I'm creating a rails app requiring an ACL system to grant different priviledges to users, but I have some doubts on how to structure it.
Right now I have three users: Administrator > Area manager > Employee I'm able to distinguish between users and block certain actions or controllers based on the role. What I don't get is how to manage in a clean way situations where different kind of users access the same action, but have to display and get different data from the database. Example: An employee has_many :documents , and in the index action of the documents_controller I have to get HIS documents (something like current_user.documents), but an area manager accessing the same action has to get ALL the documents (Document.find(:all)) I can't think of a clean way to implement this avoiding conditions in the controller like "if the user is a X, find(something) else find(something else)" Thanks in adavance for your suggestions -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
