Skip to content

Loading…

is_editor? false for admins, therefore redirect #2

Open
Dahie opened this Issue · 0 comments

1 participant

@Dahie

Hello

I hope this issues isn't attributed to my lack of sleep. :)
I just installed regulate in a Rails project of mine, I setup the AbstractAuth-Config in the regulate-initializer as described in the documentation. I get the routes in the rake:routes command, so everything is fine so far.
However, when I visit /cms/admin/pages/ I get redirected to the root_path

I did a bit of searching in the source code and my suspect is the is_editor? before_filter in the Regulate::Admin::PagesController
The before_filters are currently (commit d88dfeb) defined as:

before_filter :is_authenticated?
before_filter :is_admin?, :only => [:new, :create, :destroy]
before_filter :is_editor?, :not => [:new, :create, :destroy]
before_filter :load_page, :only => [:edit,:update,:destroy]    

/cms/admin/pages points to Regulate::Admin::PagesController#index which has the before_filter is_editor?

Now, is_editor is defined as:

def is_editor?
  redirect_to root_path if !@is_editor
end

The assumption is, if the user can be an admin or an editor. An admin is not inheritly an editor.
So in my case, my user returns is_admin? == true but is_editor? == false and he get's no access

Long story short, I want to question, whether this is intentional and if it makes sense? The common assumption is that an editor is a subset of admin and so if an editor has access rights, os has the admin.

Edit: After some sleep and some more thoughts, I changed my AbstractAuth.is_editor? implementation to return true also for admins. Guess this would have spared me the trobles and long post before.
Guess this can be closed, my only suggestion could be to add this more obvious hint in the initializer:

# AbstractAuth.implement :is_editor do
#  current_user.is_editor?
#  or 
#  current_user.is_editor? || current_user.is_admin?
# end

Can this behaviour be changed in the next version?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.