Hi,
consider a model named rule, that belongs_to :user, for which:
- each user may view only his own rules
- a user may create a new rule for himself
I implemented the following permission definition:
def create_permitted?
acting_user.signed_up?
end
def update_permitted?
(acting_user == user) || acting_user.administrator?
end
def destroy_permitted?
(acting_user == user) || acting_user.administrator?
end
def view_permitted?(field)
(acting_user == user) || acting_user.administrator?
end
However, when the user tries to create a new rule, after the
RulesController#new method is invoked, the following message is
displayed
That operation is not allowed
even though the user IS signed up.
After playing with the permissions, I discovered that if I change def
view_permitted to
def view_permitted?(field)
true
end
then the rule is created with no error.
Is this a bug in the permission implementation, or am I doing
something wrong? How can the desired behavior be defined in the
model??
Any help would be greatly appreciated
p.s. I also tried using
before_create {|rule| rule.user = acting_user}
but nothing happened
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/hobousers?hl=en
-~----------~----~----~----~------~----~------~--~---
