Hi Stefan, First or all, thanks a lot for your debugging efforts. You have helped me a lot to start digging what's going on from the hobo_rapid_helper.rb onwards.
You seem to have encountered a really complex bug, because it comes from the automatic routes generation. Have you noticed that this URL (/users/664-admin/billing_addresses/new/new) ends in a double "new". It's wrong. This provokes that polymorphic_path raises an error, which is rescued without logging anything, object_url returns nil which is assigned to form_attrs[:action] and ... "*permission denied; unable to render form*". It seems like hobo_routes.rb is not being generated correctly, maybe it's some syntax change in Rails 4. This is going to take some time to investigate, so meanwhile, could you try a workaround? Please add these routes to your config/routes.rb file: get 'users/:user_id/billing_addresses/new' => 'billing_addresses#new_for_user', :as => 'new_user_billing_address' get 'users/:user_id/billing_addresses' => 'billing_addresses#index_for_user', :as => 'user_billing_addresses' post 'users/:user_id/billing_addresses' => 'billing_addresses#create_for_user' These routes should "overwrite" the hobo routes and make the form in /users/664-admin/billing_addresses/new work as it should. I have created an issue about this: https://github.com/Hobo/hobo/issues/62 to solve it for good. And finally, I have created another issue to improve the horrible log message "*permission denied; unable to render form*". Currently it means that something has broken in the Hobo form system, and many times it has nothing to do with permissions!! I just hate it when I see it :D. https://github.com/Hobo/hobo/issues/63 Warm regards, Ignacio El 15/01/14 10:29, Stefan Haslinger escribió: > Hi folks, > > i'm getting something wrong with owner actions and permissions. > > I have a user that > > has_many :billing_addresses, dependent: :destroy, :inverse_of => > :user, :accessible => true > > > Billing addresses > > belongs_to :user, :creator => true > > > I have owner actions: > > class BillingAddressesController < ApplicationController > hobo_model_controller > auto_actions_for :user, [ :index, :new, :create ] > end > > > I am Admin and when I try to create a new billing_address, I get the > page, but without a form. > The log tells me: > > Started GET "/users/664-admin/billing_addresses/new/new" for 127.0.0.1 > at 2014-01-15 10:10:45 +0100 > Processing by BillingAddressesController#new_for_user as HTML > Parameters: {"user_id"=>"664-admin"} > User Load (0.3ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = > 664 LIMIT 1 > User Load (0.3ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = > 664 ORDER BY `users`.`id` ASC LIMIT 1 > DRYML: Compiled app/views/taglibs/auto/rapid/pages.dryml in 1.39s > User Load (0.2ms) SELECT `users`.* FROM `users` WHERE (users.name > LIKE '%(%') > Webpage Load (3.6ms) SELECT `webpages`.* FROM `webpages` WHERE > `webpages`.`ancestry` IS NULL AND (webpages.state = 'published') ORDER > BY webpages.position ASC > *permission denied; unable to render form* > Rendered controller: billing_addresses; dryml-tag: new-for-user-page > (269.3ms) > Completed 200 OK in 2321ms (Views: 2205.1ms | ActiveRecord: 4.3ms) > > That gives me a hint ... thank's to ignacio's screencast on debugging I > figured out, that this is because > hobo/hobo_rapid/app/helpers/hobo_rapid_helper.rb line 146 > > attrs[:action].nil? && (form_attrs[:action].nil? || > (attrs[:lifecycle].nil? && new_record && > !this.creatable_by?(current_user)) || (attrs[:lifecycle].nil? && > !new_record && !can_edit?)) > > > evaluates to true. > > where I come in with > > (rdb:1) attributes > {"class"=>"form-horizontal", "owner"=>"user", "method"=>"post"} > (rdb:1) parameters > > {:default=>#<Proc:0x0000000726a5a0@/var/rails/hobo/dryml/lib/dryml/template_environment.rb:521>} > > > So there are missing attrs? ... I have no clue ... > > I opened all permissions in user and billing_address to > > def create_permitted? > true > end > def update_permitted? > true > end > def destroy_permitted? > true > end > def view_permitted?(field) > true > end > > > I put in all I could think of in User's > > attr_accessible :name, :email_address, :password, > :password_confirmation, > :current_password, :administrator, :legacy_id, :sales, > :logged_in, :last_login_at, :login_count, > :addresses, :billing_addresses, :billing_address > > > So I clearly miss out some authorization stuff somewhere .... but where? > Do i have to declare something about the owner actions in the models? > > Stefan > > -- > You received this message because you are subscribed to the Google > Groups "Hobo Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/hobousers. > For more options, visit https://groups.google.com/groups/opt_out. -- Ignacio Huerta Arteche http://www.ihuerta.net Teléfono: 0034 645 70 77 35 Email realizado con software libre -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/hobousers. For more options, visit https://groups.google.com/groups/opt_out.
