hmm. When I read Matt's post, I thought sure that would solve my problem. No dice.
In user_group.rb, I updated the create_permitted? and update_permitted? methods to be: acting_user.administrator? || (acting_user == self) but its still not showing up on the form. The model is empty except for belongs_to :user belongs_to :group (The timestamps field is the sole member of the fields do...end block) I also tried keeping with the only_changed? pattern, but if acting_user doesn't work then I don't think it should matter. Regardless, should only_changed?(:group) be enough? Or would I need to do only_changed?(:group, :group_id) As a final hack, I set update_permitted? and create_permitted? to return true in group.rb, user_group.rb, and user.rb (minus the create on that last one). Groups still do not show up (on the edit form) when logged in as a non-administrator. And to summarize, the relevant line in my User model is: has_many :groups, :through => :user_groups has_many :user_groups, :dependent => :destroy, :accessible => true Thanks again for the help. On Mon, May 3, 2010 at 4:23 PM, Matt Jones <[email protected]> wrote: > Specifying associations (for instance :user_groups on User) in an > only_changed? block isn't going to work - the underlying code for > only_changed? relies on the Rails dirty object tracking, which doesn't > do this. The permissions you'll want are going to be defined in the > UserGroup model. > > --Matt Jones > > On Fri, Apr 30, 2010 at 2:00 PM, Chris Apolzon <[email protected]> wrote: > > I have a belongs_to :groups, :through :user_groups relationship on my > > user model, and I'm trying to update the update permission to allow > > users to assign themselves to groups. > > > > I tried adding :groups and :user_groups (and also tried just one or > > the other) to the only_changed? parameters, but it didn't work. I > > know the relationship is correct and working because if I switch over > > to an administrator account I'm able to add them without any issue. > > Do I need to explicitly allow the user to update the id fields which > > are normally hidden away? I'm not really sure what the best process > > is for tracing these permission issues. > > > > Any help is, as always, greatly appreciated. Thanks. > > > > p.s. I have :accessible => true on the user model relationship as well. > > > > -- > > You received this message because you are subscribed to the Google Groups > "Hobo Users" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > [email protected]<hobousers%[email protected]> > . > > For more options, visit this group at > http://groups.google.com/group/hobousers?hl=en. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Hobo Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<hobousers%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/hobousers?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
