开发者

declarative_authorization permission on new but related object id is nil

开发者 https://www.devze.com 2022-12-25 07:35 出处:网络
I have an Organization that has_many Affiliations And a mission that has_one Organization So i can do this:

I have an Organization that has_many Affiliations And a mission that has_one Organization

So i can do this:

m = Mission.first
m.organization.affiliations

A user also has_many affiliations so I can do:

u = User.first
u.affiliations

In declarative_authorization I want a user to be able to manage a mission if he is affiliated to the organization of the mission. I have this:

has_permission_on :missions, :to => [:manage] do
  if_attribute :organization => { :affiliations => intersects_with { user.affiliates.type_admin } }
end

But I'm getting this error:

Permission denied: new not allowed for #<User id: 2, firstname: "Miguel", lastname: "Alho", email: "blah@blah.com", birthday: "2010-07-05 20:24:00", crypted_password: "...", password_salt: "...", persistence_tok开发者_StackOverflow中文版en: "...", perishable_token: "...", created_at: "2010-03-05 20:25:34", updated_at: "2010-03-30 15:45:36"> on #<Mission id: nil, user_id: nil, organization_id: nil, name: nil, objectives: nil, created_at: nil, updated_at: nil>

The Mission and Organization are nil. I think that is because on the new, the mission.organization dosn't exists.

On the mission controller I have this:

  def new
    if(params[:organization_id])
      session[:organization_id] = params[:organization_id]
      @mission = Organization.find_by_id(params[:organization_id]).missions.build
    end  
  end


I can't speak to why your technique isn't working, but here's how I accomplished a similar thing.

From what I gather in your code examples you only want users that are affiliated with a mission's organization to be able to manage that mission. Furthermore that user must be of type admin. What I've done in the past is created a has_many relationship in your organization model that has a few extra conditions that filter out affiliations that not of type admin:

has_many :admins, :source => :user, :through => :affiliations, :conditions => "affiliations.type = 'admin'"

Then in your authorization_rules.rb you add in this rule:

has_permission_on :missions, :to => [:manage] do { if_attribute :organization => {:admins => contains {user}}}
0

精彩评论

暂无评论...
验证码 换一张
取 消