On Viernes, 29 de Mayo de 2009 16:59:25 Carl Anderson escribió: > But then shouldn't it be called upon the record to be rendered both > times, rather than on a default record once and then the actual > record? By calling it on a default record you stand a decent way of > getting different results.
Different results are needed for different actions. If we use the same method in the same object to hide or disable a link, then link won't be disabled anytime, or link would be hidden or link would be shown and enabled. > I suppose in my case it is likely just > because I set a default for one of the values, so I can fix that, but > maybe there should be something in the wiki about how this works. It's partially documented, under section "Tips for Defining Model Security Methods" The second tip is that even though the methods are always at the instance level, the current record isn’t always meaningful. To distinguish whether the specific record matters for the security check, use the :existing_record_check? method And in the example: return true unless existing_record_check? It's the same as: return true if new_record? Maybe we shouldn't check authorized_for with new record when we want to check permissions for the model. Currently, action link it's hidden when it's not enabled for all records (class is not authorized for that crud type), and they are disabled when class is authorized but record is not authorized. Maybe authorized_for? at class level should search for class methods instead of create a new record and check authorized_for? in that record. > Of > course, maybe I'm going about it all the wrong way. I just know I > can't use new_record? as one of the checks in authorized_for_create? > since it will always return true since that link is always called with > a new record, and I want that link to appear depending on the current > user in relation to the currently selected Universe (which is set as a > session variable). > > Thanks, > Carl > > On Thu, May 28, 2009 at 11:44 PM, Sergio Cambra .:: entreCables S.L. > > ::. <[email protected]> wrote: > > > > On Jueves, 28 de Mayo de 2009 20:51:21 Kenny Ortmann escribió: > >> Well the reason it is calling it once with a default record is because > >> the create action for instance is an action that is Model based not > >> record based. > >> > >> so it creates a new record, with the default values and checks > >> permissions against that. I don't know why it is running these for every > >> record though. > >> > >> You should see on call to create_authorized and then on call per record > >> to update show and delete > > > > This happens in _list_actions.html.erb > > <% active_scaffold_config.action_links.each :record do |link| -%> > > <% next if controller.respond_to? link.security_method and > > !controller.send(link.security_method) -%> > > <td> > > <%= record.authorized_for?(:action => link.crud_type) ? > > render_action_link(link, url_options) : "<a > > class='disabled'>#{link.label}</a>" -%> > > </td> > > <% end -%> > > > > It calls security_method and record.authorized_for? for each action link. > > The security_method usually calls authorized_for? controller method > > (ActiveScaffold::Actions::Core.authorized_for?), which calls > > class.authorized_for?. > > > > So authorized_for? is called first in a new record with default values, > > in order to show the link or not. Then authorized_for? is called in a > > record to show the link disabled or enabled for that record. > > > >> On Thu, May 28, 2009 at 1:40 PM, Carl Anderson <[email protected]> wrote: > >> > Nope, only 1, that's my point. And there's a collection for set so > >> > they only come from one Universe_id (3 in this case). On another page > >> > I have 4 records from Universe_id 1 and each of those groups shows up > >> > twice for each record, but of course they both have univserse_id 1. > >> > Carl > >> > > >> > On Thu, May 28, 2009 at 11:34 AM, Kenny Ortmann > >> > <[email protected]> > >> > > >> > wrote: > >> > > I'm assuming you have 2 records on this list view? > >> > > > >> > > On Thu, May 28, 2009 at 1:31 PM, Carl <[email protected]> wrote: > >> > >> I figured out a little more about my problem with authorize for > >> > >> action > >> > >> but I'm not sure why this is happening. It seems that 2 calls are > >> > >> made > >> > >> to render each object, one with default attributes and one with the > >> > >> actual attributes. This sounds odd, and might be incorrect, but I > >> > >> came > >> > >> to this conclusion because my authorize for actions now look like > >> > >> this > >> > >> for my Character model: > >> > >> > >> > >> def authorized_for_update? > >> > >> #Greys out the associated link when the user isn't the creator or > >> > >> authorized > >> > >> logger.info "\n\nCharacter Update universe_id = #{self.universe_id} > >> > >> \n\n" > >> > >> new_record? || current_user.id == self.universe.creator_id || > >> > >> current_user.userlimits.find(:first, :conditions => "universe_id = > >> > >> # {self.universe_id}").rights >= 3 > >> > >> end > >> > >> > >> > >> def authorized_for_destroy? > >> > >> #Greys out the associated link when the user isn't the