Re: Can't suppress "Create new" link at top of list for non-authorized users

Tue, 25 Sep 2012 01:22:58 -0700 

> On Lunes, 24 de septiembre de 2012 11:57:49 Hernan Astudillo escribió:
> 
> There are still 2 problems that i'm trying to debug:
> 
> 1) nested links are allways displayed. AS/actions/nested.rb
> nested_authorized? returns allways true. It should delegate to the
> corresponding action: - :list when is :index
> - :create when is :new
> - :update when is :edit
> However you can still use security_method

In lib/active_scaffold/helpers/list_column_helpers.rb, render_list_column 
method in line 48, calls column_link_authorized? if action is set, so nested 
links for plural associations should call it. When action is nil, like 
singular associations links, render_action_link will try to get the action for 
this row with action_link_to_inline_form, which calls configure_column_link and 
this method calls column_link_authorized?. So all nested links should call 
column_link_authorized?

That method, will check authorization with :read crud type for :index, :create 
crud type for :new in model, and :update crud type for :edit in record. Now, I 
have found a bug, :index link will use the first record if association is eager 
loaded, but it should use always the model to check authorization. If 
association is not eager loaded or is empty, it's using already the model. I 
have just fixed to use the model always with plural associations.

> 
> 2) Unauthorized member actions are still displayed as something like:
> <a>#{link.label}</a> They should have class="disabled".
> Can't figure out where is being rendered. I only see a
> 
> render_group_action_link(link, options, record)

In lib/active_scaffold/data_structures/action_links.rb, traverse method, lines 
125 to 129, checks authorized, which is passed in a options hash to the block, 
in _action_group partial. The block will call render_group_action_link with 
the options, which in line 118 call action_link_html with :class => "disabled" 
option, so you should get it. I'm talking about master branch.

-- 
You received this message because you are subscribed to the Google Groups 
"ActiveScaffold : Ruby on Rails plugin" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/activescaffold?hl=en.

Reply via email to