So I am finally getting into the permissions. The following block for my
projects model seems to work as expected. But there is going to be a bit
more of this. I am concerned about doing things incorrectly and taking a
performance hit. Is this the best way to do what I'm aiming for?
def view_permitted?(field)
if acting_user.administrator? then
return true
elsif (acting_user == self.owner || acting_user == self.tasker) then
return true
elsif (acting_user.sitetasker? && self.state == 'submitted') then
return true
elsif self.state == 'finished' then
return true
else
return false
end
end
The logic is:
1. Administrators can view anything
2. If the acting_user is an owner or tasker on the project, they can
view it
3. If the acting_user is one of the site's "site taskers" AND the
project is in submitted status, they can view it. Tasker's have to be able
to be able to see available projects so they can take them on
4. Once it moves to "finished" status, anybody can view
5. All other users and states should be blocked from view
Thanks,
Nathan
--
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/hobousers.
For more options, visit https://groups.google.com/d/optout.
