Declarative permission - allow editing other comments left in your article?

Question

Declarative permission - allow editing other comments left in your article?

I follow the Ryan Bates declarative authorization railscast. I am trying to add functionality for the author of a specific article in order to be able to edit the comments left in his article, regardless of whether he is the owner or not. I tried to do this, but could not get it to work.

  role :author do
    has_permission_on :articles, :to => [:new, :create]
    has_permission_on :articles, :to => [:edit, :update, :show] do
      if_attribute :user => is { user }
    end
    **has_permission_on :comments, :to => [:edit, :update] do
      if_attribute :article_id => is { user }
    end**
  end

How to change the has_permission line in comments so that the user can edit comments if they remain only in his article?

thank

+3

ruby-on-rails declarative-authorization

sent-hil Feb 04 '10 at 13:02

source share

2 answers

...

has_permission_on :articles, :to => [:edit, :update, :show] do
  if_attribute :user => is { user }
end

... , :user user ( - current_user), :articles.

...

has_permission_on :comments, :to => [:edit, :update] do
  if_attribute :article_id => is { user }
end

, :article_id user.

Rails, , . , user, - if_attribute :article_id => is { user.articles.id }.

,

0

jd291 07 . '10 0:05

fjuan · Accepted Answer · 2010-02-08T18:44:40+0000

, / , :

role :author do
  [...]

  has_permission_on :comments, :to => [:edit, :update] do
    if_attribute :article_id => is_in { user.article_ids }
  end
end

, is_in

user.article_ids user.articles.collect{|a| a.id}.uniq

Declarative permission - allow editing other comments left in your article?

More articles: