I'm setting up a private site where users have access to a limited set of data. Attached is a high level view of the model diagram (exported from RubyMine)
Users are members of organizations and should only be able to view data
associated with their organizations. It's easy enough to limit viewing data
at the organizations level but where I'm a bit stuck is how to limit access
to say a floor which belong to a building which in turn belong to an
organizations.
Am I going to have to navigate the whole tree back up to organization in
each models view_permitted? or is there a simpler way?
Ie for the floor model
def view_permitted?(field)
acting_user.employee? || acting_user.administrator? ||
this.building.organization.users.include?(acting_user)
end
--
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/hobousers/-/rnL2BHigbiQJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/hobousers?hl=en.
<<attachment: diagram.png>>
