In nested_authorized?, link should have index action for plural associations and nil action for singular associations. Then, links without action should call action_link_to_inline_form, then configure_column_link and finally column_link_authorized?. If it's not authorized it will be rendered like: <a>action link label</a>
I will change so it gets class="disabled" too. On Miércoles, 26 de septiembre de 2012 13:28:38 Hernan Astudillo escribió: The problem is that the link has :action => 'nested', which is useless. Is there any way to figure out that index-new-edit-show from the resulting link at "nested_authorized?" On Wed, Sep 26, 2012 at 6:29 AM, Sergio Cambra <[email protected]> wrote: You cannot do that with nested_authorized? without adding link parameter, which was my proposal, adding link parameter to check authorization with that call in nested_authorized? I could do it in traverse, but I don't like it. ActionLinks class should not know nothing about a link is a normal or nested one, should do the same. Another way would be move authorization check to the action link class. On Martes, 25 de septiembre de 2012 15:46:10 Hernan Astudillo escribió: As nested for nested.add_link case method falls back to index, new, update or show, it should use the generic authorized_for?(:crud_type => link.crud_type, :action => link.action) On Tue, Sep 25, 2012 at 2:29 PM, Sergio Cambra <[email protected]> wrote: What method it should use instead? On Martes, 25 de septiembre de 2012 10:57:48 Hernan Astudillo escribió: exaclty that, since: def nested_authorized? true end however, before calling this, the link i think at build time it already has the action and crud_type so, it doesn't really need to call nested_authorized? for config.nested.add_link cases. On Tue, Sep 25, 2012 at 5:32 AM, Sergio Cambra <[email protected]> wrote: On Lunes, 24 de septiembre de 2012 22:22:49 Sergio Cambra escribió: > > On Lunes, 24 de septiembre de 2012 11:57:49 Hernan Astudillo escribió: > > > > There are still 2 problems that i'm trying to debug: > > > > 1) nested links are allways displayed. AS/actions/nested.rb > > nested_authorized? returns allways true. It should delegate to the > > corresponding action: - :list when is :index > > - :create when is :new > > - :update when is :edit > > However you can still use security_method I think now that you were talking about config.nested.add_link Maybe nested_authorized? can changed to check authorization using action_link.crud_type and action_link.action, but authorized methods should be changed to get record and link, or checking arity before calling. > > In lib/active_scaffold/helpers/list_column_helpers.rb, render_list_column > method in line 48, calls column_link_authorized? if action is set, so nested > links for plural associations should call it. When action is nil, like > singular associations links, render_action_link will try to get the action > for this row with action_link_to_inline_form, which calls > configure_column_link and this method calls column_link_authorized?. So all > nested links should call column_link_authorized? > > That method, will check authorization with :read crud type for :index, > :create crud type for :new in model, and :update crud type for :edit in > record. Now, I have found a bug, :index link will use the first record if > association is eager loaded, but it should use always the model to check > authorization. If association is not eager loaded or is empty, it's using > already the model. I have just fixed to use the model always with plural > associations. > > > 2) Unauthorized member actions are still displayed as something like: > > <a>#{link.label}</a> They should have class="disabled". > > Can't figure out where is being rendered. I only see a > > > > render_group_action_link(link, options, record) > > In lib/active_scaffold/data_structures/action_links.rb, traverse method, > lines 125 to 129, checks authorized, which is passed in a options hash to > the block, in _action_group partial. The block will call > render_group_action_link with the options, which in line 118 call > action_link_html with :class => "disabled" option, so you should get it. > I'm talking about master branch. -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en. -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en. -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en. -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en. -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en. -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en. -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en.
