stffn / declarative_authorization

An authorization Rails plugin using a declarative DSL for specifying authorization rules in one place — Read more

Sort by: Priority | Votes | Last Updated

Loading…

23.

0 votes

Problem to configure access rules
1 comment Created about 17 hours ago by alec-c4

Title

Body
Hi, could you tell me plz - how to write access rules for following scheme. I have 2 models - Post and Comment. Post has many comments and Comment belongs to Post. In posts_controller i have methods add_comment and remove_comment. But rules like has_permission_on :posts, :to => :comments_manage do if_attribute :user_id => is {current_user} end not working and has_permission_on :comments, :to => :comments_manage do if_attribute :user_id => is {current_user} end not working too :( additional information on privileges: privilege :comments_manage do includes :add_comment, :remove_comment end
or cancel
Hi,
could you tell me plz - how to write access rules for following scheme. I have 2 models - Post and Comment. Post has many comments and Comment belongs to Post. In posts_controller i have methods add_comment and remove_comment. But rules like
```
    has_permission_on :posts, :to => :comments_manage do
      if_attribute :user_id => is {current_user}
    end
```
not working and
```
    has_permission_on :comments, :to => :comments_manage do
      if_attribute :user_id => is {current_user}
    end
```
not working too :(
additional information on privileges:
```
  privilege :comments_manage do
    includes :add_comment, :remove_comment
  end
```
Comments

stffn Tue Dec 29 07:13:51 -0800 2009 | link

Please use the issue tracker for feature requests and bug reports only. For usage questions, please post on the mailing list.

Comment
Please use the issue tracker for feature requests and bug reports only. For usage questions, please post on the mailing list.
or cancel

Parsed with GitHub Flavored Markdown
18.

0 votes

Error when calling user on #<User id: 903, username: "user", email: "user@example.com"......
1 comment Created 26 days ago by kjf

Title

Body
I receive the following error when trying to call a show action in my users controller Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:535:in `object_attribute_value' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:428:in `validate?' /Library/Ruby/Gems/1.8/gems/activerecord-2.3.5/lib/active_record/base.rb:2036:in `all?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:427:in `each' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:427:in `all?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:427:in `validate?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:374:in `validate?' /Library/Ruby/Gems/1.8/gems/activerecord-2.3.5/lib/active_record/base.rb:2036:in `any?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:372:in `each' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:372:in `any?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:372:in `send' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:372:in `validate?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:174:in `permit!' /Library/Ruby/Gems/1.8/gems/activerecord-2.3.5/lib/active_record/base.rb:2036:in `any?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:174:in `each' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:174:in `any?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:174:in `permit!' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:184:in `permit?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/in_controller.rb:70:in `permitted_to!' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/in_controller.rb:46:in `permitted_to?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/helper.rb:32:in `permitted_to?' /Users/kevin/Development/web/osr/app/views/users/show.html.erb:8:in `_run_erb_app47views47users47show46html46erb' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/renderable.rb:34:in `send' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/renderable.rb:34:in `render' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/base.rb:306:in `with_template' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/renderable.rb:30:in `render' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/template.rb:205:in `render_template' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/base.rb:265:in `render' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/base.rb:348:in `_render_with_layout' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/base.rb:262:in `render' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:1250:in `render_for_file' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:951:in `render_without_benchmark' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/benchmarking.rb:51:in `render' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/core_ext/benchmark.rb:17:in `ms' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/core_ext/benchmark.rb:17:in `ms' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/benchmarking.rb:51:in `render' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/mime_responds.rb:135:in `send' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/mime_responds.rb:135:in `custom' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/mime_responds.rb:179:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/mime_responds.rb:179:in `respond' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/mime_responds.rb:173:in `each' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/mime_responds.rb:173:in `respond' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/mime_responds.rb:107:in `respond_to' /Users/kevin/Development/web/osr/app/controllers/users_controller.rb:37:in `show' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:1331:in `send' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:1331:in `perform_action_without_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/filters.rb:617:in `call_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/filters.rb:610:in `perform_action_without_benchmark' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/core_ext/benchmark.rb:17:in `ms' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/core_ext/benchmark.rb:17:in `ms' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/rescue.rb:160:in `perform_action_without_flash' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/flash.rb:146:in `perform_action' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:532:in `send' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:532:in `process_without_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/filters.rb:606:in `process' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:391:in `process' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:386:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/routing/route_set.rb:437:in `call' This is how my role is set up: role :user do includes :guest has_permission_on :reviews, :to => [:new, :create] has_permission_on :reviews, :to => [:edit, :update] do if_attribute :user => is { user } end has_permission_on :users, :to => [:edit, :update] do if_attribute :user => is { user } end end And this is the problem permission call <%= link_to 'Edit profile', edit_user_path(@user), :id => 'edit_profile' if permitted_to? :edit, @user %>
or cancel
I receive the following error when trying to call a show action in my users controller

Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:535:in object_attribute_value'<br/> /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:428:invalidate?' /Library/Ruby/Gems/1.8/gems/activerecord-2.3.5/lib/active_record/base.rb:2036:in all?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:427:ineach' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:427:in all?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:427:invalidate?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:374:in validate?' /Library/Ruby/Gems/1.8/gems/activerecord-2.3.5/lib/active_record/base.rb:2036:inany?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:372:in each' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:372:inany?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:372:in send' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:372:invalidate?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:174:in permit!' /Library/Ruby/Gems/1.8/gems/activerecord-2.3.5/lib/active_record/base.rb:2036:inany?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:174:in each' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:174:inany?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:174:in permit!' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:184:inpermit?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/in_controller.rb:70:in permitted_to!' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/in_controller.rb:46:inpermitted_to?' /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/helper.rb:32:in permitted_to?' /Users/kevin/Development/web/osr/app/views/users/show.html.erb:8:in_run_erb_app47views47users47show46html46erb' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/renderable.rb:34:in send' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/renderable.rb:34:inrender' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/base.rb:306:in with_template' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/renderable.rb:30:inrender' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/template.rb:205:in render_template' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/base.rb:265:inrender' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/base.rb:348:in _render_with_layout' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_view/base.rb:262:inrender' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:1250:in render_for_file' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:951:inrender_without_benchmark' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/benchmarking.rb:51:in render' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/core_ext/benchmark.rb:17:inms' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/core_ext/benchmark.rb:17:in ms' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/benchmarking.rb:51:inrender' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/mime_responds.rb:135:in send' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/mime_responds.rb:135:incustom' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/mime_responds.rb:179:in call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/mime_responds.rb:179:inrespond' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/mime_responds.rb:173:in each' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/mime_responds.rb:173:inrespond' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/mime_responds.rb:107:in respond_to' /Users/kevin/Development/web/osr/app/controllers/users_controller.rb:37:inshow' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:1331:in send' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:1331:inperform_action_without_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/filters.rb:617:in call_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/filters.rb:610:inperform_action_without_benchmark' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/benchmarking.rb:68:in perform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/core_ext/benchmark.rb:17:inms' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/core_ext/benchmark.rb:17:in ms' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/benchmarking.rb:68:inperform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/rescue.rb:160:in perform_action_without_flash' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/flash.rb:146:inperform_action' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:532:in send' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:532:inprocess_without_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/filters.rb:606:in process' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:391:inprocess' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:386:in call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/routing/route_set.rb:437:incall'

This is how my role is set up:
role :user do
```
includes :guest
has_permission_on :reviews, :to => [:new, :create]
has_permission_on :reviews, :to => [:edit, :update] do
  if_attribute :user => is { user }
end

has_permission_on :users, :to => [:edit, :update] do
  if_attribute :user => is { user }
end
```
end

And this is the problem permission call
<%= link_to 'Edit profile', edit_user_path(@user), :id => 'edit_profile' if permitted_to? :edit, @user %>
Comments
Mange Thu Dec 03 22:39:47 -0800 2009 | link
has_permission_on :users, :to => [:edit, :update] do if_attribute :user => is { user } end

Well, you are just checking if user.user == current_user to see if current_user may edit it. Since User does not have a user attribute, this does not work.
Comment
has_permission_on :users, :to => [:edit, :update] do if_attribute :user => is { user } end Well, you *are* just checking if `user.user == current_user` to see if `current_user` may edit it. Since User does not have a `user` attribute, this does not work.
or cancel
Parsed with GitHub Flavored Markdown
17.

0 votes

attribute check is done on array instead of the instances in the array
1 comment Created 26 days ago by xtreme

Title

Body
If you have a has_many :through relationship as follows: _(taken from http://github.com/stffn/decl_auth_demo_app)_ <code>**conference** <1------\*> **conference_attendees** <\*--------1> **user**</code> class Conference < ActiveRecord::Base has_many :conference_attendees has_many :attendees, :through => :conference_attendees, :source => :user If you want to give read for a conference to all users attending that conference you would type has_permission_on :conferences, :to => :read do if_attribute :attendees => contains {user} end That works fine. But what if you have a **attribute** on the **conference_attendees** model that you **need to consider** as well. Perhaps you wan't to **give read** right to **all users** attending a conference and that **have paid** _(paid beeing a boolean in the conference_attendees model)_. has_permission_on :conferences, :to => :read do if_attribute :conference_attendees => {:user => is {user}, :paid => true} end This will work when using <code>Conference.with_permissions_to(:read)</code> but will fail if <code>:attribute_check => true</code> ### To replicate this error: 1. In your **decl_auth_demo_app** change **authorization_rules.rb** line 4 from <code>if_attribute :published => true</code> to <code>if_attribute :conference_attendees => {:user => is{user}}</code> 2. Go to **/conferences** as **presenter_2** 3. You will see conference **Emerging Technologies 2009** 4. Click on the conference and you will get _"You are not allowed to access this action."_ Permission denied: Error when calling user on [#<ConferenceAttendee id: 15, user_id: 3, conference_id: 2>] for validating attribute: undefined method `user' for [#<ConferenceAttendee id: 15, user_id: 3, conference_id: 2>]:Array Filter chain halted as [:filter_access_filter] rendered_or_redirected.
or cancel
If you have a has_many :through relationship as follows:
(taken from http://github.com/stffn/decl_auth_demo_app)

conference <1------*> conference_attendees <*--------1> user
```
class Conference < ActiveRecord::Base
  has_many :conference_attendees
  has_many :attendees, :through => :conference_attendees, :source => :user
```
If you want to give read for a conference to all users attending that conference you would type
```
has_permission_on :conferences, :to => :read do
  if_attribute :attendees =>  contains {user}
end
```
That works fine. But what if you have a attribute on the conference_attendees model that you need to consider as well. Perhaps you wan't to give read right to all users attending a conference and that have paid (paid beeing a boolean in the conference_attendees model).
```
has_permission_on :conferences, :to => :read do
  if_attribute :conference_attendees =>  {:user => is {user}, :paid => true}
end
```
This will work when using Conference.with_permissions_to(:read) but will fail if :attribute_check => true

