1

我有一条对我来说似乎很简单的declarative_authorization规则,但我确信这只是我的新奇导致我在让它工作时遇到问题。

我有一个用户和一个组。组与用户具有多对一关系。一个特定的类 ( :asset) 可以有一个与之关联的用户和组。:asset如果用户是:asset对象组的成员,我想确定对对象的授权。基本上,想想 UNIX 文件系统安全模型。

这是我写的规则:

has_permission_on [:assets], :to => :manage do
  if_attribute :user => is { user }
  if_attribute :group => is { user.default_group }

  # Idea:
  # if_attribute :group => is_in { user.groups }

end

我希望在代码中包含我的“想法”,但它会引发错误。我确定这是我在做的傻事,我只是不确定是什么?

SQLite3::SQLException: ambiguous column name: created_at: 
    SELECT "assets"."id" AS t0_r0, "assets"."friendly_id" AS t0_r1, "assets"."purchased_on" AS t0_r2, "assets"."description" AS t0_r3, "assets"."model" AS t0_r4, "assets"."serial" AS t0_r5, "assets"."user_id" AS t0_r6, "assets"."created_at" AS t0_r7, "assets"."updated_at" AS t0_r8, "assets"."group_id" AS t0_r9, "groups"."id" AS t1_r0, "groups"."name" AS t1_r1, "groups"."created_at" AS t1_r2, "groups"."updated_at" AS t1_r3 
    FROM "assets"  
    LEFT OUTER 
    JOIN "groups" 
    ON "groups".id = "assets".group_id 
    WHERE ((1=1) OR ("assets"."user_id" = 1) OR ("groups"."id" IN (1,2,3)))  
    ORDER BY created_at DESC 
    LIMIT 10 
    OFFSET 0
4

1 回答 1

1

我真的没有对 declarative_auth 进行太多研究,但规则似乎还可以。根据日志,这似乎order by created_at是模棱两可的,因为“组”表中也有一个“created_at”列。

不知道如何解决这个问题的直接解决方案,但我认为它应该说order by t0_r7或者order by t1_r2因为那些是给 created_at 列的别名;我不知道你使用哪个对你来说是否重要。

于 2010-02-01T09:04:35.293 回答