I'm having some difficulty understanding the documentation for declarative authorization and nested if_attributes.
Models:
class Company < ActiveRecord::Base
has_many :users, :through => :division
end
class Division < ActiveRecord::Base
belongs_to :company
has_many :users
end
class User < ActiveRecord::Base
belongs_to :post
end
My rule:
role :company_admin do
includes :company_admin
has_permission_on :companies, :to => [:index, :show, :edit, :update] do
if_attribute :id => is { user.division.company.id } # This is the problem....
end
In my hierarchy, I have a company_admin role defined that should be allowed to edit his own company and all divisions and users. There is another role above company admin which has the ability to fully edit & add companies and all roles below.
Where I seem to be hung up is at the rule listed above (I know that isn't correct, it's just filler for an example). I need to establish that the current user can ONLY edit his own company, not any other. This seems to be a nested if_attribute but I can't seem to understand the examples of nested if_attributes in the documentation.
Thanks in advance for any assistance!
The resolution did not need a nested if_attribute. The example that I used was actually correct, there were other permission errors in my authorization_rules.rb file that this user was inheriting that caused the confusion.
if_attribute :id => is { user.division.company.id } #This was the correct if_attribute