search

inossidabile / protector

Comfortable (seriously) white-list security restrictions for models on a field level
MIT License
270 stars 31 forks source link

Model.find does not work with sqlite3 #29

Closed inossidabile closed 10 years ago

inossidabile commented 10 years ago

Imported from inossidabile/protector-cancan#4

the following is raising an error:

  User.restrict!(User.all.first).find(1)
SQLite3::RangeException: bind or column index out of range: SELECT "users".* FROM "users" WHERE "users"."id" = 1 LIMIT 1

Reproduce: adding in to the Gemfile

gem 'protector', github: 'inossidabile/protector'
rails g scaffold User name:string admin:boolean

and adding two users one with admin one without admin

class User < ActiveRecord::Base

protect do |user|
  if user.admin?
    can :read
  else
    scope {where(id: user.id)}
    can :read
  end
end

end

Workaround

  @user = User.restrict!(User.all.first).find_by(id: params[:id])

or using non restricted version

  @user = User.find(params[:id])
inossidabile commented 10 years ago

cc @toxix

toxix commented 10 years ago

thx, for your fast fix. now it works as expected. :)