search

mdarby / restful_acl

Rails gem/plugin that provides contextual access control to RESTful resources.
http://matt-darby.com/search?term=restful_acl
MIT License
117 stars 14 forks source link

allowed? helper throwing error #3

Closed crtr0 closed 14 years ago

crtr0 commented 14 years ago

When I try to use the allowed? helper in my show.html.erb file, I get this error:

uninitialized constant Edit

The url being protected is a nested resource edit url = /seasons/1/edit

I am using the 3.0.0 gem, and Rails 2.3.4

mdarby commented 14 years ago

Can you please post the code? Also, by the URL it looks as though you're trying to edit a non-nested resource (or at least a parent resource).

crtr0 commented 14 years ago

You're right, the edit isn't nested (new and index are).

Here's the code in my view:

<%= allowed? { link_to 'Edit', edit_season_path(@season) } %>

...where edit_season_path(@season) resolves to /seasons/:id/edit

mdarby commented 14 years ago

Odd... everything seems alright... Can you post the stack trace?

crtr0 commented 14 years ago

uninitialized constant Edit

Extracted source (around line #5):

2:

<%= @season.description %>

3: <%= link_to 'Register', new_profile_users_path(:season_id => @season) %> 4: <%#= link_to 'Edit', edit_season_path(@season) %> 5: <%= allowed? { link_to 'Edit', edit_season_path(@season) } %> 6: <%= link_to 'Back', seasons_path %>

RAILS_ROOT: C:/Users/carter/Code/commish_dev Application Trace | Framework Trace | Full Trace

c:/ruby/lib/ruby/gems/1.8/gems/activesupport-2.3.4/lib/active_support/dependencies.rb:443:in load_missing_constant' c:/ruby/lib/ruby/gems/1.8/gems/activesupport-2.3.4/lib/active_support/dependencies.rb:80:inconst_missing' c:/ruby/lib/ruby/gems/1.8/gems/activesupport-2.3.4/lib/active_support/dependencies.rb:92:in const_missing' c:/ruby/lib/ruby/gems/1.8/gems/activesupport-2.3.4/lib/active_support/inflector.rb:361:inconstantize' c:/ruby/lib/ruby/gems/1.8/gems/activesupport-2.3.4/lib/active_support/inflector.rb:360:in each' c:/ruby/lib/ruby/gems/1.8/gems/activesupport-2.3.4/lib/active_support/inflector.rb:360:inconstantize' c:/ruby/lib/ruby/gems/1.8/gems/activesupport-2.3.4/lib/active_support/core_ext/string/inflections.rb:162:in constantize' c:/ruby/lib/ruby/gems/1.8/gems/restful_acl-3.0.0/lib/restful_acl/base.rb:44:inobject_class' c:/ruby/lib/ruby/gems/1.8/gems/restful_acl-3.0.0/lib/restful_acl/base.rb:27:in load_actors_from_uri' c:/ruby/lib/ruby/gems/1.8/gems/restful_acl-3.0.0/lib/restful_acl/base.rb:17:ininitialize' c:/ruby/lib/ruby/gems/1.8/gems/restful_acl-3.0.0/lib/restful_acl/helper.rb:6:in new' c:/ruby/lib/ruby/gems/1.8/gems/restful_acl-3.0.0/lib/restful_acl/helper.rb:6:inallowed?' C:/Users/carter/Code/commish_dev/app/views/seasons/show.html.erb:5:in _run_erb_app47views47seasons47show46html46erb' C:/Users/carter/Code/commish_dev/app/controllers/seasons_controller.rb:18:inshow'

crtr0 commented 14 years ago

Here's a line in the url_parser.rb that I have:

{:name => "edit_singleton_child",       :controller_bit => 3, :object_id_bit => nil, :regex => /\/(\w+)\/(\d+)[\w|-]*\/(\w+)\/edit$/},

...which I think is slightly different than what I see in the trunk (I think). Could that be it?

mdarby commented 14 years ago

:edit_singleton_child shouldn't be firing in this case. What does your logical_parent line look like on season.rb?

crtr0 commented 14 years ago

logical_parent :division

I'll confess, I haven't grokked what the point of that declaration is.

mdarby commented 14 years ago

Ahh. It looks like Season doesn't have a 'parent' at all (at least judging by the URL). Try commenting out the logical_parent statement (since it doesn't have one) and see what happens. The important part is the 'before_filter :has_permission?' in the controller.

crtr0 commented 14 years ago

No dice. I commented it out, but it still errors out. Season does belong_to Division. Are you sure this isn't an issue of parsing the URL and instantiating the class? It's clearly trying to instantiate an "Edit" class (which makes me think it's mis-parsing the path).

mdarby commented 14 years ago

Season may belong to Division, but the routes need to be namespaced.

map.resources :division do |d| d.resources :seasons end

mdarby commented 14 years ago

Sorry - nested, not namespaced.

crtr0 commented 14 years ago

This is what I currently have:

map.resources :divisions, :has_many => :seasons

mdarby commented 14 years ago

Try using the full nested url in the allowed? block edit_division_season_path(@division, @season)

crtr0 commented 14 years ago

Huzzah! It works :)

But, I'm confused.

1) I still have the logical_parent declaration commented out. What's it for?

2) What if I don't want to use the fully nested URL for certain actions (like update, edit, show, etc)?

mdarby commented 14 years ago
  1. The logical_parent statement just tells RESTful_ACL what you consider the parent of that object to be. You use it in the 'child' to point towards the 'parent'.
  2. It won't work ;)

I'll update the docs to make the required use of nested routes more evident.

crtr0 commented 14 years ago

I understand the semantic meaning of the declaration, but how is it used in the code? How come I can comment it out and things still work properly?

And do you think there is any simple way for me to use restful_acl without nested resources? It's a great plug-in, but I still want to be able to protect top-level resources.