On Lunes, 17 de Mayo de 2010 13:03:40 Benjamin Adler escribió: > > Here you will have to override the security method in the controller, > > because you need to read params and session. You can get the parent id in > > the constraints: > > active_scaffold_constraints[:parent] > > Ah, I never heard of this before. Why is the parent-id in this hash and > not part of the request/params-hash?
It's stored in session when you request nested action, and then eid is generated and sent in each request. In experimental branch render_component use is removed for nested scaffolds, and the foreign key is sent in all requests instead of eid parameter. Also, support to nest multiple associations is removed. > - authorized_for_create? always has to be a class method, while its > other crud-siblings don't have to be, right? authorized_for_create in a record is never called. authorized_for_update, authorized_for_read and authorized_for_delete are called as class and instance methods: + displaying action links: - if class method disallow it the action link is not displayed for any record. - if class method allows it the action link is displayed for all records, but disabled for records which disallows it. + security checks in the controller: - if class method disallow it, a before_filter avoid executing the action, withou DB query. - after loading the record, instance method is called. > > - When overriding the controllers' create_authorized?, do I also have to > explicitly check the model's security method, like I do above? Or is > that done at some other time anyway? When you override a controller security method you can use method you want, you don't need to use model authorized_for_create if you don't want. Class security methods are called through controller security method, so if you override the controller security method and you don't use class security method, you don't need to define it. Sometimes class security methods are used even whe you override the controller security method: in automatic nested links in association columns (to show the "Create new association" link) class method is used directly, also to show the "create another model" button in subforms. Also, edit associated record links displayed in singular associations in a list check permission using instance security method in the record instead of using controller security method. -- Sergio Cambra .:: entreCables S.L. ::. Mariana Pineda 23, 50.018 Zaragoza T) 902 021 404 F) 976 52 98 07 E) [email protected] -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en.
