如何使用 declarative_authorization 的 is_in 运算符？

发布于 2024-08-18 22:19:06 字数 1309 浏览 7 评论 0原文

在我看来，我有一个简单的 declarative_authorization 规则，但我确信这只是我的新鲜感导致我在使其正常工作时遇到问题。

我有一个用户和一个组。组与用户具有多对一的关系。特定类 (:asset) 可以有一个用户和一个用户。与其相关的组。如果用户是 :asset 对象组的成员，我想确定对 :asset 对象的授权。基本上，请考虑 UNIX 文件系统安全模型。

这是我编写的规则：

has_permission_on [:assets], :to => :manage do
  if_attribute :user => is { user }
  if_attribute :group => is { user.default_group }

  # Idea:
  # if_attribute :group => is_in { user.groups }

end

我希望在代码中包含我的“想法”，但它会引发错误。我确信我在做一些愚蠢的事情，我只是不确定什么？

SQLite3::SQLException: ambiguous column name: created_at: 
    SELECT "assets"."id" AS t0_r0, "assets"."friendly_id" AS t0_r1, "assets"."purchased_on" AS t0_r2, "assets"."description" AS t0_r3, "assets"."model" AS t0_r4, "assets"."serial" AS t0_r5, "assets"."user_id" AS t0_r6, "assets"."created_at" AS t0_r7, "assets"."updated_at" AS t0_r8, "assets"."group_id" AS t0_r9, "groups"."id" AS t1_r0, "groups"."name" AS t1_r1, "groups"."created_at" AS t1_r2, "groups"."updated_at" AS t1_r3 
    FROM "assets"  
    LEFT OUTER 
    JOIN "groups" 
    ON "groups".id = "assets".group_id 
    WHERE ((1=1) OR ("assets"."user_id" = 1) OR ("groups"."id" IN (1,2,3)))  
    ORDER BY created_at DESC 
    LIMIT 10 
    OFFSET 0

原文

I have what seems to me to be a simple declarative_authorization rule, but I'm sure it's just my newness that is causing me to have problems getting it to work.

I have a user and a group. A group has a many-to-one relationship with a user. A particular class (:asset) can have a user & group associated with it. I want to determine authorization to the :asset object if a users is a member of the :asset objects group. Basically, think of the UNIX filesystem security model.

Here is the rule I have written:

has_permission_on [:assets], :to => :manage do
  if_attribute :user => is { user }
  if_attribute :group => is { user.default_group }

  # Idea:
  # if_attribute :group => is_in { user.groups }

end

I'm looking to include my "idea" in the code, but it throws an error. I'm sure it's something silly I'm doing, I'm just not sure what?

SQLite3::SQLException: ambiguous column name: created_at: 
    SELECT "assets"."id" AS t0_r0, "assets"."friendly_id" AS t0_r1, "assets"."purchased_on" AS t0_r2, "assets"."description" AS t0_r3, "assets"."model" AS t0_r4, "assets"."serial" AS t0_r5, "assets"."user_id" AS t0_r6, "assets"."created_at" AS t0_r7, "assets"."updated_at" AS t0_r8, "assets"."group_id" AS t0_r9, "groups"."id" AS t1_r0, "groups"."name" AS t1_r1, "groups"."created_at" AS t1_r2, "groups"."updated_at" AS t1_r3 
    FROM "assets"  
    LEFT OUTER 
    JOIN "groups" 
    ON "groups".id = "assets".group_id 
    WHERE ((1=1) OR ("assets"."user_id" = 1) OR ("groups"."id" IN (1,2,3)))  
    ORDER BY created_at DESC 
    LIMIT 10 
    OFFSET 0

分享到QQ

分享到微博