The way ActiveScaffold works I don't see any reason for it to check any other type of action. All of the things you just listed can be classified as a crud type, activate - update, suspend - update, pdf - read, review - read, comment - create, diggit. - probably create
You can set the crud type on your action_links to be one of these values. One thing that I could see being an issue. Say on my model I have: def id_authorized_for_update? return false end Which means any action with the crud type of update will not be allowed to change my id column. If the line you are suggesting is removed then say suspend is an action that updates the record, the ID column could now be updated in this method. This might be a far fetched scenario, but this is one of the reasons the security is the way it is. ~Kenny On Tue, Jul 7, 2009 at 1:03 PM, Hernan Astudillo <[email protected]> wrote: > Hi all, > Is there a reason to block authorized_for? to only the 4 crud actions? > i mean this line in active_scaffold_permissions.rb: > def authorized_for?(options = {}) > raise ArgumentError, "unknown action #{options[:action]}" if > options[:action] and ![:create, :read, :update, > :destroy].include?(options[:action]) > > It would be nice to allow any action to pass through this security > structure. For example, use security for many posible actions that apply > like activate, suspend, pdf, review, comment, diggit... > > I checked the code and i don't see anything that could be affected by > passing any other actions as parameter. However, in the view > (_list_actions.html.erb) it doesn't look so good to be using "crud_type" as > the action to be checked against to, instead of the real :action parameter, > but changing that might need double checking for backward compatibility > issues. I just say commenting out that raise ArgumentError which does > nothing. > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en -~----------~----~----~----~------~----~------~--~---
