On 15 March 2010 14:05, eugenio <[email protected]> wrote:
> thanks. i will try this, but i'm searching for something that can be
> used with some named_scope (based on the rights).
It would help if you mentioned that in your first post then, rather
than just asking how to determine @users.rights...
I tend to use something like this in my models:
named_scope :for_user, lambda { |user| scope_hash_for_user(user) }
private
def self.scope_hash_for_user(user)
case (user.role rescue nil)
when :admin
# see everything
when :client
# see nothing
{ :conditions => ["1 = 0"] }
when :customer_admin
# their company and below
{ :conditions => ["groupable_entities.id IN (SELECT company.id
FROM groupable_entities AS company
WHERE company.id in (?))",
user.company.self_and_descendants_ids] }
when :customer
# their company
{ :conditions => ["groupable_entities.id IN (SELECT company.id
FROM groupable_entities AS company
WHERE company.id = ?)", user.company.id] }
else
raise Aegis::PermissionError, "Unknown role"
end
end
In the controller I can call Model.for_user(current_user) to return
the items they are permitted to see, and combine it with Aegis for
permissions-checking on specific instances of objects in controllers
and views. Speaking to the developers of Aegis, they're hoping to
introduce some named-scope permissions method in their next release,
but depending on the timescale, I might look to see if CanCan handles
the problem better.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
