You know, I think this request may have had more to do with the problems I was having getting the permissions to work the way I wanted. It seems to be working much better now. I have encountered on potential problem though. I have a model with a has many relationship to another model. I have the authorized for conditions working so the edit link is grayed out properly when you click on the association, but I noticed that the name of the record in the subform is a link to edit the record, so I clicked on it, and even though the current user was not authorized for update (as evidenced by the edit on that record being grayed out) the subform still opened and he was able to edit the name of that record and successfully save the changes. You can see what I mean here:
http://cloud.github.com/downloads/nextekcarl/storylines/Screenshot-editing-test2.png Shouldn't the link for the name be grayed out (or not a link at all) if the user isn't authorized to edit the model? Here's the code I'm using for the authorized for update link: def authorized_for_update? #Greys out the associated link when the user isn't the creator or authorized new_record? || current_user.id == current_user.current_universe.creator_id || current_user.userlimits.find(:first, :conditions => "universe_id = #{current_user.current_universe_id}").rights >= 3 end In this case the current_user.current_universe_id}").rights == 1 Carl On Mon, Jun 1, 2009 at 12:15 AM, Sergio Cambra .:: entreCables S.L. ::. < [email protected]> wrote: > On Sábado, 30 de Mayo de 2009 00:22:59 Carl escribió: > > Is there a global config to stop all actions from being handled > > through ajax? I can't seem to find one, and the main problems I have > > tend to come from the ajax calls. > > > In ApplicationController: > > > ActiveScaffold.set_defaults do |config| > config.show.link.page = true > config.create.link.page = true > config.update.link.page = true > end > > > > While ajax sometimes looks cool, it > > isn't really vital to my app, and sometimes causes problems with > > rendering if someone tries to do something through a subform that they > > aren't authorized to do (like edit a associated record, of which I > > have quite a few). > > > Are you using rails 2.3? In master branch (which only works with rails 2.3) > it should work. > > > > I like being able to bring up all the associated > > records in their own screen (or tab) but in a subform it tends to > > cause problems. Mostly this seems to be a problem with belongs_to > > associations, since the default action seems to be edit, rather than > > show. > > > You can change default action: > ActiveScaffold::DataStructures::Column.actions_for_association_links = > [:new, :show] > > > > > > Carl > > > > > -- > Sergio Cambra .:: entreCables S.L. ::. > Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza > T) 902 021 404 F) 976 52 98 07 E) [email protected] > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en -~----------~----~----~----~------~----~------~--~---
