开发者

Help with rails declarative_authorization

开发者 https://www.devze.com 2023-02-19 01:29 出处:网络
I cant get this rule to be enforced at all... it allows anyone to get to this action. Here\'s my rule

I cant get this rule to be enforced at all... it allows anyone to get to this action.

Here's my rule

role :student do
    has_permission_on :relationships do 
      to :index
      if_attribute :student_id=> is {user.student.id}
    end
  end

Heres my controller action

class RelationshipsController < ApplicationController

filter_resource_access :nested_in => :students

 def index
   @guardians = @student.guardians  
  end

I know I have it set up correctly cause this rule is wor开发者_运维知识库king fine

has_permission_on :students do 
      to :show
      if_attribute :id => is {user.student.id}
    end

Where is the error in my rule definition?

Please Help


It's hard to test, but try this:

if_attribute :id=> is {user.student.id}
0

精彩评论

暂无评论...
验证码 换一张
取 消