Hi guys, I am having an issue with permissions I can not seem to figure
out. Basically, I need every user to only be able to view and edit their
own records. This seems to be working fine if I have a
belongs_to :user, :creator => true
in the models and set the permissions to user_is? acting_user
My problem comes with the view permission. Users have Clients then clients
have bills/expenses etc. The user_is? acting user works find in the view
permission for clients.
Now when I click on a client i have a list of bills for that client. The
model for client originally had belongs_to :client , since adding in the
permissions, I added an addition belongs_to :user, :creator => true. so the
final model looks like this:
belongs_to :user, :creator => true
belongs_to :client
# --- Permissions --- #
def create_permitted?
user_is? acting_user
end
def update_permitted?
user_is? acting_user
end
def destroy_permitted?
user_is? acting_user
end
def view_permitted?(field)
user_is? acting_user
end
When I go to the client show page, where it should show bills, it just
returns the table but no data in it. It seems like all of the models I have
more than one belong_to in, the view doesn't work correctly? Can someone
explain the proper way to segment off users from each other.
--
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/hobousers?hl=en.
