By the way, since this is a multi-user app with each user only having
access to his own records, in my controllers I have updated them for
such behavior, for example in my contacts controller ...
def index
hobo_index current_user.contacts
end
I wonder if this, in conjunction with the permissions in contact.rb,
is causing my trouble.
Anyone out there have a solution ?
On Oct 25, 5:05 pm, Jeremy Savoy <[email protected]> wrote:
> Even changins permissions in contact.rb to ...
>
> def create_permitted?
> acting_user.administrator? || acting_user == owner
> end
>
> def update_permitted?
> acting_user.administrator? || acting_user == owner
> end
>
> def destroy_permitted?
> acting_user.administrator? || acting_user == owner
> end
>
> def view_permitted?(field)
> acting_user.administrator? || acting_user == owner
> end
>
> Still only allows the Administrator to see the <select-many> in the
> New Invitation form to add Contacts to the invitation.
>
> On Oct 25, 3:38 pm, Jeremy Savoy <[email protected]> wrote:
>
>
>
>
>
>
>
> > In my application each user owns their own records, including contact
> > records and invitation records:
>
> > has_many :contacts, :class_name => "Contact", :foreign_key =>
> > "owner_id", :dependent => :destroy
> > has_many :invitations, :class_name => "Invitation", :foreign_key =>
> > "owner_id", :dependent => :destroy
>
> > contacts.rb has ...
>
> > belongs_to :owner, :class_name => "User", :creator => true
> > belongs_to :invitations
>
> > invitations.rb has ..
>
> > belongs_to :owner, :class_name => "User", :creator => true
> > has_many :contacts, :accessible => true
>
> > I use the following permissions in all of my models and the record
> > ownership works great, I can switch users and each user can see only
> > their contacts and invitations:
>
> > def create_permitted?
> > owner_is? acting_user
> > end
>
> > def update_permitted?
> > owner_is?(acting_user)
> > end
>
> > def destroy_permitted?
> > owner_is?(acting_user)
> > end
>
> > def view_permitted?(field)
> > owner_is? acting_user
> > end
>
> > Now, I want to create and invitation and add contacts to it inline,
> > multi model form style ...
>
> > In application.dryml I have the following to allow me to select-many
> > from the existing list of contacts...
>
> > <extend tag="form" for="Invitation">
> > <old-form merge>
> > <field-list: fields="outer_envelope, inner_envelope, sent,
> > contacts">
> > <contacts-view:>
> > <select-many/>
> > </contacts-view:>
> > </field-list:>
> > </old-form>
> > </extend>
>
> > This is where the problem is -- doesn't matter if I'm the admin, or a
> > users, the select-many never shows up on the new or edit invitation
> > page.
>
> > So I changed my permissions in contact.rb back to the defaults ...
>
> > def create_permitted?
> > acting_user.administrator?
> > end
>
> > def update_permitted?
> > acting_user.administrator?
> > end
>
> > def destroy_permitted?
> > acting_user.administrator?
> > end
>
> > def view_permitted?(field)
> > true
> > end
>
> > And now, if I am the administrator and I go to the new invitation
> > page, I do get a drop down list of all the contacts available to be
> > added to the invitation, even though those contacts are owned by
> > another user.
>
> > I need for any user to be able to add contacts that they own to an
> > invitation that they are creating that they will also own. I do not
> > care if admins do or do not have the ability to do this.
>
> > Please advise, the permissions can be quite daunting for those of us
> > who are not veteran ruby/rails users -- all we have to go on is the
> > Agility tutorial and examples found in this group ...
--
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/hobousers?hl=en.
