Hi folks,
i'm getting something wrong with owner actions and permissions.
I have a user that
> has_many :billing_addresses, dependent: :destroy, :inverse_of => :user,
> :accessible => true
Billing addresses
> belongs_to :user, :creator => true
I have owner actions:
> class BillingAddressesController < ApplicationController
> hobo_model_controller
> auto_actions_for :user, [ :index, :new, :create ]
> end
I am Admin and when I try to create a new billing_address, I get the page,
but without a form.
The log tells me:
Started GET "/users/664-admin/billing_addresses/new/new" for 127.0.0.1 at
2014-01-15 10:10:45 +0100
Processing by BillingAddressesController#new_for_user as HTML
Parameters: {"user_id"=>"664-admin"}
User Load (0.3ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 664
LIMIT 1
User Load (0.3ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 664
ORDER BY `users`.`id` ASC LIMIT 1
DRYML: Compiled app/views/taglibs/auto/rapid/pages.dryml in 1.39s
User Load (0.2ms) SELECT `users`.* FROM `users` WHERE (users.name LIKE
'%(%')
Webpage Load (3.6ms) SELECT `webpages`.* FROM `webpages` WHERE
`webpages`.`ancestry` IS NULL AND (webpages.state = 'published') ORDER BY
webpages.position ASC
*permission denied; unable to render form*
Rendered controller: billing_addresses; dryml-tag: new-for-user-page
(269.3ms)
Completed 200 OK in 2321ms (Views: 2205.1ms | ActiveRecord: 4.3ms)
That gives me a hint ... thank's to ignacio's screencast on debugging I
figured out, that this is because
hobo/hobo_rapid/app/helpers/hobo_rapid_helper.rb line 146
attrs[:action].nil? && (form_attrs[:action].nil? || (attrs[:lifecycle].nil?
> && new_record && !this.creatable_by?(current_user)) ||
> (attrs[:lifecycle].nil? && !new_record && !can_edit?))
evaluates to true.
where I come in with
> (rdb:1) attributes
> {"class"=>"form-horizontal", "owner"=>"user", "method"=>"post"}
> (rdb:1) parameters
>
> {:default=>#<Proc:0x0000000726a5a0@/var/rails/hobo/dryml/lib/dryml/template_environment.rb:521>}
So there are missing attrs? ... I have no clue ...
I opened all permissions in user and billing_address to
def create_permitted?
> true
> end
> def update_permitted?
> true
> end
> def destroy_permitted?
> true
> end
> def view_permitted?(field)
> true
> end
I put in all I could think of in User's
> attr_accessible :name, :email_address, :password, :password_confirmation,
> :current_password, :administrator, :legacy_id, :sales,
> :logged_in, :last_login_at, :login_count, :addresses,
> :billing_addresses, :billing_address
So I clearly miss out some authorization stuff somewhere .... but where?
Do i have to declare something about the owner actions in the models?
Stefan
--
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/hobousers.
For more options, visit https://groups.google.com/groups/opt_out.
