized_for? for each action link. > The security_method usually calls authorized_for? controller method > (ActiveScaffold::Actions::Core.authorized_for?), which calls > class.authorized_for?. > > So authorized_for? is called first in a new record with default values, in > order to show the link or not. Then authorized_for? is called in a record to > show the link disabled or enabled for that record. > >> >> On Thu, May 28, 2009 at 1:40 PM, Carl Anderson <[email protected]> wrote: >> > Nope, only 1, that's my point. And there's a collection for set so >> > they only come from one Universe_id (3 in this case). On another page >> > I have 4 records from Universe_id 1 and each of those groups shows up >> > twice for each record, but of course they both have univserse_id 1. >> > Carl >> > >> > On Thu, May 28, 2009 at 11:34 AM, Kenny Ortmann >> > <[email protected]> >> > >> > wrote: >> > > I'm assuming you have 2 records on this list view? >> > > >> > > On Thu, May 28, 2009 at 1:31 PM, Carl <[email protected]> wrote: >> > >> I figured out a little more about my problem with authorize for >> > >> action >> > >> but I'm not sure why this is happening. It seems that 2 calls are >> > >> made >> > >> to render each object, one with default attributes and one with the >> > >> actual attributes. This sounds odd, and might be incorrect, but I >> > >> came >> > >> to this conclusion because my authorize for actions now look like >> > >> this >> > >> for my Character model: >> > >> >> > >> def authorized_for_update? >> > >> #Greys out the associated link when the user isn't the creator or >> > >> authorized >> > >> logger.info "\n\nCharacter Update universe_id = #{self.universe_id} >> > >> \n\n" >> > >> new_record? || current_user.id == self.universe.creator_id || >> > >> current_user.userlimits.find(:first, :conditions => "universe_id = # >> > >> {self.universe_id}").rights >= 3 >> > >> end >> > >> >> > >> def authorized_for_destroy? >> > >> #Greys out the associated link when the user isn't the creator or >> > >> authorized >> > >> logger.info "\n\nCharacter Destroy universe_id = # >> > >> {self.universe_id}\n\n" >> > >> new_record? || current_user.id == self.universe.creator_id || >> > >> current_user.userlimits.find(:first, :conditions => "universe_id = # >> > >> {self.universe_id}").rights >= 3 >> > >> end >> > >> >> > >> def authorized_for_create? >> > >> #Greys out the associated link when the user isn't the creator or >> > >> authorized >> > >> logger.info "\n\nCharacter Create universe_id = #{self.universe_id} >> > >> \n\n" >> > >> current_user.id == self.universe.creator_id || >> > >> current_user.userlimits.find(:first, :conditions => "universe_id = # >> > >> {self.universe_id}").rights >= 2 >> > >> end >> > >> >> > >> def authorized_for_show? >> > >> logger.info "\n\nCharacter Show universe_id = #{self.universe_id}\n >> > >> \n" >> > >> #Greys out the associated link when the user isn't the creator or >> > >> authorized >> > >> new_record? || current_user.id == self.universe.creator_id || >> > >> current_user.userlimits.find(:first, :conditions => "universe_id = # >> > >> {self.universe_id}").rights >= 1 >> > >> end >> > >> >> > >> >> > >> And when I go to my character page my log looks like this: >> > >> >> > >> Processing CharactersController#index (for 127.0.0.1 at 2009-05-28 >> > >> 11:15:21) [GET] >> > >> Parameters: {"action"=>"index", "controller"=>"characters"} >> > >> User Load (0.5ms) SELECT * FROM "users" WHERE ("users"."id" = 1) >> > >> >> > >> >> > >> >> > >> Universe id set in session as: 3 >> > >> >> > >> >> > >> SQL (0.2ms) select sqlite_version(*) >> > >> SQL (0.5ms) SELECT count(DISTINCT "characters".id) AS count_all >> > >> FROM "characters" LEFT OUTER JOIN "experiences" ON >> > >> experiences.character_id = characters.id LEFT OUTER JOIN >> > >> "characters_events" ON "characters_events".character_id = >> > >> "characters".id LEFT OUTER JOIN "events" ON "events".id = >> > >> "characters_events".event_id LEFT OUTER JOIN "users" ON "users".id = >> > >> "characters".created_by LEFT OUTER JOIN "users" modifiers_characters >> > >> ON "modifiers_characters".id = "characters".modified_by WHERE >> > >> ((characters.universe_id = '3')) >> > >> Character Load (0.9ms) SELECT "characters".* FROM "characters" >> > >> WHERE ((characters.universe_id = '3')) ORDER BY characters."id" ASC >> > >> LIMIT 15 OFFSET 0 >> > >> Experience Load (0.2ms) SELECT "experiences".* FROM "experiences" >> > >> WHERE ("experiences".character_id = 10) >> > >> Event Load (0.2ms) SELECT "events".*, t0.character_id as >> > >> the_parent_record_id FROM "events" INNER JOIN "characters_events" t0 >> > >> ON "events".id = t0.event_id WHERE (t0.character_id = 10) >> > >> CACHE (0.0ms) SELECT * FROM "users" WHERE ("users"."id" = 1) >> > >> CACHE (0.0ms) SELECT * FROM "users" WHERE ("users"."id" = 1) >> > >> Rendering template within layouts/application >> > >> Rendering characters/list >> > >> >> > >> >> > >> Character Create universe_id = 1 >> > >> >> > >> Universe Load (0.2ms) SELECT * FROM "universes" WHERE >> > >> ("universes"."id" = 1) >> > >> SQL (0.2ms) SELECT count(*) AS count_all FROM "characters" >> > >> Rendered _list_header (13.6ms) >> > >> Rendered _list_column_headings (93.9ms) >> > >> Rendered _messages (0.9ms) >> > >> >> > >> >> > >> Character Update universe_id = 1 >> > >> >> > >> >> > >> >> > >> Character Update universe_id = 3 >> > >> >> > >> Universe Load (0.3ms) SELECT * FROM "universes" WHERE >> > >> ("universes"."id" = 3) >> > >> >> > >> >> > >> Character Destroy universe_id = 1 >> > >> >> > >> >> > >> >> > >> Character Destroy universe_id = 3 >> > >> >> > >> Rendered _list_actions (3.8ms) >> > >> Rendered _list_record (26.6ms) >> > >> Rendered _list (134.2ms) >> > >> Completed in 196ms (View: 165, DB: 3) | 200 OK [http://0.0.0.0/ >> > >> characters] >> > >> >> > >> >> > >> >> > >> >> > >> The only one that only shows up once per page is the Create action, >> > >> and it is using the default Universe_id = 1 which I assume is because >> > >> I set that as the default on my model, but I don't understand why the >> > >> one object on that page calls each of the other authorize for actions >> > >> twice, with self.universe_id set once to the default and once set to >> > >> the actual value? If I go to a page with 4 characters on it I see the >> > >> same thing, but with pairs of calls for each object (except for >> > >> Create, which only shows up once). Shouldn't it only be called once >> > >> with the actual value? >> >> > > -- > Sergio Cambra .:: entreCables S.L. ::. > Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza > T) 902 021 404 F) 976 52 98 07 E) [email protected] > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en -~----------~----~----~----~------~----~------~--~---
