Also there are ways to have the update and create links not show up if the user isn't authorized. You still need to disallow the actions in the controller, as you already are, to prevent "url hacking" but you may want to look at the wiki and remove the links as well. Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: Chris Drappier <[email protected]> Date: Wed, 2 Dec 2009 12:41:11 To: <[email protected]> Subject: Re: redirect on authorization failure no, I'm not using the ajax links because it doesn't work well with what I have going on already. I started using AS after this app was about a year old. I'm using lackac's render_component. do you think the problem lies in render component? On Wed, Dec 2, 2009 at 12:32 PM, <[email protected]> wrote: > I was just curious. So are you using none ajax links? > > What version of render_component are you using? > > Sent from my Verizon Wireless BlackBerry > ------------------------------ > *From: * Chris Drappier <[email protected]> > *Date: *Wed, 2 Dec 2009 12:28:24 -0600 > *To: *<[email protected]> > *Subject: *Re: redirect on authorization failure > > update_authorized_filter is called before edit and before create, so both. > the show access rules will have to be a bit different, but whatever logic > decides whether a user can edit a record should drive whether or not the > form can be rendered or submitted. they are not mutually exclusive > > -C > > On Wed, Dec 2, 2009 at 12:25 PM, <[email protected]> wrote: > >> So you are basically saying if the user has show access then they have >> update access as well? >> >> Are you redirecting upon clicking update of the form or upon clicking the >> update link? >> >> Sent from my Verizon Wireless BlackBerry >> ------------------------------ >> *From: * Chris Drappier <[email protected]> >> *Date: *Wed, 2 Dec 2009 12:21:50 -0600 >> *To: *<[email protected]> >> *Subject: *redirect on authorization failure >> >> Hi All, >> >> I've been trying to set activescaffold up to properly redirect when >> there's an authorization failure in AS's security layer, so, In my >> controller, i've rewritten update_authorized_filter like this : >> >> def update_authorized_filter >> link = active_scaffold_config.show.link || >> active_scaffold_config.show.class.link >> if self.send(link.security_method) >> flash[:error] = "You Are Not Authorized To Update this record" >> redirect_to :action => :index >> end >> end >> >> it redirects fine, but I lose the flash message. Any Idea why this might >> be the case? >> >> >> thx for your help :) >> >> -C >> >> -- >> You received this message because you are subscribed to the Google Groups >> "ActiveScaffold : Ruby on Rails plugin" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<activescaffold%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/activescaffold?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "ActiveScaffold : Ruby on Rails plugin" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<activescaffold%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/activescaffold?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "ActiveScaffold : Ruby on Rails plugin" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<activescaffold%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/activescaffold?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "ActiveScaffold : Ruby on Rails plugin" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<activescaffold%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/activescaffold?hl=en. > -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en. -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en.