To replicate this error:
1. In your decl_auth_demo_app change authorization_rules.rb line 4 from if_attribute :published => true
  to
  if_attribute :conference_attendees => {:user => is{user}}
2. Go to /conferences as presenter_2
3. You will see conference Emerging Technologies 2009
4. Click on the conference and you will get "You are not allowed to access this action."
```
Permission denied: Error when calling user on [#<ConferenceAttendee id: 15, user_id: 3, conference_id: 2>] for validating attribute: undefined method `user' for [#<ConferenceAttendee id: 15, user_id: 3, conference_id: 2>]:Array
Filter chain halted as [:filter_access_filter] rendered_or_redirected.
```
Comments

xtreme Fri Dec 04 00:09:28 -0800 2009 | link

I now see that you have fixed this in your commit http://github.com/stffn/declarative_authorization/commit/907255af13a710b4683ee8ce86acf95977a53860.>

Comment
I now see that you have fixed this in your commit http://github.com/stffn/declarative_authorization/commit/907255af13a710b4683ee8ce86acf95977a53860.
or cancel

Parsed with GitHub Flavored Markdown
16.

0 votes

misunderstanding on rules
1 comment Created 28 days ago by alec-c4

Title

Body
Hi, i've created following rules role :guest do has_permission_on :news_articles, :to => :news_articles_view do if_attribute :status => is {'approved'} end end and privilege :news_articles_view do includes :index, :show, :tag, :category end but NewsArticle instances with other that approved status still visible :( could you tell me plz - where i'm wrong? PS: other roles/permissions works fine PPS: thanks a lot for perfect plugin :)
or cancel
Hi,
i've created following rules
```
  role :guest do   
    has_permission_on :news_articles, :to => :news_articles_view do
      if_attribute :status => is {'approved'}
    end
  end
```
and
```
  privilege :news_articles_view do
    includes :index, :show, :tag, :category 
  end
```
but NewsArticle instances with other that approved status still visible :( could you tell me plz - where i'm wrong?

PS: other roles/permissions works fine
PPS: thanks a lot for perfect plugin :)
Comments

alec-c4 Tue Dec 01 04:08:35 -0800 2009 | link

ooh, damn :( my mistake - really - its not a filter, but access control :)

Comment
ooh, damn :( my mistake - really - its not a filter, but access control :)
or cancel

Parsed with GitHub Flavored Markdown
15.

0 votes

authorization_rules/change line(35) undefined method `to_sym' for nil:NilClass
8 comments Created about 1 month ago by bublik

Title

Body
Showing /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/_change.erb where line #35 raised: undefined method `to_sym' for nil:NilClass Extracted source (around line #35): 32: </thead> 33: <tbody> 34: <% @users.each do |user| %> 35: <tr class="<%= controller.authorization_engine.permit?(@privilege, :context => @context, :user => user, :skip_attribute_test => true) ? 'permitted' : 'not-permitted' %>"> 36: <td class="user_id"><%=h user.id %></td>
or cancel
Showing /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/_change.erb where line #35 raised:

undefined method `to_sym' for nil:NilClass

Extracted source (around line #35):

32:
33:
34: <% @users.each do |user| %>
35:
36: <%=h user.id %>

Comments
zacheryph Sat Nov 28 20:49:13 -0800 2009 | link

can you print a backtrace for this please.

Comment
can you print a backtrace for this please.
or cancel

bublik Sat Nov 28 23:12:52 -0800 2009 | link

/usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/activesupport-2.3.5/lib/active_support/whiny_nil.rb:52:in method_missing' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:142:inpermit!' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:184:in permit?' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/_change.erb:35:inrun_erb_47usr47lib47ruby45enterprise45146846747lib47ruby47gems47146847gems47declarative_authorization45046447app47views47authorization_rules47_change46erb_locals_change_object' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/change.erb:34:in each' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/_change.erb:34:in_run_erb_47usr47lib47ruby45enterprise45146846747lib47ruby47gems47146847gems47declarative_authorization45046447app47views47authorization_rules47_change46erb_locals_change_object' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/actionpack-2.3.5/lib/action_view/renderable.rb:34:in send' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/actionpack-2.3.5/lib/action_view/renderable.rb:34:inrender' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/actionpack-2.3.5/lib/action_view/base.rb:306:in with_template' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/actionpack-2.3.5/lib/action_view/renderable.rb:30:inrender' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/actionpack-2.3.5/lib/action_view/renderable_partial.rb:20:in render' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/actionpack-2.3.5/lib/action_controller/benchmarking.rb:26:inbenchmark' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/activesupport-2.3.5/lib/active_support/core_ext/benchmark.rb:17:in `ms'

Comment
/usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/activesupport-2.3.5/lib/active_support/whiny_nil.rb:52:in `method_missing' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:142:in `permit!' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/lib/declarative_authorization/authorization.rb:184:in `permit?' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/_change.erb:35:in `_run_erb_47usr47lib47ruby45enterprise45146846747lib47ruby47gems47146847gems47declarative_authorization45046447app47views47authorization_rules47_change46erb_locals_change_object' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/_change.erb:34:in `each' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/_change.erb:34:in `_run_erb_47usr47lib47ruby45enterprise45146846747lib47ruby47gems47146847gems47declarative_authorization45046447app47views47authorization_rules47_change46erb_locals_change_object' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/actionpack-2.3.5/lib/action_view/renderable.rb:34:in `send' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/actionpack-2.3.5/lib/action_view/renderable.rb:34:in `render' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/actionpack-2.3.5/lib/action_view/base.rb:306:in `with_template' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/actionpack-2.3.5/lib/action_view/renderable.rb:30:in `render' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/actionpack-2.3.5/lib/action_view/renderable_partial.rb:20:in `render' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/actionpack-2.3.5/lib/action_controller/benchmarking.rb:26:in `benchmark' /usr/lib/ruby-enterprise-1.8.7/lib/ruby/gems/1.8/gems/activesupport-2.3.5/lib/active_support/core_ext/benchmark.rb:17:in `ms'
or cancel

zacheryph Sun Nov 29 18:33:38 -0800 2009 | link

do you possible have any simple instructions for reproducing this. or as easily a project to create and hub it up or gist it

