开发者

declarative auth problem with if_attribute

开发者 https://www.devze.com 2023-02-15 00:27 出处：网络

my authorization rules: role :tester do has_permission_on [:regression_test_test_runs, :regression_test_jobs], :to => :manage

相关专题：declarative-authorization ruby-on-rails

my authorization rules:

role :tester do
  has_permission_on [:regression_test_test_runs, :regression_test_jobs], :to => :manage
  has_permission_on [:authorization_rules], :t开发者_Go百科o => [:read, :manage]
  has_permission_on [:users], :to => :edit do
    if_attribute :user => is {user}
  end
end

my users controller

filter_access_to :all, :attribute_check => true

why is it that i still get a permission denied? i've tried playing around and i still can't get the current user, which is a tester to edit his own profile.

You probably need to change your authorization rules to:

role :tester do
  ...
  has_permission_on [:users], :to => :edit do
    if_attribute :id => is {user.id}
  end
end

I'm guessing that user doesn't have an attribute named user, that's why your original example was failing. You'll have to compare the user's id against the current user's id instead.