I'm trying to use declarative authorisation at the model level using the query rewriting feature to filter down html select options something like this:
Model:
class TreatmentClinic < ActiveRecord::Base
def self.filtered_by_user_context
with_permissions_to(:read)
end
end
View(the new action):
<%= form_for(@something) do |f| %>
<%= f.select :id, TreatmentClinic.filtered_by_user_context.collect {|t| [ t.name, t.id ] }, {:include_blank => 'Please select'} %>
<%= f.submit %>
<% end %>
authorization_roles.rb:
role :some_role do
has_permission_on :treatment_clinics do
to :read
if_attribute :id => '1'
end
end
I'm using sorcery and have it working nicely with declarative authorisation; declarative authorisation permissions are working fine at the controller and view levels, but the above select is throwing this error:
No matching rules found for [:read] for #<Authorization::AnonymousUser:0x007fd257c00090 @role_symbols=[:guest]> (roles [:guest], privileges [:read, :manage], context :treatment_clinics).
Any ideas?
Just incase it helps anyone in the future, I found the answer. In order for declarative authorisation security to work at the model level we need to add this to the application_controller.
before_filter :set_current_user
protected
def set_current_user
Authorization.current_user = current_user
end