On Apr 6, 2011, at 10:45 AM, mdfdroid wrote:
Hi guys, I am having an issue with permissions I can not seem to
figure out. Basically, I need every user to only be able to view
and edit their own records. This seems to be working fine if I have a
belongs_to :user, :creator => true
in the models and set the permissions to user_is? acting_user
My problem comes with the view permission. Users have Clients then
clients have bills/expenses etc. The user_is? acting user works
find in the view permission for clients.
Now when I click on a client i have a list of bills for that
client. The model for client originally had belongs_to :client ,
since adding in the permissions, I added an addition
belongs_to :user, :creator => true. so the final model looks like
this:
belongs_to :user, :creator => true
belongs_to :client
# --- Permissions --- #
def create_permitted?
user_is? acting_user
end
def update_permitted?
user_is? acting_user
end
def destroy_permitted?
user_is? acting_user
end
def view_permitted?(field)
user_is? acting_user
end
When I go to the client show page, where it should show bills, it
just returns the table but no data in it. It seems like all of the
models I have more than one belong_to in, the view doesn't work
correctly? Can someone explain the proper way to segment off users
from each other.
You might want to take a detour here and look into an authorization
framework like CanCan. You're going to find yourself where I did --
with a hundred tiny permissions bits scattered through your views --
and wonder why the hell Rails is supposed to be so DRY.
Walter
--
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/hobousers?hl=en.
