I cant get this rule to be enforced at all... it allows anyone to get to this action.
Here's my rule
role :student do
has_permission_on :relationships do
to :index
if_attribute :student_id=> is {user.student.id}
end
end
Heres my controller action
class RelationshipsController < ApplicationController
filter_resource_access :nested_in => :students
def index
@guardians = @student.guardians
end
I know I have it set up correctly cause this rule is working fine
has_permission_on :students do
to :show
if_attribute :id => is {user.student.id}
end
Where is the error in my rule definition?
Please Help
很难测试,但是尝试一下:
if_attribute :id=> is {user.student.id}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.