I hope this issues isn't attributed to my lack of sleep. :)
I just installed regulate in a Rails project of mine, I setup the AbstractAuth-Config in the regulate-initializer as described in the documentation. I get the routes in the rake:routes command, so everything is fine so far.
However, when I visit /cms/admin/pages/ I get redirected to the root_path
I did a bit of searching in the source code and my suspect is the is_editor? before_filter in the Regulate::Admin::PagesController
The before_filters are currently (commit d88dfeb) defined as:
before_filter :is_admin?, :only => [:new, :create, :destroy]
before_filter :is_editor?, :not => [:new, :create, :destroy]
before_filter :load_page, :only => [:edit,:update,:destroy]
/cms/admin/pages points to Regulate::Admin::PagesController#index which has the before_filter is_editor?
Now, is_editor is defined as:
redirect_to root_path if !@is_editor
The assumption is, if the user can be an admin or an editor. An admin is not inheritly an editor.
So in my case, my user returns is_admin? == true but is_editor? == false and he get's no access
Long story short, I want to question, whether this is intentional and if it makes sense? The common assumption is that an editor is a subset of admin and so if an editor has access rights, os has the admin.
Edit: After some sleep and some more thoughts, I changed my AbstractAuth.is_editor? implementation to return true also for admins. Guess this would have spared me the trobles and long post before.
Guess this can be closed, my only suggestion could be to add this more obvious hint in the initializer:
# AbstractAuth.implement :is_editor do
# current_user.is_editor? || current_user.is_admin?
Can this behaviour be changed in the next version?