Also in order to get edit (since I have added fields to user model) to
work (since own users are not allowed to edit themselves, I had to
add:
def edit_permitted?(field)
return true if acting_user.administrator?
return false if (field.to_s == "administrator")
return true if self == acting_user
end
I tried to optimize this, but it was not so easy. If you want
Administrators to be able to give administrator rights to other users,
you can "merge" the last and first line.
This should maybe be default behavior in Hobo?
At least if you can say that:
- user model should be easily extendable without needing to add more
security permissions
- you do not want spammers to leech email adresses from your sites.
- admins can edit all
- self can edit self (except to give adminrights to them selves :-))
/MartOn
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/hobousers?hl=en
-~----------~----~----~----~------~----~------~--~---