Comment
do you possible have any simple instructions for reproducing this. or as easily a project to create and hub it up or gist it
or cancel
bublik Thu Dec 03 01:54:47 -0800 2009 | link
Crete users with privilegies
['admin', 'moderator', 'user'].each do |priv|

u = User.create(:login => priv, :name => "User #{priv}", :email => "#{priv}@#{APP_CONFIG['domain']}", :password => priv, :password_confirm => priv) u.activate! u.roles.create(:name => priv) end

User model
has_many :videos has_many :assignments has_many :roles, :through => :assignments

def role_symbols

(roles || []).map {|r| r.name.underscore.to_sym}

end

Next step open
http://localhost:3000/authorization_rules/change
And have error

undefined method `to_sym' for nil:NilClass
In line

My authorization rules

authorization do
role :guest do

has_permission_on [:videos, :thumbnails, :categories], :to => [:index, :show, :search, :tag] has_permission_on [:users], :to => [:create, :new, :activate] # has_permission_on :comments, :to => [:new, :create] # has_permission_on :comments, :to => [:edit, :update] do # if_attribute :user => is { user } # end

end

role :user do

includes :guest has_permission_on :videos, :to => [:edit, :update] do if_attribute :user => is { user } end

end

role :moderator do

includes :guest includes :user has_permission_on [:videos, :categories], :to => [:edit, :update]

end

role :admin do

includes :moderator has_permission_on [:authorization_rules, :authorization_usages], :to => :read has_permission_on [:videos, :categories], :to => [:new, :create, :destroy, :delete]

end

end
Comment
Crete users with privilegies ['admin', 'moderator', 'user'].each do |priv| u = User.create(:login => priv, :name => "User #{priv}", :email => "#{priv}@#{APP_CONFIG['domain']}", :password => priv, :password_confirm => priv) u.activate! u.roles.create(:name => priv) end ------------------------------ User model has_many :videos has_many :assignments has_many :roles, :through => :assignments def role_symbols (roles || []).map {|r| r.name.underscore.to_sym} end ------------------------------ Next step open http://localhost:3000/authorization_rules/change And have error undefined method `to_sym' for nil:NilClass In line <tr class="<%= controller.authorization_engine.permit?(@privilege, :context => @context, :user => user, :skip_attribute_test => true) ? 'permitted' : 'not-permitted' %>"> ------------------------------------------------ My authorization rules authorization do role :guest do has_permission_on [:videos, :thumbnails, :categories], :to => [:index, :show, :search, :tag] has_permission_on [:users], :to => [:create, :new, :activate] # has_permission_on :comments, :to => [:new, :create] # has_permission_on :comments, :to => [:edit, :update] do # if_attribute :user => is { user } # end end role :user do includes :guest has_permission_on :videos, :to => [:edit, :update] do if_attribute :user => is { user } end end role :moderator do includes :guest includes :user has_permission_on [:videos, :categories], :to => [:edit, :update] end role :admin do includes :moderator has_permission_on [:authorization_rules, :authorization_usages], :to => :read has_permission_on [:videos, :categories], :to => [:new, :create, :destroy, :delete] end end
or cancel
bublik Thu Dec 03 02:03:16 -0800 2009 | link
Back trace

/usr/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/controllers/./../lib/declarative_authorization/authorization.rb:142:in `permit!' /usr/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/controllers/./../lib/declarative_authorization/authorization.rb:184:in `permit?' /usr/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/_change.erb:35 /usr/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/_change.erb:34:in `each' /usr/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/_change.erb:34 /usr/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/change.html.erb:168 /usr/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/controllers/authorization_rules_controller.rb:47:in `change'
Comment
Back trace /usr/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/controllers/./../lib/declarative_authorization/authorization.rb:142:in `permit!' /usr/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/controllers/./../lib/declarative_authorization/authorization.rb:184:in `permit?' /usr/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/_change.erb:35 /usr/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/_change.erb:34:in `each' /usr/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/_change.erb:34 /usr/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/views/authorization_rules/change.html.erb:168 /usr/lib/ruby/gems/1.8/gems/declarative_authorization-0.4/app/controllers/authorization_rules_controller.rb:47:in `change'
or cancel
stffn Mon Dec 21 08:45:17 -0800 2009 | link

You don't seem to have any rules in your project's authorization rules. Still, this shouldn't result in an exception. I will fix that.

Comment
You don't seem to have any rules in your project's authorization rules. Still, this shouldn't result in an exception. I will fix that.
or cancel

stffn Mon Dec 21 08:55:22 -0800 2009 | link

Oh, actually, it is about not having any privilege hierarchies in the rules file.

Comment
Oh, actually, it is about not having any privilege hierarchies in the rules file.
or cancel

stffn Mon Dec 21 09:47:01 -0800 2009 | link

Fixes exception in change support for rules file without privilege hierarchy (Closed by aac2336)

Comment
Fixes exception in change support for rules file without privilege hierarchy (Closed by aac2336cdd9f6c27dbcfa4f49ad4ed5dafbcc19d)
or cancel

Parsed with GitHub Flavored Markdown
14.

