Ruby：Declarative_authorization多态关联

Question

I have two models (Item and Theme). They are both owned by a third model Users with a has_many association (User has many Themes and Items). Both Item and Theme have_many :images.

The Image model is a polymorphic association so the table has the columns imageable_id and imageable_type. If I had both an Item with ID 1 and a Theme with ID 1 the table would look like

id    imageable_id    imageable_type
------------------------------------
1     1               Item
2     1               Theme

I'm using declarative_authorization to re-write the SQL queries of my database to keep users from accessing items outside their account. I'd like to write an authorization rule that will allow a user to read an image only if they can read the item they own. I can't seem to get the correct syntax (perhaps it's not supported):

has_permission_on [:images], :to => [:manage], :join_as => :and do
  if_attribute :imageable => is { "Item" }
  if_permitted_to :manage, :items # Somehow I need to tell declarative_auth to imageable_id is an item_id in this case.
end

Then I'd have another rule mimicking the above but for themes:

has_permission_on [:images], :to => [:manage], :join_as => :and do
  if_attribute :imageable => is { "Theme" }
  if_permitted_to :manage, :themes # Somehow I need to tell declarative_auth to imageable_id is a theme_id in this case.
end

Any ideas? Thanks in advance!

• Corith Malin

Answer 1

It seems that you commit a mistake in has_permission_on method

As I checked over has_permission_on and if_attribute

  has_permission_on(:images, :to => :manage, :join_as => :and) do
    if_attribute :imageable => "Item"
    if_permitted_to :manage, :items
  end

Hope this Help You !!!