Hi,
According to my calculations, you should have
"users.contains?(acting_user)" in the update and view methods.
Please remove acting_user.in(reviews) from the view. And
acting_user.reviewer? from the update.
Thanks,
TF
On 10/5/11 9:36 PM, jarad wrote:
I have to say I am a big fan of hobo and love what it can do but I
have run into a few snags here and there, one is the permissions
system.
I would like to limit the view and update permissions for the Program
model below to only allow users assigned to a review of the program. I
can't find much documentation as to how this could be done and I have
tried everything I can think of. Any help would be greatly
appreciated.
class Program< ActiveRecord::Base
has_many :reviews
has_many :users, :through => :reviews
# --- Permissions --- #
def create_permitted?
acting_user.administrator? || acting_user.signed_up?
end
def update_permitted?
# limits to the creator, admins, and reviewers (boolean in user
model)
acting_user.administrator? || acting_user.reviewer? || owner_is?
(acting_user)
end
def destroy_permitted?
acting_user.administrator? || owner_is?(acting_user)
end
def view_permitted?(field)
# One of my attempts that isn't doing what I want
acting_user.administrator? || acting_user.in?(reviews) || owner_is?
(acting_user)
end
end
class Review< ActiveRecord::Base
belongs_to :program
has_many :review_assignments, :dependent => :destroy
has_many :users, :through => :review_assignments, :accessible =>
true
class ReviewAssignment< ActiveRecord::Base
belongs_to :user
belongs_to :review
--
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/hobousers?hl=en.
