think what you want is really acting_user.administrator? || (acting_user == user) self would refer to the user_group object itself.
On May 3, 2:52 pm, Chris Apolzon <[email protected]> wrote: > hmm. When I read Matt's post, I thought sure that would solve my problem. > No dice. > > In user_group.rb, I updated the create_permitted? and update_permitted? > methods to be: > acting_user.administrator? || (acting_user == self) > but its still not showing up on the form. The model is empty except for > belongs_to :user > belongs_to :group > (The timestamps field is the sole member of the fields do...end block) > > I also tried keeping with the only_changed? pattern, but if acting_user > doesn't work then I don't think it should matter. Regardless, should > only_changed?(:group) > be enough? Or would I need to do > only_changed?(:group, :group_id) > > As a final hack, I set update_permitted? and create_permitted? to return > true in group.rb, user_group.rb, and user.rb (minus the create on that last > one). Groups still do not show up (on the edit form) when logged in as a > non-administrator. > > And to summarize, the relevant line in my User model is: > has_many :groups, :through => :user_groups > has_many :user_groups, :dependent => :destroy, :accessible => true > > Thanks again for the help. > > > > On Mon, May 3, 2010 at 4:23 PM, Matt Jones <[email protected]> wrote: > > Specifying associations (for instance :user_groups on User) in an > > only_changed? block isn't going to work - the underlying code for > > only_changed? relies on the Rails dirty object tracking, which doesn't > > do this. The permissions you'll want are going to be defined in the > > UserGroup model. > > > --Matt Jones > > > On Fri, Apr 30, 2010 at 2:00 PM, Chris Apolzon <[email protected]> wrote: > > > I have a belongs_to :groups, :through :user_groups relationship on my > > > user model, and I'm trying to update the update permission to allow > > > users to assign themselves to groups. > > > > I tried adding :groups and :user_groups (and also tried just one or > > > the other) to the only_changed? parameters, but it didn't work. I > > > know the relationship is correct and working because if I switch over > > > to an administrator account I'm able to add them without any issue. > > > Do I need to explicitly allow the user to update the id fields which > > > are normally hidden away? I'm not really sure what the best process > > > is for tracing these permission issues. > > > > Any help is, as always, greatly appreciated. Thanks. > > > > p.s. I have :accessible => true on the user model relationship as well. > > > > -- > > > You received this message because you are subscribed to the Google Groups > > "Hobo Users" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > [email protected]<hobousers%[email protected]> > > . > > > For more options, visit this group at > >http://groups.google.com/group/hobousers?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Hobo Users" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<hobousers%[email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/hobousers?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Hobo Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/hobousers?hl=en. -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
