声明性授权和授权问题
[英]declarative_authorization and authlogic problems
问题描述
(Disclaimer: I am very new to rails) 
(免责声明:我是Rails的新手)
This plugin looks like it will be a great fit for my app, but I am having a hard time getting it to work. 这个插件看起来非常适合我的应用程序,但是我很难让它工作。 I am using it with authlogic, I am not sure if that is the problem, but it seems like it may be. 我在authlogic中使用它,我不确定是否是问题所在,但似乎可能是这样。
When I try an access a page that my admin role should have access to I get this: 当我尝试访问我的管理员角色应该有权访问的页面时,得到以下信息:
Processing CompaniesController#show (for 127.0.0.1 at 2010-02-12
23:26:44) [GET]
Parameters: {"action"=>"show", "id"=>"1", "controller"=>"companies",
"battalion_id"=>"1"}
User Load (0.000681) SELECT * FROM "users" WHERE ("users"."id" =
'147') LIMIT 1
User Update (0.000622) UPDATE "users" SET "perishable_token" =
'tUyTl1eZDQSJwp_PFw7c', "last_request_at" = '2010-02-13 05:26:44',
"updated_at" = '2010-02-13 05:26:44' WHERE "id" = 147
Role Load (0.000334) SELECT * FROM "roles" WHERE ("roles".user_id
= 147)
Permission denied: No matching rules found for show for #<User id:
147, user_type: nil, login: "lauren_roth", name: "Lauren
Rothlisberger", email: "laurenrothlisber...@gmail.com",
crypted_password:
"d835a2cdf15ef449d0980e706fd86d7a9a7a0a23d0d79d6f18f...",
password_salt: "_Qz_z8eZOhKHcsPsBsoP", created_at: "2010-02-12
16:37:53", updated_at: "2010-02-13 05:26:44", old_remember_token: nil,
old_remember_token_expires_at: nil, old_activation_code: nil,
activated_at: nil, old_password_reset_code: nil, enabled: true,
identity_url: nil, invitation_id: nil, invitation_limit: nil,
position: "Admin", battalion_id: nil, company_id: nil, soldier_id:
nil, login_count: 68, failed_login_count: 0, last_request_at:
"2010-02-13 05:26:44", current_login_at: "2010-02-13 05:20:59",
last_login_at: "2010-02-13 05:19:57", current_login_ip: "127.0.0.1",
last_login_ip: "127.0.0.1", persistence_token:
"28fc9b60853045cd4e43a001b4258940a7e8f9ac50b08df6a6d...",
single_access_token: "bKgYvuRtLqauufljZDoV", perishable_token:
"tUyTl1eZDQSJwp_PFw7c", active: true, platoon_id: nil> (roles
[:Admin], privileges [:show], context :companies).
Filter chain halted as [:filter_access_filter] rendered_or_redirected.
Completed in 27ms (View: 1, DB: 0 3 queries) | 403 Forbidden [http://
localhost/battalions/1/companies/1]
I have this in my User model def role_symbols (roles || []).map {|r| 我的使用者模型def role_symbols(角色|| [])。map {| r | r.name.to_sym} end r.name.to_sym}结尾
But it doesn't seem to be calling that. 但这似乎并不在乎。 I think that may be the heart of the problem, but I am also wondering if it has anything to do with the user_sessions? 我认为这可能是问题的核心,但我也想知道这是否与user_sessions有关?
Also this is what my application_controller looks like: 这也是我的application_controller的样子:
helper_method :current_user_session, :current_user
filter_parameter_logging :password, :password_confirmation
before_filter :set_current_user
protected
def set_current_user
Authorization.current_user = current_user
end
def current_user_session
return @current_user_session if defined? (@current_user_session)
@current_user_session = UserSession.find
end
def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.record
end
def store_location
session[:return_to] = request.request_uri
end
def redirect_back_or_default(default)
redirect_to(session[:return_to] || default)
session[:return_to] = nil
end
Here is my authorization_rules.rb
I did capitalize the Admin to reflect that: 我确实大写了管理员来反映这一点:
authorization do
role :guest do
has_permission_on :user_sessions, :to => [:create, :update]
end
role :Admin do
has_permission_on :companies, :to => [:index, :show]
end
end
If you have any ideas I would greatly appreciate it. 如果您有任何想法,我将不胜感激。 Thanks. 谢谢。
2 个解决方案
解决方案1
1 已采纳 2010-02-14 01:24:17
Apparently the application loads the rules of table roles properly, but don't load the config/authorization_rules.rb file correctly. 显然,应用程序正确加载了表角色的规则,但没有正确加载config / authorization_rules.rb文件。 Please check the file, his name and the syntax used. 请检查文件,名称和使用的语法。
Try to use the privileges section in authorization_rules.rb ; 尝试使用authorization_rules.rb中的特权部分; like this: 像这样:
privileges do
privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end
And what about the Companies controller? 那公司控制人呢?
Good luck. 祝好运。
解决方案2
0 2010-02-13 18:45:46
I did capitalize the Admin to reflect that
What do you mean by that? 你是什么意思? The admin role should be capitalized in the authorization_rules.rb file as the role_symbols method seems to be working and is returning [:Admin] as an array of user roles. admin角色应该在authorization_rules.rb文件中大写,因为role_symbols方法似乎正在起作用,并且以用户角色数组的形式返回[:Admin] 。 You can see that in the log: 您可以在日志中看到:
(roles [:Admin], privileges [:show], context :companies)
This means that the current user has the roles specified, but needs at least one of the listed privileges to access the context/resource. 这意味着当前用户具有指定的角色,但需要至少列出的特权之一才能访问上下文/资源。 So your authorization_rules.rb has to have a capitalized role :Admin . 因此,您的authorization_rules.rb必须具有大写的角色:Admin 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.