As nested for nested.add_link case method falls back to index, new, update or show, it should use the generic
authorized_for?(:crud_type => link.crud_type, :action => link.action) On Tue, Sep 25, 2012 at 2:29 PM, Sergio Cambra <[email protected]> wrote: > ** > > What method it should use instead? > > > > On Martes, 25 de septiembre de 2012 10:57:48 Hernan Astudillo escribió: > > exaclty that, since: > > def nested_authorized? > true > end > > however, before calling this, the link i think at build time it already > has the action and crud_type so, it doesn't really need to call > nested_authorized? for config.nested.add_link cases. > > On Tue, Sep 25, 2012 at 5:32 AM, Sergio Cambra <[email protected]> wrote: > > On Lunes, 24 de septiembre de 2012 22:22:49 Sergio Cambra escribió: > > > > On Lunes, 24 de septiembre de 2012 11:57:49 Hernan Astudillo escribió: > > > > > > There are still 2 problems that i'm trying to debug: > > > > > > 1) nested links are allways displayed. AS/actions/nested.rb > > > nested_authorized? returns allways true. It should delegate to the > > > corresponding action: - :list when is :index > > > - :create when is :new > > > - :update when is :edit > > > However you can still use security_method > > I think now that you were talking about config.nested.add_link > > Maybe nested_authorized? can changed to check authorization using > action_link.crud_type and action_link.action, but authorized methods > should be > changed to get record and link, or checking arity before calling. > > > > > > In lib/active_scaffold/helpers/list_column_helpers.rb, render_list_column > > method in line 48, calls column_link_authorized? if action is set, so > nested > > links for plural associations should call it. When action is nil, like > > singular associations links, render_action_link will try to get the > action > > for this row with action_link_to_inline_form, which calls > > configure_column_link and this method calls column_link_authorized?. So > all > > nested links should call column_link_authorized? > > > > That method, will check authorization with :read crud type for :index, > > :create crud type for :new in model, and :update crud type for :edit in > > record. Now, I have found a bug, :index link will use the first record if > > association is eager loaded, but it should use always the model to check > > authorization. If association is not eager loaded or is empty, it's using > > already the model. I have just fixed to use the model always with plural > > associations. > > > > > 2) Unauthorized member actions are still displayed as something like: > > > <a>#{link.label}</a> They should have class="disabled". > > > Can't figure out where is being rendered. I only see a > > > > > > render_group_action_link(link, options, record) > > > > In lib/active_scaffold/data_structures/action_links.rb, traverse method, > > lines 125 to 129, checks authorized, which is passed in a options hash to > > the block, in _action_group partial. The block will call > > render_group_action_link with the options, which in line 118 call > > action_link_html with :class => "disabled" option, so you should get it. > > I'm talking about master branch. > > -- > You received this message because you are subscribed to the Google Groups > "ActiveScaffold : Ruby on Rails plugin" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/activescaffold?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups > "ActiveScaffold : Ruby on Rails plugin" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/activescaffold?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "ActiveScaffold : Ruby on Rails plugin" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/activescaffold?hl=en. > -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en.
