model.permitted_to? does not extend :manage privilege

Question

model.permitted_to? does not extend :manage privilege

anga opened this issue 12 years ago · 3 comments

Hi,

Env:
ruby 1.9.3p374 (2013-01-15 revision 38858) [x86_64-linux]
Rails 3.2.8
declarative_authorization (0.5.6)

has_permission_on [:projects, ....], to: :manage do
  if_attribute company: is_in {user.own_companies} 
end

has_permission_on :notes, to: :create do
  # Agregar notas dentro de un proyecto
  if_permitted_to :read, :notable
end

privileges do

  privilege :manage, :includes => [:index, :show, :new, :update, :destroy]
  privilege :read, :includes => [:index, :show]
  privilege :create, :includes => :new
  privilege :update, :includes => :update
  privilege :delete, :includes => :destroy
end

When I do:

note =  Note.new {notable: Project.first, ...}
note.permitted_to? :create # returns false

But if I change the permission to :projects

has_permission_on [:projects, ....], to: [:manage, :read] do
  if_attribute company: is_in {user.own_companies} 
end

rails c

note =  Note.new {notable: Project.first, ...}
note.permitted_to? :create # returns false

This is a normal behavior? Sorry if it a normal behavior, but I think should extend :manage privilege actions.

Answer 1 · 2013-02-17T15:39:32.000Z

Yes, manage should include :create in the default privilege configuration. But it seems as if you changed the default here as :manage does not include :create anymore in the privileges section. Is this the problem?

Answer 2 · 2013-02-20T21:13:02.000Z

Sory by the delay.

Yes, that the problem.

Answer 3 · 2013-02-20T21:16:57.000Z

Sorry, my last 2 lines of code was bad in this example, I wrote:

note =  Note.new {notable: Project.first, ...}
note.permitted_to? :create # returns false

and should be:

note =  Note.new {notable: Project.first, ...}
note.permitted_to? :create # returns true

I means, when you change :manage to [:manage, :read] in projects, the note.permitted_to? :create return true