I'm setting up a private site where users have access to a limited set of 
data.  Attached is a high level view of the model diagram (exported from 
RubyMine)

Users are members of organizations and should only be able to view data 
associated with their organizations.  It's easy enough to limit viewing data 
at the organizations level but where I'm a bit stuck is how to limit access 
to say a floor which belong to a building which in turn belong to an 
organizations.

Am I going to have to navigate the whole tree back up to organization in 
each models view_permitted?  or is there a simpler way?

Ie for the floor model 
  def view_permitted?(field)
    acting_user.employee? || acting_user.administrator? || 
this.building.organization.users.include?(acting_user)
  end

-- 
You received this message because you are subscribed to the Google Groups "Hobo 
Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/hobousers/-/rnL2BHigbiQJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/hobousers?hl=en.

<<attachment: diagram.png>>

Reply via email to