search

inossidabile / protector

Comfortable (seriously) white-list security restrictions for models on a field level
MIT License
270 stars 31 forks source link

model inheritance issue #45

Closed anazar closed 10 years ago

anazar commented 10 years ago

Inheriting from a model should keep the model permissions.

class Note < ActiveRecord::Base
   include Permissions::Note
end

note = Note.restrict!(current_user).find 1

{
                     :id => 19315,
               :claim_id => 7144,
                :comment => "blah.",
             :permission => "public",
              :record_id => nil,
            :record_type => nil,
             :creator_id => 53,
             :updater_id => 53,
             :deleted_at => nil,
             :created_at => 2014-04-18 15:02:37 -0500,
             :updated_at => 2014-04-18 15:02:37 -0500,
               :alert_at => nil,
    :alert_repeat_number => nil,
      :alert_repeat_type => nil,
       :alert_deleted_at => nil,
                   :type => "user",
         :alert_disabled => false
}

class ClientNote < Note
end

client_note = ClientNote.restrict!(current_user).find 1

{
                     :id => 19315,
               :claim_id => nil,
                :comment => nil,
             :permission => nil,
              :record_id => nil,
            :record_type => nil,
             :creator_id => nil,
             :updater_id => nil,
             :deleted_at => nil,
             :created_at => nil,
             :updated_at => nil,
               :alert_at => nil,
    :alert_repeat_number => nil,
      :alert_repeat_type => nil,
       :alert_deleted_at => nil,
                   :type => nil,
         :alert_disabled => nil
}

ClientNote is not applying the note permissions and all the values are nil.

anazar commented 10 years ago

Including permissions into ClientNote also doesn't work...

The only way to get it to work is to remove permissions from Note and just have them in ClientNote.

This is the only way it works:

class Note < ActiveRecord::Base
end

class ClientNote < ActiveRecord::Base
   include Permissions::Note
end
anazar commented 10 years ago

@inossidabile - any chance to look into this?

inossidabile commented 10 years ago

Certainly. Just need a little bit more free time. Will try to do that today or tomorrow.

anazar commented 10 years ago

thanks @inossidabile -- let me know if you need any more feedback.

cj commented 10 years ago

I just ran into this issue myself. Any luck on figuring it out?

anazar commented 10 years ago

:thumbsup: Thanks so much for this. Works great!