I've a few rails applications out there that need scoping to limit data access.
The Rails wiki has a page on Proper Scoping at: http://wiki.rubyonrails.org/howtos/security/scoping However I have models with lots of has_many's such as: Account has_many Recipie_Books which has_many Recipes which has_many Ingredients The usual method of daisy-chaining them in the controller like: current_user.account.books.recipies.ingredients.etc...find(:id) will have a big overhead if we only want to check if the user can access a record such as ingredients. Alternative methods could be adding user or account to the final model to allow quick checking, or adding a method to the model to do the work like is_accessible? So I suppose the question is, in the real world, what techniques have you found work and scale well? -- Andrew Threlfall --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "NWRUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nwrug-members?hl=en -~----------~----~----~----~------~----~------~--~---