0 votes

Update permissions are only checked the first time
4 comments Created about 1 month ago by rkistner

Title

Body
Update permissions are only checked on the first save. If this is the intended behavior, it should be clear in the documentation. post = Post.first post.owner_id = 2 post.save # Invalid update, exception is thrown post = Post.first post.contents = "..." post.save # Valid update, no exception thrown post.owner_id = 2 post.save # Invalid update, but no exception is thrown
or cancel
Update permissions are only checked on the first save. If this is the intended behavior, it should be clear in the documentation.
```
post = Post.first
post.owner_id = 2
post.save
# Invalid update, exception is thrown

post = Post.first
post.contents = "..."
post.save
# Valid update, no exception thrown

post.owner_id = 2
post.save
# Invalid update, but no exception is thrown
```
Comments

seivan Tue Dec 15 07:31:09 -0800 2009 | link

Why would this be an intended behavior, sounds like a serious issue.

Comment
Why would this be an intended behavior, sounds like a serious issue.
or cancel

stffn Mon Dec 21 09:39:53 -0800 2009 | link

I just tried to reproduce this behavior, but couldn't. First changing an unrelated attribute doesn't let me change the critical one. I push the reorganized tests in a second to github.

Comment
I just tried to reproduce this behavior, but couldn't. First changing an unrelated attribute doesn't let me change the critical one. I push the reorganized tests in a second to github.
or cancel

rkistner Mon Dec 21 11:50:31 -0800 2009 | link

I'll run the tests when I'm back at my office (next year probably)

Comment
I'll run the tests when I'm back at my office (next year probably)
or cancel

rkistner Mon Dec 21 12:23:37 -0800 2009 | link

It seems to be a problem with my own code then: even the validations are not run again after the first save. Still no idea what is causing it.

Comment
It seems to be a problem with my own code then: even the validations are not run again after the first save. Still no idea what is causing it.
or cancel

Parsed with GitHub Flavored Markdown
12.

1 vote

Again: Unnessecary db query in conjunction with named_scope
1 comment Created about 1 month ago by ledermann

Title

Body
With version 0.4 we have a bug like in issue #7 again: MyModel.with_permissions_to(:read).foo_scope => One query, all is fine MyModel.foo_scope.with_permissions_to(:read) => Two queries: The first for "MyModel.foo.find :all" (unnessecary), the second is the right one. If you can't reproduce this, I will try to build a failing test or something.
or cancel

With version 0.4 we have a bug like in issue #7 again:

MyModel.with_permissions_to(:read).foo_scope
=> One query, all is fine

MyModel.foo_scope.with_permissions_to(:read)
=> Two queries: The first for "MyModel.foo.find :all" (unnessecary), the second is the right one.

If you can't reproduce this, I will try to build a failing test or something.

Comments

stffn Tue Nov 17 11:09:50 -0800 2009 | link

Fixed another unnecessary query -- those AR proxies really are brittle. Closed by 4ade8a4

Comment
Fixed another unnecessary query -- those AR proxies really are brittle. Closed by 4ade8a47c889ff18411ec50b1c92b6df9e2b041d
or cancel

Parsed with GitHub Flavored Markdown
10.

0 votes

Push gem to gemcutter
1 comment Created 2 months ago by erdah

Title

Body
Please push the gem to gemcutter. It's a matter of gem push yourgem-0.0.1.gem
or cancel
Please push the gem to gemcutter. It's a matter of
```
gem push yourgem-0.0.1.gem
```
Comments

stffn Fri Nov 06 02:09:57 -0800 2009 | link

It now is at gemcutter

Comment
It now is at gemcutter
or cancel

Parsed with GitHub Flavored Markdown
9.

0 votes

Why cant use Hash as an attribute value for Array attributes?
3 comments Created 2 months ago by UVSoft

Title

Body
authorization.rb, line 412: if value.is_a?(Hash) if attr_value.is_a?(Array) raise AuthorizationUsageError, "Unable evaluate multiple attributes " + "on a collection. Cannot use '=>' operator on #{attr.inspect} " + "(#{attr_value.inspect}) for attributes #{value.inspect}." What if i want to check length of some association? has_permission_on :pages, :to => :publish do if_attribute :paragraphs => { :length => is_not { 0 } } end
or cancel
authorization.rb, line 412:
```
    if value.is_a?(Hash)
      if attr_value.is_a?(Array)
        raise AuthorizationUsageError, "Unable evaluate multiple attributes " +
          "on a collection.  Cannot use '=>' operator on #{attr.inspect} " +
          "(#{attr_value.inspect}) for attributes #{value.inspect}."
```
What if i want to check length of some association?

has_permission_on :pages, :to => :publish do

if_attribute :paragraphs => { :length => is_not { 0 } }

end
Comments

stffn Sun Oct 04 09:32:01 -0700 2009 | link

You won't be able to use with_permissions_to for that model then. If we'd allow it, the error in with_permissions_to would be hard to debug. What about :paragraphs => is_not {[]}?

Comment
You won't be able to use with_permissions_to for that model then. If we'd allow it, the error in with_permissions_to would be hard to debug. What about :paragraphs => is_not {[]}?
or cancel

UVSoft Sun Oct 04 09:35:12 -0700 2009 | link

0 was just for example...
ok, so i have to make a helper method in the model... (

Comment
0 was just for example... ok, so i have to make a helper method in the model... (
or cancel

stffn Fri Nov 06 02:11:29 -0800 2009 | link

A "won't fix"

Comment
A "won't fix"
or cancel

Parsed with GitHub Flavored Markdown
8.

