It doesn't apply to this code, but if you happen to have expressions that do do a database query, you might want to memoize the result of the logic internally. E.g. my application handles financial forms with about two thousand fields; each form field had permissions to check during #update, #edit that the acting_user has permission to #update, #edit the form. Despite having specified inverse_of everywhere in my models, this still resulted in two thousand db queries per #edit/#update request - one per field - to check permissions on essentially the same thing for each individual field. So I decided to memoize the result of the check (into a hash indexed by acting_user) and it sped this part up considerably. Your code below does not need this currently if I read it correctly, so just an idea to consider for the future (but of course think through your permission logic to make sure it does not depend on side effects of previous operations within the same request).
It is another question what ruby style one likes, like this long if/elsif or some people like a series of posfix if statements ("return true if acting_user.administrator?"), others like a long boolean expression and let ruby short-circuit it. 2015. július 24., péntek 17:22:25 UTC+2 időpontban Nathan Peters a következőt írta: > > So I am finally getting into the permissions. The following block for my > projects model seems to work as expected. But there is going to be a bit > more of this. I am concerned about doing things incorrectly and taking a > performance hit. Is this the best way to do what I'm aiming for? > > def view_permitted?(field) > if acting_user.administrator? then > return true > elsif (acting_user == self.owner || acting_user == self.tasker) then > return true > elsif (acting_user.sitetasker? && self.state == 'submitted') then > return true > elsif self.state == 'finished' then > return true > else > return false > end > end > > The logic is: > > 1. Administrators can view anything > 2. If the acting_user is an owner or tasker on the project, they can > view it > 3. If the acting_user is one of the site's "site taskers" AND the > project is in submitted status, they can view it. Tasker's have to be able > to be able to see available projects so they can take them on > 4. Once it moves to "finished" status, anybody can view > 5. All other users and states should be blocked from view > > Thanks, > > Nathan > -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to hobousers+unsubscr...@googlegroups.com. To post to this group, send email to hobousers@googlegroups.com. Visit this group at http://groups.google.com/group/hobousers. For more options, visit https://groups.google.com/d/optout.