declarative_authorization和/ authorization_rules访问问题

Question

我已配置为使用authlogic和declarative_authorization并配置authorization_rules.rb。一切都很好，但试图访问本地主机/ authorization_rules我看到“你不能访问这个动作。”我已经添加

has_permission_on :authorization_rules, :to => [:index, :show] 

，但什么都没有改变:(在日志中我看到

Processing AuthorizationRulesController#index (for 127.0.0.1 at 2010-05-08 14:00:01) [GET] 
    Parameters: {"action"=>"index", "controller"=>"authorization_rules"} 
    User Load (1.0ms) SELECT * FROM "users" WHERE ("users"."id" = 1) LIMIT 1 
    SQL (1.8ms) BEGIN 
    User Update (0.6ms) UPDATE "users" SET "updated_at" = '2010-05-08 10:00:01.443532', "perishable_token" = E'Narj4gmDdGiCuna9p_ht', "last_request_at" = '2010-05-08 10:00:01.440280' WHERE "id" = 1 
    SQL (1.4ms) COMMIT 
    Role Load (1.3ms) SELECT "roles".* FROM "roles" INNER JOIN "assignments" ON "roles".id = "assignments".role_id WHERE (("assignments".user_id = 1)) 
Permission denied: No matching rules found for read for #<User id: 1, login: "alec", email: "alec@alec-c4.com", crypted_password: "cb0af876f2ae63f40b82eb7b8eb24e1f739a3d80e6afd4e9e36...", password_salt: "SBdGRsh5roMoaYOANkHN", persistence_token: "e356eb5d39c032ca3088f2fe9868941f70c396a7ed7eb082028...", single_access_token: "nABARs1vURbXmp1Yuc6e", perishable_token: "Narj4gmDdGiCuna9p_ht", confirmed: true, active: true, activation_code: nil, activated_at: "2010-03-07 20:51:46", login_count: 9, failed_login_count: 0, last_request_at: "2010-05-08 10:00:01", current_login_at: "2010-04-09 18:38:24", last_login_at: "2010-04-06 20:03:25", current_login_ip: "127.0.0.1", last_login_ip: "127.0.0.1", friends_count: 0, created_at: "2010-03-07 20:51:20", updated_at: "2010-05-08 10:00:01"> (roles [:admin, :super_moderator, :news_moderator, :news_maker], privileges [:read], context :authorization_rules). 
Filter chain halted as [:filter_access_filter] rendered_or_redirected. 

什么想法？

Answer 1

我同时使用authlogic和declarative_authorization在我的应用程序，它为我工作得很好。

在配置/ authorization_rules.rb我：

authorization do 
    role :guest do 
    has_permission_on :roles, :to => :read 
    has_permission_on :permissions, :to => :read # assignments in your case. 
    end 

    role :user do 
    includes :guest 
    end 

    role :admin do 
    has_permission_on :authorization_rules, :to => :read 
    has_permission_on :authorization_usages, :to => :read  
    end 
end 

privileges do 
    privilege :manage, :includes => [:create, :read, :update, :delete] 
    privilege :read, :includes => [:index, :show] 
    privilege :create, :includes => :new 
    privilege :update, :includes => :edit 
    privilege :delete, :includes => :destroy 
end 

因为我的帐户有：用户和：管理员角色。我的模型是：

class Role < ActiveRecord::Base 
    using_access_control 

    attr_accessible :name 

    has_many :permissions, :dependent => :destroy 
    has_many :users, :through => :permissions, :uniq => true 
end 

class Permission < ActiveRecord::Base 
    using_access_control 

    attr_accessible :role_id, :user_id 

    belongs_to :user 
    belongs_to :role 
end 

class User < ActiveRecord::Base 
    has_many :permissions, :dependent => :destroy 
    has_many :roles, :through => :permissions 

    acts_as_authentic 

    def role_symbols 
    @role_symbols ||= (roles || []).map {|r| r.name.underscore.to_sym} 
    end 
end 

如果你正确配置declarative_authorization，你应该在你的用户模型（或您authlogic使用任何型号）role_symbols方法（顺便说一句没有必要完全一样，在上面的例子） ：

最后我的路线是：

suggest_change_authorization_rules GET /authorization_rules/suggest_change(.:format) {:controller=>"authorization_rules", :action=>"suggest_change"} 
     change_authorization_rules GET /authorization_rules/change(.:format)   {:controller=>"authorization_rules", :action=>"change"} 
     graph_authorization_rules GET /authorization_rules/graph(.:format)    {:controller=>"authorization_rules", :action=>"graph"} 
       authorization_rules GET /authorization_rules(.:format)     {:controller=>"authorization_rules", :action=>"index"} 
       authorization_usages GET /authorization_usages(.:format)     {:controller=>"authorization_usages", :action=>"index"} 

而且你应该安装ruby_parser宝石。

也许它可以帮助你。

P.S：Веселописатьпо-английски，сидявМоскве，человеку，которыйтоженаходитсявМоскве:)