I found a work around that works, though I'm not sure it is the best
solution. I added a column to my User called current_universe_id (and
I use that instead of a session variable) and I set up the belongs_to
and has_many relationships, and now my authorize_for_<action>? look
like this:
def authorized_for_update?
#Greys out the associated link when the user isn't the creator or authorized
new_record? || current_user.id ==
current_user.current_universe.creator_id ||
current_user.userlimits.find(:first, :conditions => "universe_id =
#{current_user.current_universe_id}").rights >= 3
end
def authorized_for_destroy?
#Greys out the associated link when the user isn't the creator or authorized
new_record? || current_user.id ==
current_user.current_universe.creator_id ||
current_user.userlimits.find(:first, :conditions => "universe_id =
#{current_user.current_universe_id}").rights >= 3
end
def authorized_for_create?
#Greys out the associated link when the user isn't the creator or authorized
current_user.id == current_user.current_universe.creator_id ||
current_user.userlimits.find(:first, :conditions => "universe_id =
#{current_user.current_universe_id}").rights >= 2
end
def authorized_for_show?
#Greys out the associated link when the user isn't the creator or authorized
new_record? || current_user.id ==
current_user.current_universe.creator_id ||
current_user.userlimits.find(:first, :conditions => "universe_id =
#{current_user.current_universe_id}").rights >= 1
end
This now works the way I want it to, but I'm not sure if this opens
any other problems, other than making it harder to test.
Carl
On Fri, May 29, 2009 at 7:59 AM, Carl Anderson <[email protected]> wrote:
> But then shouldn't it be called upon the record to be rendered both
> times, rather than on a default record once and then the actual
> record? By calling it on a default record you stand a decent way of
> getting different results. I suppose in my case it is likely just
> because I set a default for one of the values, so I can fix that, but
> maybe there should be something in the wiki about how this works. Of
> course, maybe I'm going about it all the wrong way. I just know I
> can't use new_record? as one of the checks in authorized_for_create?
> since it will always return true since that link is always called with
> a new record, and I want that link to appear depending on the current
> user in relation to the currently selected Universe (which is set as a
> session variable).
>
> Thanks,
> Carl
>
> On Thu, May 28, 2009 at 11:44 PM, Sergio Cambra .:: entreCables S.L.
> ::. <[email protected]> wrote:
>> On Jueves, 28 de Mayo de 2009 20:51:21 Kenny Ortmann escribió:
>>> Well the reason it is calling it once with a default record is because the
>>> create action for instance is an action that is Model based not record
>>> based.
>>>
>>> so it creates a new record, with the default values and checks permissions
>>> against that. I don't know why it is running these for every record
>>> though.
>>>
>>> You should see on call to create_authorized and then on call per record to
>>> update show and delete
>>
>> This happens in _list_actions.html.erb
>> <% active_scaffold_config.action_links.each :record do |link| -%>
>> <% next if controller.respond_to? link.security_method and
>> !controller.send(link.security_method) -%>
>> <td>
>> <%= record.authorized_for?(:action => link.crud_type) ?
>> render_action_link(link, url_options) : "<a
>> class='disabled'>#{link.label}</a>" -%>
>> </td>
>> <% end -%>
>>
>> It calls security_method and record.authorized_for? for each action link.
>> The security_method usually calls authorized_for? controller method
>> (ActiveScaffold::Actions::Core.authorized_for?), which calls
>> class.authorized_for?.
>>
>> So authorized_for? is called first in a new record with default values, in
>> order to show the link or not. Then authorized_for? is called in a record to
>> show the link disabled or enabled for that record.
>>
>>>
>>> On Thu, May 28, 2009 at 1:40 PM, Carl Anderson <[email protected]> wrote:
>>> > Nope, only 1, that's my point. And there's a collection for set so
>>> > they only come from one Universe_id (3 in this case). On another page
>>> > I have 4 records from Universe_id 1 and each of those groups shows up
>>> > twice for each record, but of course they both have univserse_id 1.
>>> > Carl
>>> >
>>> > On Thu, May 28, 2009 at 11:34 AM, Kenny Ortmann
>>> > <[email protected]>
>>> >
>>> > wrote:
>>> > > I'm assuming you have 2 records on this list view?
>>> > >
>>> > > On Thu, May 28, 2009 at 1:31 PM, Carl <[email protected]> wrote:
>>> > >> I figured out a little more about my problem with authorize for
>>> > >> action
>>> > >> but I'm not sure why this is happening. It seems that 2 calls are
>>> > >> made
>>> > >> to render each object, one with default attributes and one with the
>>> > >> actual attributes. This sounds odd, and might be incorrect, but I
>>> > >> came
>>> > >> to this conclusion because my authorize for actions now look like
>>> > >> this
>>> > >> for my Character model:
>>> > >>
>>> > >> def authorized_for_update?
>>> > >> #Greys out the associated link when the user isn't the creator or
>>> > >> authorized
>>> > >> logger.info "\n\nCharacter Update universe_id = #{self.universe_id}
>>> > >> \n\n"
>>> > >> new_record? || current_user.id == self.universe.creator_id ||
>>> > >> current_user.userlimits.find(:first, :conditions => "universe_id = #
>>> > >> {self.universe_id}").rights >= 3
>>> > >> end
>>> > >>
>>> > >> def authorized_for_destroy?
>>> > >> #Greys out the associated link when the user isn't the creator or
>>> > >> authorized
>>> > >> logger.info "\n\nCharacter Destroy universe_id = #
>>> > >> {self.universe_id}\n\n"
>>> > >> new_record? || current_user.id == self.universe.creator_id ||
>>> > >> current_user.userlimits.find(:first, :conditions => "universe_id = #
>>> > >> {self.universe_id}").rights >= 3
>>> > >> end
>>> > >>
>>> > >> def authorized_for_create?
