On 27 Jan 2010, at 11:32, eugenio wrote:
> i got two controller (with restful actions) where my code is quite
> ugly and not very dry. every action looks quite like this:
> if @logged_user.has_role?("admin")
> User.find(params[:id)
> else
> @logged_user.group.user.find(params[:id])
>
> this is a security check that enforce a simple spec: normal user
> should read/write information only about their group's users, but
> "admin" users can read/write about all users.
> The other controller is quite similar, just on another model.
>
> trying to refactor a was reading about using a with_scope in an
> around_filter.
> this seems to work and the code gets a lot smaller. But it seems to be
> a deprecated practice...
> What is the "rails way" to accomplish this?
> thanks.
one way would be to have a before filter that looked like
def get_user_to_edit
if @logged_user.has_role?("admin")
@user = User.find(params[:id)
else
@user = @logged_user.group.user.find(params[:id])
end
end
and then @user is ready for you in your actions.
Fred
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-talk?hl=en.
>
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
