1
我在我看來似乎是一個簡單的declarative_authorization規則,但我相信這只是我的新事物,導致我無法正常工作。我有一個用戶和組。一個組與用戶有多對一的關係。一個特定的類(:asset)可以有一個與其關聯的用戶組&。如果用戶是:asset對象組的成員,我想確定對:asset對象的授權。基本上,想一想UNIX文件系統安全模型。如何使用declarative_authorization的is_in運算符?
這是我寫的規則:
has_permission_on [:assets], :to => :manage do
if_attribute :user => is { user }
if_attribute :group => is { user.default_group }
# Idea:
# if_attribute :group => is_in { user.groups }
end
我期待在代碼中包括我的「想法」,但它拋出一個錯誤。我確信這是我正在做的傻事,我只是不確定是什麼?
SQLite3::SQLException: ambiguous column name: created_at:
SELECT "assets"."id" AS t0_r0, "assets"."friendly_id" AS t0_r1, "assets"."purchased_on" AS t0_r2, "assets"."description" AS t0_r3, "assets"."model" AS t0_r4, "assets"."serial" AS t0_r5, "assets"."user_id" AS t0_r6, "assets"."created_at" AS t0_r7, "assets"."updated_at" AS t0_r8, "assets"."group_id" AS t0_r9, "groups"."id" AS t1_r0, "groups"."name" AS t1_r1, "groups"."created_at" AS t1_r2, "groups"."updated_at" AS t1_r3
FROM "assets"
LEFT OUTER
JOIN "groups"
ON "groups".id = "assets".group_id
WHERE ((1=1) OR ("assets"."user_id" = 1) OR ("groups"."id" IN (1,2,3)))
ORDER BY created_at DESC
LIMIT 10
OFFSET 0
感謝Jawa,這對我來說很有意義。它給了我足夠的數據去尋找答案...基本上我的一些模型有明確的order_by語句等等。這些order_by語句需要他們的列符合表名。這是有道理的。我只是沒有鏈接這兩個錯誤。由於decl_auth在幕後進行連接,因此我假定它也在執行order_by。但那是我! :( – dpb 2010-02-04 07:04:27