0 votes

has_role? fails on guest user
1 comment Created 2 months ago by anime4christ

Title

Body
has_role? returns: Authorization::AuthorizationUsageError Exception: User object doesn't respond to roles I would imagine the desired return value to be false on guest user.
or cancel

has_role? returns: Authorization::AuthorizationUsageError Exception: User object doesn't respond to roles

I would imagine the desired return value to be false on guest user.

Comments

stffn Mon Oct 05 01:01:56 -0700 2009 | link

Fixed has_role? for guest user. Closed by c6633ad

Comment
Fixed has_role? for guest user. Closed by c6633adf5b8666812cbb279ce64eba3b7f3b095e
or cancel

Parsed with GitHub Flavored Markdown
7.

1 vote

Combining "with_permissions_to" with other named scopes causes unneeded database queries
8 comments Created 3 months ago by ledermann

Title

Body
There is a critical issue in d_a which fires up unneeded database queries. I stumbled upon the issue while profiling my own application, which makes heavy use of d_a AND uses a lot of named scopes. Some requests in my app are very slow and I discovered that there are many SQL queries in the log which are not needed. This queries are generated by d_a. Because I don't know how to fix it I will give you a detailed description to reproduce the issue based on the d_a_demo_app: 1) Install the official demo app from http://github.com/stffn/decl_auth_demo_app on your development machine 2) The demo app does not use any named scope, so add this example scope to talk.rb: named_scope :with_abstract, :conditions => "talks.abstract IS NOT NULL" 3) Start the console and type in this example query: Conference.first.talks.with_abstract.with_permissions_to(:read).find :all, :limit => 2 4) In the development.log you find this: SELECT * FROM "conferences" LIMIT 1 SELECT * FROM "talks" WHERE ("talks".conference_id = 1) AND ((talks.abstract IS NOT NULL) AND ("talks".conference_id = 1)) SELECT "talks".* FROM "talks" INNER JOIN "conferences" ON "conferences".id = "talks".conference_id WHERE ("talks".conference_id = 1) AND (((("conferences"."published" = 't')) AND (talks.abstract IS NOT NULL)) AND ("talks".conference_id = 1)) LIMIT 2 Please have a look at the second query. It is not needed at all and should not be there! So far as I see, this time consuming query is only generated if the scope "with_permissions_to" is combined with an existing named scope. You also see a second issue (duplicate condition the WHERE clause), but this is another story (not as important).
or cancel
There is a critical issue in d_a which fires up unneeded database queries. I stumbled upon the issue while profiling my own application, which makes heavy use of d_a AND uses a lot of named scopes. Some requests in my app are very slow and I discovered that there are many SQL queries in the log which are not needed. This queries are generated by d_a. Because I don't know how to fix it I will give you a detailed description to reproduce the issue based on the d_a_demo_app:

1) Install the official demo app from http://github.com/stffn/decl_auth_demo_app on your development machine

2) The demo app does not use any named scope, so add this example scope to talk.rb:
```
named_scope :with_abstract, :conditions => "talks.abstract IS NOT NULL"
```
3) Start the console and type in this example query:
```
Conference.first.talks.with_abstract.with_permissions_to(:read).find :all, :limit => 2
```
4) In the development.log you find this:
```
SELECT * FROM "conferences" LIMIT 1
SELECT * FROM "talks" WHERE ("talks".conference_id = 1) AND ((talks.abstract IS NOT NULL) AND ("talks".conference_id = 1)) 
SELECT "talks".* FROM "talks" INNER JOIN "conferences" ON "conferences".id = "talks".conference_id WHERE ("talks".conference_id = 1) AND (((("conferences"."published" = 't')) AND (talks.abstract IS NOT NULL)) AND ("talks".conference_id = 1)) LIMIT 2
```
Please have a look at the second query. It is not needed at all and should not be there! So far as I see, this time consuming query is only generated if the scope "with_permissions_to" is combined with an existing named scope.

You also see a second issue (duplicate condition the WHERE clause), but this is another story (not as important).
Comments
stffn Sun Sep 13 05:43:58 -0700 2009 | link

Let's start with the second issue: as long as there is no measurement showing any performance issues with the duplicate conditions, I believe in the DBM's query optimizer to handle them.

Comment
Let's start with the second issue: as long as there is no measurement showing any performance issues with the duplicate conditions, I believe in the DBM's query optimizer to handle them.
or cancel

stffn Sun Sep 13 09:31:04 -0700 2009 | link

Fixed by e90082c

Comment
Fixed by e90082c655d51d785bb01a3f6262755df824bb95
or cancel

ledermann Sun Sep 13 11:12:20 -0700 2009 | link

To the second issue: Full agree.

But to the main issue: It seems to me that your commit does not fix the bug. Do you have tested it with my description above? I have checked it with your commit and the bug still occurs for me.
Sorry for not providing a failing test, I don't know how to build it in this case.

Comment
To the second issue: Full agree. But to the main issue: It seems to me that your commit does not fix the bug. Do you have tested it with my description above? I have checked it with your commit and the bug still occurs for me. Sorry for not providing a failing test, I don't know how to build it in this case.
or cancel

ledermann Sun Sep 13 23:33:27 -0700 2009 | link

One more hint: I found that the bug was introduced by 824b11b

Comment
One more hint: I found that the bug was introduced by 824b11bb80ead238e8991d46f169e06567f2adb7
or cancel

stffn Mon Sep 14 00:19:35 -0700 2009 | link

I tested as you described and could reproduce it before e90082c, but it works for me now. If there is a similar bug because of 824b11b, it isn't reproduced in your described test.