creator or > >> > >> authorized > >> > >> logger.info "\n\nCharacter Destroy universe_id = # > >> > >> {self.universe_id}\n\n" > >> > >> new_record? || current_user.id == self.universe.creator_id || > >> > >> current_user.userlimits.find(:first, :conditions => "universe_id = > >> > >> # {self.universe_id}").rights >= 3 > >> > >> end > >> > >> > >> > >> def authorized_for_create? > >> > >> #Greys out the associated link when the user isn't the creator or > >> > >> authorized > >> > >> logger.info "\n\nCharacter Create universe_id = #{self.universe_id} > >> > >> \n\n" > >> > >> current_user.id == self.universe.creator_id || > >> > >> current_user.userlimits.find(:first, :conditions => "universe_id = > >> > >> # {self.universe_id}").rights >= 2 > >> > >> end > >> > >> > >> > >> def authorized_for_show? > >> > >> logger.info "\n\nCharacter Show universe_id = #{self.universe_id}\n > >> > >> \n" > >> > >> #Greys out the associated link when the user isn't the creator or > >> > >> authorized > >> > >> new_record? || current_user.id == self.universe.creator_id || > >> > >> current_user.userlimits.find(:first, :conditions => "universe_id = > >> > >> # {self.universe_id}").rights >= 1 > >> > >> end > >> > >> > >> > >> > >> > >> And when I go to my character page my log looks like this: > >> > >> > >> > >> Processing CharactersController#index (for 127.0.0.1 at 2009-05-28 > >> > >> 11:15:21) [GET] > >> > >> Parameters: {"action"=>"index", "controller"=>"characters"} > >> > >> User Load (0.5ms) SELECT * FROM "users" WHERE ("users"."id" = 1) > >> > >> > >> > >> > >> > >> > >> > >> Universe id set in session as: 3 > >> > >> > >> > >> > >> > >> SQL (0.2ms) select sqlite_version(*) > >> > >> SQL (0.5ms) SELECT count(DISTINCT "characters".id) AS count_all > >> > >> FROM "characters" LEFT OUTER JOIN "experiences" ON > >> > >> experiences.character_id = characters.id LEFT OUTER JOIN > >> > >> "characters_events" ON "characters_events".character_id = > >> > >> "characters".id LEFT OUTER JOIN "events" ON "events".id = > >> > >> "characters_events".event_id LEFT OUTER JOIN "users" ON "users".id > >> > >> = "characters".created_by LEFT OUTER JOIN "users" > >> > >> modifiers_characters ON "modifiers_characters".id = > >> > >> "characters".modified_by WHERE ((characters.universe_id = '3')) > >> > >> Character Load (0.9ms) SELECT "characters".* FROM "characters" > >> > >> WHERE ((characters.universe_id = '3')) ORDER BY characters."id" ASC > >> > >> LIMIT 15 OFFSET 0 > >> > >> Experience Load (0.2ms) SELECT "experiences".* FROM "experiences" > >> > >> WHERE ("experiences".character_id = 10) > >> > >> Event Load (0.2ms) SELECT "events".*, t0.character_id as > >> > >> the_parent_record_id FROM "events" INNER JOIN "characters_events" > >> > >> t0 ON "events".id = t0.event_id WHERE (t0.character_id = 10) > >> > >> CACHE (0.0ms) SELECT * FROM "users" WHERE ("users"."id" = 1) > >> > >> CACHE (0.0ms) SELECT * FROM "users" WHERE ("users"."id" = 1) > >> > >> Rendering template within layouts/application > >> > >> Rendering characters/list > >> > >> > >> > >> > >> > >> Character Create universe_id = 1 > >> > >> > >> > >> Universe Load (0.2ms) SELECT * FROM "universes" WHERE > >> > >> ("universes"."id" = 1) > >> > >> SQL (0.2ms) SELECT count(*) AS count_all FROM "characters" > >> > >> Rendered _list_header (13.6ms) > >> > >> Rendered _list_column_headings (93.9ms) > >> > >> Rendered _messages (0.9ms) > >> > >> > >> > >> > >> > >> Character Update universe_id = 1 > >> > >> > >> > >> > >> > >> > >> > >> Character Update universe_id = 3 > >> > >> > >> > >> Universe Load (0.3ms) SELECT * FROM "universes" WHERE > >> > >> ("universes"."id" = 3) > >> > >> > >> > >> > >> > >> Character Destroy universe_id = 1 > >> > >> > >> > >> > >> > >> > >> > >> Character Destroy universe_id = 3 > >> > >> > >> > >> Rendered _list_actions (3.8ms) > >> > >> Rendered _list_record (26.6ms) > >> > >> Rendered _list (134.2ms) > >> > >> Completed in 196ms (View: 165, DB: 3) | 200 OK [http://0.0.0.0/ > >> > >> characters] > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> The only one that only shows up once per page is the Create action, > >> > >> and it is using the default Universe_id = 1 which I assume is > >> > >> because I set that as the default on my model, but I don't > >> > >> understand why the one object on that page calls each of the other > >> > >> authorize for actions twice, with self.universe_id set once to the > >> > >> default and once set to the actual value? If I go to a page with 4 > >> > >> characters on it I see the same thing, but with pairs of calls for > >> > >> each object (except for Create, which only shows up once). > >> > >> Shouldn't it only be called once with the actual value? > > > > -- > > Sergio Cambra .:: entreCables S.L. ::. > > Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza > > T) 902 021 404 F) 976 52 98 07 E) [email protected] > > -- Sergio Cambra .:: entreCables S.L. ::. Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza T) 902 021 404 F) 976 52 98 07 E) [email protected] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en -~----------~----~----~----~------~----~------~--~---
