#20 new

if_attribute produces wrong SQL

Reported by q | November 26th, 2010 @ 03:04 PM

Hello everybody,

somehow a rule produces wrong SQL. I want to share this with you.

I have the following rule

MAINTAINABLE_OBJECTS = [:games, :game_templates, :artifacts, :artifact_groups, :artifact_overlays, :global_assets, :motypes, :states]

role :partner do
  includes :user
  #FIXME: does not work
  has_permission_on MAINTAINABLE_OBJECTS, :to => [:read, :read_attachment] do
    if_attribute :accessible => true

privilege :read, :includes => [:index, :show]

accessible is a method in MaintainableObject (the super class of Game, Artifact, etc.) which in turn returns self.public. public is an attribute of MaintainableObject. BTW: I cannot use public directly since this does not work either; but this is another issue.

If I now try to access the index page of a maintainable object, let's say game, the following SQL is generated:

PGError: ERROR:  invalid input syntax for integer: "t"
LINE 1: ...."user_id" = 5) OR ("maintainable_objects"."id" = 't')) AND ...

: SELECT * FROM "maintainable_objects" WHERE (("maintainable_objects"."id" = 5) OR   ("maintainable_objects"."user_id" = 5) OR ("maintainable_objects"."id" = 't')) AND ( ("maintainable_objects"."type" = 'Game' ) )  ORDER BY lower(maintainable_objects.name) LIMIT 25 OFFSET 0

As you can see 'id' is compared against the boolean value 'true' (maintainable_objects"."id" = 't'). This obviously does not make sense.

Any ideas on this one?


No comments found

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

By now, decl_auth is using the GitHub issue tracker as well. Please use the one over there: http://github.com/stffn/declarative_authorization/issues

People watching this ticket