Basically the count is done with SQL count and as such doesn't take permissions into account. If there's no open bug about in https://hobo.lighthouseapp.com then one should be filed. I think Hobo should loose the index by default (or have this fixed) because beginners hit this quite fast.
On Jun 30, 2:36 pm, storitel <[email protected]> wrote: > hi folks, > i'm trying to be selective about who sees what in our all singing-all > dancing hobo CRM system, but failing to get my head round the > following... > > the setup is pretty normal Company has_many Contacts ... Contact > has_many Calls > > I'd like to restrict so some users (eg User.sttus == :probation ) can > see all Companies and Contacts, but can only see calls that they > create themselves - so I've got permissions set accordingly. > > Trouble is, the show page for Company has a count of calls for each > Contact, and show page for Contact has a table plus of that contact's > call summaries. > > So for the :probation users both of these pages trigger exception - > view of non-viewable field > > i think there must be something simple i'm missing - i just need the > non-viewable stuff not to render, rather than trigger an exception? > > thanks for any ideas > Paul -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
