Hi Kevin
I agree with your approach to apply the permissions in a controller
and not have a record per
record decision when the page is renderered whether the record is
permitted to be shown to the user.
So I am trying to tweak the front controller and apply the view
permissions there. The goal is
that the guest user sees none of the records. The records become
available once logged it.
In the generated front controller I get this statement.
def index;end
I tried to tweak this to see how this index method works and where the
stuff is happening under the hobo hood .
I replaced the method with:
def index
@locations = Location.find :last
end
But I still got 6 Locations rendered.
I took the abovementioned method and put it in the Locations
controller. -> Also no change to the front page.
What place does one go to, to tweak the front controller?
Thnx Roland
Am 13.12.2008 um 03:53 schrieb kevinpfromnm:
>
> In addition to lessening the memory load, changing the find conditions
> in the controller keeps the pagination information correct. Even if
> can_view was working properly, you'd get pages with less than the per
> page count as certain items got filtered out. Sometimes even blank
> pages depending on how frequently the view permission was denied.
>
> On Dec 12, 10:25 am, Hobo_Fan <[email protected]> wrote:
>> Hi rolando ,
>>
>> I found a good write out written by larryk on hobocentral in regards
>> of viewable_by? and updateable_by? methods. You might want to take a
>> look.
>>
>> http://hobocentral.net/forum/viewtopic.php?
>> p=5108&sid=eca9b87ea696a74...
>>
>> Unfortunately, I was not able to understand it and do not how to
>> implement it with my app.
>>
>> But I was able to allow user who logged in to see certain fields, for
>> example:
>>
>> <aside:>
>> <h2>Licensing Info</h2>
>> <% for license in @product.licenses %>
>> <ul>
>> <li>
>> License Key: <%= license.key if logged_in? %>
>> <br/>Client: <%= h(license.client.last_name) if !
>> license.client.nil? %>
>> </li>
>> </ul>
>> <% end %>
>> <br/>
>> <p><a to="&License" action="new">Add New License</a></p>
>> </aside:>
>>
>> Let me know if you figure out how to use the viewable_by method.
>>
>> Thanks,
>> Sean
>>
>> On Dec 12, 2:15 am, solars <[email protected]> wrote:
>>
>>> On Fri, Dec 12, 2008 at 10:09:14AM +0000, James Garlick wrote:
>>
>>>> I think you'd be better off constraining the collection in the
>>>> controller based on the status of the user rather than using the
>>>> permission system. Otherwise you'll be retrieving a whole load of
>>>> unnecessary data from the database which isn't very efficient.
>>
>>> Yeah that would be smarter anyway, I guess that's the reason Tom
>>> only included the can_view? check in the (default) collection tag.
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/hobousers?hl=en
-~----------~----~----~----~------~----~------~--~---
