I spoke too soon. Here's an example of what I meant about the subforms. Again, perhaps I'm doing something wrong:
http://cloud.github.com/downloads/nextekcarl/storylines/Screenshot-redirect_error.png In this case the action failed authorization and what I actually want is for the entire page to be redirected to the Universe Control Panel, but what happens is the subform is replaced by that page, rather then redirecting the whole page. Any idea how I prevent that? Carl On Mon, Jun 1, 2009 at 1:09 PM, Carl Anderson <[email protected]> wrote: > You know, I think this request may have had more to do with the problems I > was having getting the permissions to work the way I wanted. It seems to be > working much better now. I have encountered on potential problem though. I > have a model with a has many relationship to another model. I have the > authorized for conditions working so the edit link is grayed out properly > when you click on the association, but I noticed that the name of the record > in the subform is a link to edit the record, so I clicked on it, and even > though the current user was not authorized for update (as evidenced by the > edit on that record being grayed out) the subform still opened and he was > able to edit the name of that record and successfully save the changes. You > can see what I mean here: > > > http://cloud.github.com/downloads/nextekcarl/storylines/Screenshot-editing-test2.png > > Shouldn't the link for the name be grayed out (or not a link at all) if the > user isn't authorized to edit the model? Here's the code I'm using for the > authorized for update link: > > def authorized_for_update? > #Greys out the associated link when the user isn't the creator or > authorized > new_record? || current_user.id == > current_user.current_universe.creator_id || > current_user.userlimits.find(:first, :conditions => "universe_id = > #{current_user.current_universe_id}").rights >= 3 > end > > In this case the current_user.current_universe_id}").rights == 1 > > Carl > > > On Mon, Jun 1, 2009 at 12:15 AM, Sergio Cambra .:: entreCables S.L. ::. < > [email protected]> wrote: > >> On Sábado, 30 de Mayo de 2009 00:22:59 Carl escribió: >> > Is there a global config to stop all actions from being handled >> > through ajax? I can't seem to find one, and the main problems I have >> > tend to come from the ajax calls. >> >> >> In ApplicationController: >> >> >> ActiveScaffold.set_defaults do |config| >> config.show.link.page = true >> config.create.link.page = true >> config.update.link.page = true >> end >> >> >> > While ajax sometimes looks cool, it >> > isn't really vital to my app, and sometimes causes problems with >> > rendering if someone tries to do something through a subform that they >> > aren't authorized to do (like edit a associated record, of which I >> > have quite a few). >> >> >> Are you using rails 2.3? In master branch (which only works with rails >> 2.3) it should work. >> >> >> > I like being able to bring up all the associated >> > records in their own screen (or tab) but in a subform it tends to >> > cause problems. Mostly this seems to be a problem with belongs_to >> > associations, since the default action seems to be edit, rather than >> > show. >> >> >> You can change default action: >> ActiveScaffold::DataStructures::Column.actions_for_association_links = >> [:new, :show] >> >> >> > >> > Carl >> > >> >> >> -- >> Sergio Cambra .:: entreCables S.L. ::. >> Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza >> T) 902 021 404 F) 976 52 98 07 E) [email protected] >> >> >> >> >> >> > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en -~----------~----~----~----~------~----~------~--~---
