yeah, i started out using DHH's render component, but that didn't work with AS, so I googled around to find a solution and I think a mailing list post directed me to lackac's version, which works fine (except of course for this problem.)
On Wed, Dec 2, 2009 at 12:53 PM, <[email protected]> wrote: > Also there are ways to have the update and create links not show up if the > user isn't authorized. You still need to disallow the actions in the > controller, as you already are, to prevent "url hacking" but you may want to > look at the wiki and remove the links as well. > > Sent from my Verizon Wireless BlackBerry > ------------------------------ > *From: * Chris Drappier <[email protected]> > *Date: *Wed, 2 Dec 2009 12:41:11 -0600 > *To: *<[email protected]> > *Subject: *Re: redirect on authorization failure > > no, I'm not using the ajax links because it doesn't work well with what I > have going on already. I started using AS after this app was about a year > old. I'm using lackac's render_component. do you think the problem lies in > render component? > > On Wed, Dec 2, 2009 at 12:32 PM, <[email protected]> wrote: > >> I was just curious. So are you using none ajax links? >> >> What version of render_component are you using? >> >> Sent from my Verizon Wireless BlackBerry >> ------------------------------ >> *From: * Chris Drappier <[email protected]> >> *Date: *Wed, 2 Dec 2009 12:28:24 -0600 >> *To: *<[email protected]> >> *Subject: *Re: redirect on authorization failure >> >> update_authorized_filter is called before edit and before create, so both. >> the show access rules will have to be a bit different, but whatever logic >> decides whether a user can edit a record should drive whether or not the >> form can be rendered or submitted. they are not mutually exclusive >> >> -C >> >> On Wed, Dec 2, 2009 at 12:25 PM, <[email protected]> wrote: >> >>> So you are basically saying if the user has show access then they have >>> update access as well? >>> >>> Are you redirecting upon clicking update of the form or upon clicking the >>> update link? >>> >>> Sent from my Verizon Wireless BlackBerry >>> ------------------------------ >>> *From: * Chris Drappier <[email protected]> >>> *Date: *Wed, 2 Dec 2009 12:21:50 -0600 >>> *To: *<[email protected]> >>> *Subject: *redirect on authorization failure >>> >>> Hi All, >>> >>> I've been trying to set activescaffold up to properly redirect when >>> there's an authorization failure in AS's security layer, so, In my >>> controller, i've rewritten update_authorized_filter like this : >>> >>> def update_authorized_filter >>> link = active_scaffold_config.show.link || >>> active_scaffold_config.show.class.link >>> if self.send(link.security_method) >>> flash[:error] = "You Are Not Authorized To Update this >>> record" >>> redirect_to :action => :index >>> end >>> end >>> >>> it redirects fine, but I lose the flash message. Any Idea why this might >>> be the case? >>> >>> >>> thx for your help :) >>> >>> -C >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "ActiveScaffold : Ruby on Rails plugin" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]<activescaffold%[email protected]> >>> . >>> For more options, visit this group at >>> http://groups.google.com/group/activescaffold?hl=en. >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "ActiveScaffold : Ruby on Rails plugin" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]<activescaffold%[email protected]> >>> . >>> For more options, visit this group at >>> http://groups.google.com/group/activescaffold?hl=en. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "ActiveScaffold : Ruby on Rails plugin" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<activescaffold%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/activescaffold?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "ActiveScaffold : Ruby on Rails plugin" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<activescaffold%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/activescaffold?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "ActiveScaffold : Ruby on Rails plugin" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<activescaffold%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/activescaffold?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "ActiveScaffold : Ruby on Rails plugin" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<activescaffold%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/activescaffold?hl=en. > -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en.
