In my project model I have:
belongs_to :user, :creator => true
def update_permitted?
acting_user.administrator? ||
(acting_user == user && !user_changed?)
end
Was thinking this was correct setting of permissions so that
the following form would only appear if a user owned the project and
was logged in:
<div id="editproject" param="editproject">
<form with="&@project" action="/projects/edit/#[email protected]}">
<input type="hidden" id="project_id" name="project[id]" value="#
{[email protected]}" />
<input class="edit" type="submit" value="EDIT CURRENT" />
</form>
</div>
...but alas, the form does appear all the time.
Jet
--
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/hobousers?hl=en.
