1

I have a little problem with declarative-authorization. I have a User and Role Model with a has_and_belongs_to_many association.

I've created a Role named :moderator in my authorization_rules.rb

Is it possible that a User with the Role Moderator only gets the Users that have the Moderator Role assigned to it?? --> User.with_permissions_to(:index)

I thought it would be possible like that:

role :moderator do
  has_permission_on :users, :to => :index do
    if_attribute :roles => contains { ????? }
  end
end

I also created a named_scope in my User Model because I thought it would help...

class User
  has_and_belongs_to_many :roles
  named_scope :by_role, lambda { |role|
    {
      :include => :roles,
      :conditions => {"roles.name" => role}
    }
  }
end

Does anyone knows if it's possible to do this with declarative_authorization?

Thanks for your help!

Michael Balsiger
  • 13
  • 3

1 Answers1

0

I did something similar in one of my projects but found dec_auth really confusing at the time. I think this is what you need to do:

authorization_rules.rb:

role :moderator do
  has_permission_on :users, :to => :index
end

User Model:

class User < ActiveRecord::Base
  using_access_control
end

Controller:

@users = User.with_permissions_to(:index)

Let me know if that doesn't work.

mikewilliamson
  • 24,303
  • 17
  • 59
  • 90
  • thanks for your reply! First of all I totally forgot to add "using_access_control" in my User Model... I also forgot to tell you that I'm using a admin namespace in my UsersController... I had to add a new permission to my authorization_rules called users... It's working now but -- is it possible to use namespaces in a Model?!?... I think I have to learn a bit more about this language ^^ – Michael Balsiger Feb 16 '11 at 18:09
  • I haven't played with namespaces yet, but I would take a look at this: http://stackoverflow.com/questions/3079035/declarative-authorization-and-namespaces – mikewilliamson Feb 16 '11 at 19:38