By the way, since this is a multi-user app with each user only having
access to his own records, in my controllers I have updated them for
such behavior, for example in my contacts controller ...

  def index
    hobo_index current_user.contacts
  end

I wonder if this, in conjunction with the permissions in contact.rb,
is causing my trouble.

Anyone out there have a solution ?

On Oct 25, 5:05 pm, Jeremy Savoy <[email protected]> wrote:
> Even changins permissions in contact.rb to ...
>
>   def create_permitted?
>     acting_user.administrator? || acting_user == owner
>   end
>
>   def update_permitted?
>     acting_user.administrator? || acting_user == owner
>   end
>
>   def destroy_permitted?
>     acting_user.administrator? || acting_user == owner
>   end
>
>   def view_permitted?(field)
>     acting_user.administrator? || acting_user == owner
>   end
>
> Still only allows the Administrator to see the <select-many> in the
> New Invitation form to add Contacts to the invitation.
>
> On Oct 25, 3:38 pm, Jeremy Savoy <[email protected]> wrote:
>
>
>
>
>
>
>
> > In my application each user owns their own records, including contact
> > records and invitation records:
>
> > has_many :contacts, :class_name => "Contact", :foreign_key =>
> > "owner_id", :dependent => :destroy
> > has_many :invitations, :class_name => "Invitation", :foreign_key =>
> > "owner_id", :dependent => :destroy
>
> > contacts.rb has ...
>
> > belongs_to :owner, :class_name => "User", :creator => true
> > belongs_to :invitations
>
> > invitations.rb has ..
>
> > belongs_to :owner, :class_name => "User", :creator => true
> > has_many :contacts, :accessible => true
>
> > I use the following permissions in all of my models and the record
> > ownership works great, I can switch users and each user can see only
> > their contacts and invitations:
>
> >   def create_permitted?
> >     owner_is? acting_user
> >   end
>
> >   def update_permitted?
> >     owner_is?(acting_user)
> >   end
>
> >   def destroy_permitted?
> >     owner_is?(acting_user)
> >   end
>
> >   def view_permitted?(field)
> >     owner_is? acting_user
> >   end
>
> > Now, I want to create and invitation and add contacts to it inline,
> > multi model form style ...
>
> > In application.dryml I have the following to allow me to select-many
> > from the existing list of contacts...
>
> > <extend tag="form" for="Invitation">
> >   <old-form merge>
> >     <field-list: fields="outer_envelope, inner_envelope, sent,
> > contacts">
> >       <contacts-view:>
> >         <select-many/>
> >       </contacts-view:>
> >     </field-list:>
> >   </old-form>
> > </extend>
>
> > This is where the problem is -- doesn't matter if I'm the admin, or a
> > users, the select-many never shows up on the new or edit invitation
> > page.
>
> > So I changed my permissions in contact.rb back to the defaults ...
>
> >   def create_permitted?
> >     acting_user.administrator?
> >   end
>
> >   def update_permitted?
> >     acting_user.administrator?
> >   end
>
> >   def destroy_permitted?
> >     acting_user.administrator?
> >   end
>
> >   def view_permitted?(field)
> >     true
> >   end
>
> > And now, if I am the administrator and I go to the new invitation
> > page, I do get a drop down list of all the contacts available to be
> > added to the invitation, even though those contacts are owned by
> > another user.
>
> > I need for any user to be able to add contacts that they own to an
> > invitation that they are creating that they will also own. I do not
> > care if admins do or do not have the ability to do this.
>
> > Please advise, the permissions can be quite daunting for those of us
> > who are not veteran ruby/rails users -- all we have to go on is the
> > Agility tutorial and examples found in this group ...

-- 
You received this message because you are subscribed to the Google Groups "Hobo 
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/hobousers?hl=en.

Reply via email to