Hi Andrew, > I've a few rails applications out there that need scoping to limit > data access. > > The Rails wiki has a page on Proper Scoping at: > http://wiki.rubyonrails.org/howtos/security/scoping > > However I have models with lots of has_many's such as: > Account has_many Recipie_Books which has_many Recipes which has_many > Ingredients > > The usual method of daisy-chaining them in the controller like: > current_user.account.books.recipies.ingredients.etc...find(:id) > will have a big overhead if we only want to check if the user can > access a record such as ingredients. > > Alternative methods could be adding user or account to the final model > to allow quick checking, or adding a method to the model to do the > work like is_accessible? > > So I suppose the question is, in the real world, what techniques have > you found work and scale well? > > -- > Andrew Threlfall
One way would be to use has_many :through, e,g. Account has_many :recipe_books has_many :recipes, :through => :recipe_books end ActiveRecord will use an inner join to load recipes in one query. Unfortunately, there isn't support for nested has_many :through associations as of yet, so you wouldn't be able to go any deeper. Alternatively, you could use the Searchlogic gem, which does some very nice things with deep associations and dynamic named scopes so you could do something like: @account.recipe_books_recipes_ingredients_id_equals(id) As with has_many :through, his results in one query using inner joins to chain the associations, but you can go as deep as you like. Tekin Suleyman Ruby on Rails Developer 120/122 Grosvenor St, Manchester, M1 7HL +44 (0) 161 408 8868 +44 (0) 7968 355 460 http://tekin.co.uk --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "NWRUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nwrug-members?hl=en -~----------~----~----~----~------~----~------~--~---
