Help with rails declarative_authorization
Question
I cant get this rule to be enforced at all... it allows anyone to get to this action.
Here's my rule
role :student do
has_permission_on :relationships do
to :index
if_attribute :student_id=> is {user.student.id}
end
end
Heres my controller action
class RelationshipsController < ApplicationController
filter_resource_access :nested_in => :students
def index
@guardians = @student.guardians
end
I know I have it set up correctly cause this rule is working fine
has_permission_on :students do
to :show
if_attribute :id => is {user.student.id}
end
Where is the error in my rule definition?
Please Help
1 answers
solution1
0 2012-01-26 20:23:01
很难测试,但是尝试一下:
if_attribute :id=> is {user.student.id}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
declarative_authorization and namespaces
Authorization in Rails 3.1 : CanCan, CanTango, declarative_authorization?
Why does declarative_authorization break the functionality of my controller? - Rails 3
rails - declarative_authorization permitted_to not working correctly
declarative_authorization and authlogic problems
Declarative_Authorization nested rules
declarative_authorization and user context
declarative_authorization permissions on roles
Is devise compatible with declarative_authorization?
All permissions with declarative_authorization
Related Tags