A little new to Rails. Im currently using rails 4.1.8 with the declarative_authorization gem. When i call one of my protected URL's from a standard browser i get the expected 'not authorized' error that i i programed into the system. If i call the same url from Postman i get my data.
Somehow it seems that Rails is ignoring declarative_authorization, or its just won't work with anything that has a header set to anything other then accept text/html.
My code is as follows:
sample controller. I'm using filter_access_to :all
class ShiftsController < ApplicationController
protect_from_forgery with: :null_session
filter_access_to :all
def index
qrtStr = 'shift_date between :from and :end'
if params.has_key?(:from)
parm = {:from => params[:from]}
else
parm = {:from => (Time.now.midnight - 30.day)}
end
in authorization_rules.rb:
authorization do
role :superadmin do
has_omnipotence
end
role :admin do
end
role :guest do
has_permission_on :user_sessions, :to => [:new, :create]
end
role :calendarUser do
includes :baseUser
has_permission_on :shifts, :to => [:index, :show]
has_permission_on :calendar, :to => [:index]
end
routes.rb:
resources :shifts, except: [:new, :edit] do
patch 'submit', on: :member
patch 'acquire', on: :member
end
what am i missing?? or does declarative_authorization not work correctly with rails 4.1.8??
many thanks
Their .travis.yml shows that they're only testing against Ruby 1.8.7 and 1.9.3, if you're using a newer ruby then you're in the land of the unknown. You'll do better to find a more actively maintained gem.