Hi! Thanks a lot Pat and Adam, I'm going to study that a bit and see how I can use it properly in my case.
On Apr 11, 10:58 pm, adamcooper <[email protected]> wrote: > Just wanted to chime in that we do this approach in almost all our > models and you can do very complex authorizations. > > We use a custom sql query for the MVA rather than forcing the join in > the main index. I guess it depends on how complex it is to get your > authorization_ids. In our case we have to join three separate tables > to get the ids we are looking for. I think pulling it out into a > separate query is a little bit easier on the database. > > Here is a sample complex case for you example: (Even expanding if you > had admins/moderators/members) > > has WRITE_ID_SQL, :as => :write_ids, :type => :multi > has READ_ID_SQL, :as => :read_ids, :type => :multi > > WRITE_ID_SQL = <<-END select project.id * 3 + 2 as id, > IF((memberships.level = #{Privacy::MODERATOR} OR memberships.level = > #{Privacy::ADMIN}, IFNULL(memberships.member_id, 0), 0) as write_ids > from projects > inner join memberships on projects.id = memberships.project_id > END > > READ_ID_SQL = <<-END select project.id * 3 + 2 as id, > memberships.member_id as read_ids > from projects > inner join memberships on projects.id = memberships.project_id > END > > Then when you do your search all you have to do is pass in the user_id > of the current_user into the read_ids and write_ids depending on which > type of permission you checking for. > > Cheers, > Adam > > On Apr 8, 9:39 pm, Pat Allan <[email protected]> wrote: > > > You will need to force the join to the members table using another (normal) > > attribute or field, if you're not doing that already... > > > has members(:id), :as => :normal_member_ids > > > In your SQL snippet, you'll want to merge all ids together into a string, > > separated by commas. GROUP_CONCAT or CONCAT_WS will be helpful for that. > > > Cheers > > > -- > > Pat > > > On 09/04/2010, at 1:30 PM, Gedeon wrote: > > > > Hmm one more thing. This might be silly and mysql related more than > > > TS, but how can I retrieve member_ids from an IF snippet? > > > I can't see anything like that in the MYSQL api. > > > > I'd need "IF(private = 0, 0, *some way of retrieving member ids from > > > the memberships table*)" > > > > If you have any idea, please let me know. In the mean time, i'm > > > searching and will post any solution I find. > > > > Thanks a lot! > > > > Gedeon > > > > On Apr 9, 8:35 am, Pat Allan <[email protected]> wrote: > > >> Hi Gedeon > > > >> I think the best way forward is to create another custom SQL snippet - > > >> if the project is public, return 0, otherwise, return the member ids... > > >> and then you can filter on :member_ids => [0, @user.id] for moderators, > > >> and :member_ids => @user.id for normal users. I think this will work, > > >> but haven't thought about it too much. > > > >> Keep in mind you'll want to set the attribute's type as :multi. > > > >> Hope this helps > > > >> -- > > >> Pat > > > >> On 08/04/2010, at 3:00 PM, Gedeon wrote: > > > >>> Hello! > > > >>> I'm adding a search feature in a project and just started using Sphinx > > >>> and Thinking Sphinx about a week ago. I'm seeking some help from > > >>> Sphinx Gurus here, can any of you help me? I would be extremely > > >>> grateful, as I've been stuck on this for a couple of days already. > > > >>> I basically have 3 models involved in this: > > > >>> Project: > > >>> has_many :members, :through => :memberships, :source => :user > > > >>> Membership, which links users to projects > > > >>> User: > > >>> has_many :projects, :through => :memberships > > > >>> Users should be able to search for projects. However, depending on > > >>> their access level, they can see more or less projects: > > > >>> - Admin users can see all projects (public and private). So I got > > >>> something like this: > > >>> Project.search options[:q], :page => 1, :per_page => 10 > > >>> Simple and easy, I can handle that. > > > >>> - Normal users can only see projects they are member of. How can I do > > >>> this? > > >>> I guess (but i could be completely wrong) I need this in my Project > > >>> index: > > >>> has members(:id), :as => :member_ids > > >>> But how can I use it? Or what should I use? > > >>> Project.search options[:q], :page => 1, :per_page => 10, > > >>> :with => { } # member_ids.include?(@user.id) > > > >>> - I kept the best for the end : Moderators can view all public > > >>> projects and all projects they are a member of.It's basically the same > > >>> as a normal user, with some "OR" condition cream on top of it: > > >>> Project.search options[:q], :page => 1, :per_page => 10, > > >>> :with => { :private => 0 } # OR member_ids.include? > > >>> (@user.id) > > > >>> I'm already using the "OR" trick to search within my contacts but I > > >>> cant apply it here as it only works when the permission is within the > > >>> same model: > > >>> has "IF(view_permission = 0, 0, contact_owner)", :as => :owner, :type > > >>> => :integer > > > >>> Any idea how to deal with moderators and normal users searches? > > >>> Thanks a lot to everyone for at least reading this. Extra thanks for > > >>> those who can help! > > > >>> PS: In the worst case scenario, is there a way of "unpaginating" the > > >>> results i get from TS, removing projects that don't match the > > >>> conditions, then re-paginating? I know that's a terrible solution and > > >>> I want to avoid it at all costs. However, we'll never have more than > > >>> 100 projects in the database and I'd rather have a that than no search > > >>> at all. > > > >>> -- > > >>> You received this message because you are subscribed to the Google > > >>> Groups "Thinking Sphinx" group. > > >>> To post to this group, send email to [email protected]. > > >>> To unsubscribe from this group, send email to > > >>> [email protected]. > > >>> For more options, visit this group > > >>> athttp://groups.google.com/group/thinking-sphinx?hl=en. > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Thinking Sphinx" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]. > > > For more options, visit this group > > > athttp://groups.google.com/group/thinking-sphinx?hl=en. -- You received this message because you are subscribed to the Google Groups "Thinking Sphinx" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/thinking-sphinx?hl=en.