Comment
I tested as you described and could reproduce it before e90082c, but it works for me now. If there is a similar bug because of 824b11b, it isn't reproduced in your described test.
or cancel
ledermann Mon Sep 14 00:57:49 -0700 2009 | link
Strange. Did you notice that the submodule in the current d_a_demo is not up to date? Here a detailed bash script to reproduce the bug (based on my description above):

git clone git://github.com/stffn/decl_auth_demo_app.git cd decl_auth_demo_app/ cp config/database.yml.example config/database.yml cp db/development.sqlite3.example db/development.sqlite3 git submodule init git submodule update cd vendor/plugins/declarative_authorization/ git checkout master cd - script/console Talk.named_scope :with_abstract, :conditions => "talks.abstract IS NOT NULL" Conference.first.talks.with_abstract.with_permissions_to(:read).find :all, :limit => 2 exit cat log/development.log

Just run this script on your local (OS X) machine and you will see the unnecessary query:

SELECT * FROM "talks" WHERE ("talks".conference_id = 1)

Hope this helps.
Comment
Strange. Did you notice that the submodule in the current d_a_demo is not up to date? Here a detailed bash script to reproduce the bug (based on my description above): git clone git://github.com/stffn/decl_auth_demo_app.git cd decl_auth_demo_app/ cp config/database.yml.example config/database.yml cp db/development.sqlite3.example db/development.sqlite3 git submodule init git submodule update cd vendor/plugins/declarative_authorization/ git checkout master cd - script/console Talk.named_scope :with_abstract, :conditions => "talks.abstract IS NOT NULL" Conference.first.talks.with_abstract.with_permissions_to(:read).find :all, :limit => 2 exit cat log/development.log Just run this script on your local (OS X) machine and you will see the unnecessary query: SELECT * FROM "talks" WHERE ("talks".conference_id = 1) Hope this helps.
or cancel
ledermann Mon Sep 14 03:38:47 -0700 2009 | link

Now this example is fixed by 99021e4. Thank you very much! But sadly I'm still having issues (since 824b11b) with unnecessary queries in my own app causing serious performance problems. I will try to extract them...

Comment
Now this example is fixed by 99021e4ee06eac55daf745e37277674485cf471d. Thank you very much! But sadly I'm still having issues (since 824b11bb80ead238e8991d46f169e06567f2adb7) with unnecessary queries in my own app causing serious performance problems. I will try to extract them...
or cancel

ledermann Tue Sep 15 07:04:24 -0700 2009 | link

Fixed by bcfbbce. Now there are no more unnecessary queries. Thanks!

Comment
Fixed by bcfbbce9828d68297b90a342c535b6bc0c20e80a. Now there are no more unnecessary queries. Thanks!
or cancel

Parsed with GitHub Flavored Markdown
6.

0 votes

undefined local variable 'logger'
1 comment Created 4 months ago by UVSoft

Title

Body
The line in_controller.rb:559 should be: contr.logger.debug... instead of: logger.debug...
or cancel

The line in_controller.rb:559 should be:

contr.logger.debug...

instead of:

logger.debug...

Comments

stffn Thu Aug 27 00:54:20 -0700 2009 | link

Fixed error on debug logging (Closed by 3dcf083)

Comment
Fixed error on debug logging (Closed by 3dcf0833865e6cd22d2aaebd569a6d548ee5149d)
or cancel

Parsed with GitHub Flavored Markdown
5.

0 votes

Do not raise AuthorizationUsageError when object does not have required attribute
10 comments Created 4 months ago by UVSoft

Title

Body
object_attribute_value raises AuthorizationUsageError exception when the send method fails with NoMethodError. It would be better if in this case the method returned just nil flunking the rule. In my application I have polymorphic association: Paragraph belongs_to(:owner, :polymorphic => true), [ ManPage, WomanPage ] has_many(:paragraphs, :as => :owner). Owners have different attributes. Rules look like this: has_permissions_on :paragraphs, :to => :manage do if_attribute :owner => { :man => is { user } } if_attribute :owner => { :woman => is { user } } end So WomanPage does not have :man, and we get NoMethodError.
or cancel

object_attribute_value raises AuthorizationUsageError exception when the send method fails with NoMethodError. It would be better if in this case the method returned just nil flunking the rule. In my application I have polymorphic association: Paragraph belongs_to(:owner, :polymorphic => true), [ ManPage, WomanPage ] has_many(:paragraphs, :as => :owner). Owners have different attributes. Rules look like this:

has_permissions_on :paragraphs, :to => :manage do

if_attribute :owner => { :man => is { user } }

if_attribute :owner => { :woman => is { user } }

end

So WomanPage does not have :man, and we get NoMethodError.

Comments

stffn Mon Aug 24 00:21:51 -0700 2009 | link

The most common case still is a typo. That is why there currently is this fail-fast approach to raise. That's why I'd consider a flag on has_permission_on to allow missing attributes.

For your specific case: is there a reason not to just have man/woman methods returning nil on the other class?

Comment
The most common case still is a typo. That is why there currently is this fail-fast approach to raise. That's why I'd consider a flag on has_permission_on to allow missing attributes. For your specific case: is there a reason not to just have man/woman methods returning nil on the other class?
or cancel

UVSoft Mon Aug 24 00:36:18 -0700 2009 | link

yes, there is a reason, it's just a simplified example, in my app those classes have a lot of different attrifutes, and there are many classes and many polymorphic association, and defining a lot of fake attributes is not the way to go for me, please add this [allow missing attributes] option, it'll be very useful! thanks! now i just patch the plugin myself returning nil from object_attribute_value...