>>> > >> #Greys out the associated link when the user isn't the creator or
>>> > >> authorized
>>> > >> logger.info "\n\nCharacter Create universe_id = #{self.universe_id}
>>> > >> \n\n"
>>> > >> current_user.id == self.universe.creator_id ||
>>> > >> current_user.userlimits.find(:first, :conditions => "universe_id = #
>>> > >> {self.universe_id}").rights >= 2
>>> > >> end
>>> > >>
>>> > >> def authorized_for_show?
>>> > >> logger.info "\n\nCharacter Show universe_id = #{self.universe_id}\n
>>> > >> \n"
>>> > >> #Greys out the associated link when the user isn't the creator or
>>> > >> authorized
>>> > >> new_record? || current_user.id == self.universe.creator_id ||
>>> > >> current_user.userlimits.find(:first, :conditions => "universe_id = #
>>> > >> {self.universe_id}").rights >= 1
>>> > >> end
>>> > >>
>>> > >>
>>> > >> And when I go to my character page my log looks like this:
>>> > >>
>>> > >> Processing CharactersController#index (for 127.0.0.1 at 2009-05-28
>>> > >> 11:15:21) [GET]
>>> > >> Parameters: {"action"=>"index", "controller"=>"characters"}
>>> > >> User Load (0.5ms) SELECT * FROM "users" WHERE ("users"."id" = 1)
>>> > >>
>>> > >>
>>> > >>
>>> > >> Universe id set in session as: 3
>>> > >>
>>> > >>
>>> > >> SQL (0.2ms) select sqlite_version(*)
>>> > >> SQL (0.5ms) SELECT count(DISTINCT "characters".id) AS count_all
>>> > >> FROM "characters" LEFT OUTER JOIN "experiences" ON
>>> > >> experiences.character_id = characters.id LEFT OUTER JOIN
>>> > >> "characters_events" ON "characters_events".character_id =
>>> > >> "characters".id LEFT OUTER JOIN "events" ON "events".id =
>>> > >> "characters_events".event_id LEFT OUTER JOIN "users" ON "users".id =
>>> > >> "characters".created_by LEFT OUTER JOIN "users" modifiers_characters
>>> > >> ON "modifiers_characters".id = "characters".modified_by WHERE
>>> > >> ((characters.universe_id = '3'))
>>> > >> Character Load (0.9ms) SELECT "characters".* FROM "characters"
>>> > >> WHERE ((characters.universe_id = '3')) ORDER BY characters."id" ASC
>>> > >> LIMIT 15 OFFSET 0
>>> > >> Experience Load (0.2ms) SELECT "experiences".* FROM "experiences"
>>> > >> WHERE ("experiences".character_id = 10)
>>> > >> Event Load (0.2ms) SELECT "events".*, t0.character_id as
>>> > >> the_parent_record_id FROM "events" INNER JOIN "characters_events" t0
>>> > >> ON "events".id = t0.event_id WHERE (t0.character_id = 10)
>>> > >> CACHE (0.0ms) SELECT * FROM "users" WHERE ("users"."id" = 1)
>>> > >> CACHE (0.0ms) SELECT * FROM "users" WHERE ("users"."id" = 1)
>>> > >> Rendering template within layouts/application
>>> > >> Rendering characters/list
>>> > >>
>>> > >>
>>> > >> Character Create universe_id = 1
>>> > >>
>>> > >> Universe Load (0.2ms) SELECT * FROM "universes" WHERE
>>> > >> ("universes"."id" = 1)
>>> > >> SQL (0.2ms) SELECT count(*) AS count_all FROM "characters"
>>> > >> Rendered _list_header (13.6ms)
>>> > >> Rendered _list_column_headings (93.9ms)
>>> > >> Rendered _messages (0.9ms)
>>> > >>
>>> > >>
>>> > >> Character Update universe_id = 1
>>> > >>
>>> > >>
>>> > >>
>>> > >> Character Update universe_id = 3
>>> > >>
>>> > >> Universe Load (0.3ms) SELECT * FROM "universes" WHERE
>>> > >> ("universes"."id" = 3)
>>> > >>
>>> > >>
>>> > >> Character Destroy universe_id = 1
>>> > >>
>>> > >>
>>> > >>
>>> > >> Character Destroy universe_id = 3
>>> > >>
>>> > >> Rendered _list_actions (3.8ms)
>>> > >> Rendered _list_record (26.6ms)
>>> > >> Rendered _list (134.2ms)
>>> > >> Completed in 196ms (View: 165, DB: 3) | 200 OK [http://0.0.0.0/
>>> > >> characters]
>>> > >>
>>> > >>
>>> > >>
>>> > >>
>>> > >> The only one that only shows up once per page is the Create action,
>>> > >> and it is using the default Universe_id = 1 which I assume is because
>>> > >> I set that as the default on my model, but I don't understand why the
>>> > >> one object on that page calls each of the other authorize for actions
>>> > >> twice, with self.universe_id set once to the default and once set to
>>> > >> the actual value? If I go to a page with 4 characters on it I see the
>>> > >> same thing, but with pairs of calls for each object (except for
>>> > >> Create, which only shows up once). Shouldn't it only be called once
>>> > >> with the actual value?
>>>
>>>
>>
>> --
>> Sergio Cambra .:: entreCables S.L. ::.
>> Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza
>> T) 902 021 404 F) 976 52 98 07 E) [email protected]
>>
>>
>> >>
>>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"ActiveScaffold : Ruby on Rails plugin" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/activescaffold?hl=en
-~----------~----~----~----~------~----~------~--~---
