declarative_authorization和/authorization_rules访问问题

Question

我已经配置为使用authlogic和declarative_authorization，并配置了authorization_rules.rb。一切都很好，但在访问localhost/authorization_rules时，我看到“您不允许访问此操作”。我增加了

has_permission_on :authorization_rules, :to => [:index, :show]

但是没有什么改变:(在日志中我看到了

Processing AuthorizationRulesController#index (for 127.0.0.1 at 2010-05-08 14:00:01) [GET]
  Parameters: {"action"=>"index", "controller"=>"authorization_rules"}
  User Load (1.0ms)   SELECT * FROM "users" WHERE ("users"."id" = 1) LIMIT 1
  SQL (1.8ms)   BEGIN
  User Update (0.6ms)   UPDATE "users" SET "updated_at" = '2010-05-08 10:00:01.443532', "perishable_token" = E'Narj4gmDdGiCuna9p_ht', "last_request_at" = '2010-05-08 10:00:01.440280' WHERE "id" = 1
  SQL (1.4ms)   COMMIT
  Role Load (1.3ms)   SELECT "roles".* FROM "roles" INNER JOIN "assignments" ON "roles".id = "assignments".role_id WHERE (("assignments".user_id = 1)) 
Permission denied: No matching rules found for read for #<User id: 1, login: "alec", email: "alec@alec-c4.com", crypted_password: "cb0af876f2ae63f40b82eb7b8eb24e1f739a3d80e6afd4e9e36...", password_salt: "SBdGRsh5roMoaYOANkHN", persistence_token: "e356eb5d39c032ca3088f2fe9868941f70c396a7ed7eb082028...", single_access_token: "nABARs1vURbXmp1Yuc6e", perishable_token: "Narj4gmDdGiCuna9p_ht", confirmed: true, active: true, activation_code: nil, activated_at: "2010-03-07 20:51:46", login_count: 9, failed_login_count: 0, last_request_at: "2010-05-08 10:00:01", current_login_at: "2010-04-09 18:38:24", last_login_at: "2010-04-06 20:03:25", current_login_ip: "127.0.0.1", last_login_ip: "127.0.0.1", friends_count: 0, created_at: "2010-03-07 20:51:20", updated_at: "2010-05-08 10:00:01"> (roles [:admin, :super_moderator, :news_moderator, :news_maker], privileges [:read], context :authorization_rules).
Filter chain halted as [:filter_access_filter] rendered_or_redirected.

知道吗？

Answer 1

我在我的应用程序中同时使用了authlogic和declarative_authorization，它对我来说很好。

在config/authorization_have. In中，我有：

authorization do
  role :guest do
    has_permission_on :roles, :to => :read
    has_permission_on :permissions, :to => :read # assignments in your case.
  end

  role :user do
    includes :guest
  end

  role :admin do
    has_permission_on :authorization_rules, :to => :read
    has_permission_on :authorization_usages, :to => :read    
  end
end

privileges do
  privilege :manage, :includes => [:create, :read, :update, :delete]
  privilege :read, :includes => [:index, :show]
  privilege :create, :includes => :new
  privilege :update, :includes => :edit
  privilege :delete, :includes => :destroy
end

当然，我的帐户有:user和:admin角色。我的模特是：

class Role < ActiveRecord::Base
  using_access_control

  attr_accessible :name

  has_many :permissions, :dependent => :destroy
  has_many :users, :through => :permissions, :uniq => true  
end

class Permission < ActiveRecord::Base
  using_access_control

  attr_accessible :role_id, :user_id

  belongs_to :user
  belongs_to :role
end

class User < ActiveRecord::Base
  has_many :permissions, :dependent => :destroy
  has_many :roles, :through => :permissions

  acts_as_authentic

  def role_symbols
    @role_symbols ||= (roles || []).map {|r| r.name.underscore.to_sym}
  end
end

如果您正确地配置了declarative_authorization，那么您的用户模型(或您在创作逻辑中使用的任何模型)中都应该有role_symbols方法(顺便说一句，不一定与上面的示例完全相同)：

最后，我的路线是：

suggest_change_authorization_rules GET    /authorization_rules/suggest_change(.:format)    {:controller=>"authorization_rules", :action=>"suggest_change"}
        change_authorization_rules GET    /authorization_rules/change(.:format)            {:controller=>"authorization_rules", :action=>"change"}
         graph_authorization_rules GET    /authorization_rules/graph(.:format)             {:controller=>"authorization_rules", :action=>"graph"}
               authorization_rules GET    /authorization_rules(.:format)                   {:controller=>"authorization_rules", :action=>"index"}
              authorization_usages GET    /authorization_usages(.:format)                  {:controller=>"authorization_usages", :action=>"index"}

您应该安装ruby_parser gem。

也许这对你有帮助。

p.s:Веселописатьпо-английски，сидявМоскве，человеку，которыйтоженаходитсявМоскве:)