Comment
yes, there is a reason, it's just a simplified example, in my app those classes have a lot of different attrifutes, and there are many classes and many polymorphic association, and defining a lot of fake attributes is not the way to go for me, please add this [allow missing attributes] option, it'll be very useful! thanks! now i just patch the plugin myself returning nil from object_attribute_value...
or cancel

UVSoft Mon Aug 24 06:02:51 -0700 2009 | link

By the way, what is the common case? What idea is behind this exception raising?

Comment
By the way, what is the common case? What idea is behind this exception raising?
or cancel

UVSoft Mon Aug 24 06:11:14 -0700 2009 | link

There is another solution. According to the documentation conditions in if_attributes are ORed, but they can't be ordered, so when the first one is false, the rest are still been checked. But if we could order them, it wouldn't happen. Some thing like this:

if_attribute [ { :owner_type => 'Man' }, { :owner => { :man => is { user } } } ]

if_attribute [ { :owner_type => 'Woman' }, { :owner => { :woman => is { user } } } ]

What do you think?

Comment
There is another solution. According to the documentation conditions in if_attributes are ORed, but they can't be ordered, so when the first one is false, the rest are still been checked. But if we could order them, it wouldn't happen. Some thing like this: if_attribute [ { :owner_type => 'Man' }, { :owner => { :man => is { user } } } ] if_attribute [ { :owner_type => 'Woman' }, { :owner => { :woman => is { user } } } ] What do you think?
or cancel

stffn Mon Aug 24 07:01:00 -0700 2009 | link

The common case is that all attributes are known beforehand. Any non-existant attribute thus is a typo which should lead to a failure as soon as possible (fail-fast).

Comment
The common case is that all attributes are known beforehand. Any non-existant attribute thus is a typo which should lead to a failure as soon as possible (fail-fast).
or cancel

UVSoft Mon Aug 24 07:02:53 -0700 2009 | link

So how about ordering? Please implement this feature and additional option to has_permissions_on =) Thanks!

Comment
So how about ordering? Please implement this feature and additional option to has_permissions_on =) Thanks!
or cancel

stffn Mon Aug 24 07:07:58 -0700 2009 | link

This really is an edge case. I think the best approach would be an application-wide switch, e.g. setting Authorization.raise_on_missing_attribute = false. If you provide such a patch, I'm happy to include it.

Comment
This really is an edge case. I think the best approach would be an application-wide switch, e.g. setting Authorization.raise_on_missing_attribute = false. If you provide such a patch, I'm happy to include it.
or cancel

UVSoft Mon Aug 24 16:27:29 -0700 2009 | link

Mmm.... and what about

has_permissions_on :paragraphs, :to => :manage, :join_by => :and do

if_attribute :owner_type => 'Man'

if_attribute :owner => { :man => is { user } }

end

has_permission_on :paragraphs, :to => :manage, :join_by => :and do

if_attribute :owner_type => 'Woman'

if_attribute :owner => { :woman => is { user } }

end

?

Comment
Mmm.... and what about has_permissions_on :paragraphs, :to => :manage, :join_by => :and do if_attribute :owner_type => 'Man' if_attribute :owner => { :man => is { user } } end has_permission_on :paragraphs, :to => :manage, :join_by => :and do if_attribute :owner_type => 'Woman' if_attribute :owner => { :woman => is { user } } end ?
or cancel

stffn Mon Aug 24 23:48:15 -0700 2009 | link

That might work. The if_attribute statements are held in an array and checked in order. Please test it.

Comment
That might work. The if_attribute statements are held in an array and checked in order. Please test it.
or cancel

UVSoft Tue Aug 25 00:27:50 -0700 2009 | link

yes, that works =)

Comment
yes, that works =)
or cancel

Parsed with GitHub Flavored Markdown
4.

0 votes

bug in lib/declarative_authorization/in_model.rb
1 comment Created 4 months ago by bdn

Title

Body
missing parameter _&block_ in method permitted_to?
or cancel

missing parameter &block in method permitted_to?

Comments

stffn Thu Aug 13 02:24:17 -0700 2009 | link

Fix for model permitted_to? (Closed by fa5f746)

Comment
Fix for model permitted_to? (Closed by fa5f746918a59341ede994935af6c663b0c5f563)
or cancel

Parsed with GitHub Flavored Markdown
3.

0 votes

Support for controller namespaces
1 comment Created 5 months ago by ramn

Title

Body
As described in this thread in the google group: http://groups.google.com/group/declarative_authorization/browse_thread/thread/2029d99b9d7df2cb#
or cancel

As described in this thread in the google group:
http://groups.google.com/group/declarative_authorization/browse_thread/thread/2029d99b9d7df2cb#

Comments

stffn Tue Nov 17 11:11:21 -0800 2009 | link

Closed by 2894d0a

Comment
Closed by 2894d0a5ad22bf39f3403fdc4347bdef5f545652
or cancel

Parsed with GitHub Flavored Markdown
2.

0 votes

Authorization::Maintenance::without_access_control can not be nested
2 comments Created 6 months ago by ledermann

Title

Body
It's not possible to do nesting like this: <pre> Authorization::Maintenance::without_access_control do do_something Authorization::Maintenance::without_access_control do do_something end do_something # => here the access control takes place again! end </pre>
or cancel
It's not possible to do nesting like this:
```
Authorization::Maintenance::without_access_control do
  do_something
  Authorization::Maintenance::without_access_control do
    do_something
  end
  do_something # => here the access control takes place again!
end
```
Comments

stffn Mon Jul 20 04:55:03 -0700 2009 | link

Fixed.

Comment
Fixed.
or cancel

ledermann Mon Jul 20 06:40:35 -0700 2009 | link

The fix works fine, thank you!

Comment
The fix works fine, thank you!
or cancel

Parsed with GitHub Flavored Markdown