If anyone could help me figure this out, I'd appreciate it alot. I'm playing around with the Scriptaculous autocomplete function, which per the demonstration on their page looks like this in the controller: def auto_complete_responder_for_contacts(value) @results = People.find(:all, :conditions => [ 'LOWER(fullname) LIKE ?','%' + value.downcase + '%' ], :order => 'fullname ASC', :limit => 8) render :partial => 'contacts' and return end There are three database tables... 1. People - id, fullname, email (Stores the contact information of the people) 2. Access - id, people_id, user_id (If a user has access to particular contact, it records that contact and that user's id in a new row) 3. User - id, username, password, etc. (Stores the user account data) In short, not all users get access to the same contacts although there will be some overlap, which prevents me from assigning any particular contact simply to one user alone. The question: How could this controller be modified so that users only see contacts that they have access to? Ideally, this would be because there is a matching pair in the Access table. Once the system finds a match between the user input and the database in question, it then checks to make sure that there is a row in the Access table that has both the people_id and user_id necessary. If not, discards it. Thank you for your time!
on 2007-06-28 01:11
on 2007-06-28 02:23
Robert, This it really depends on what the relationships are between these tables. One way would be to use a has_many, or has_many :through relationship between users and people... Use :through if you want to add other information to your access table... like this: class User < ActiveRecord::Base has_many :access has_many :people, :through => :access end ... Then you could get all the people like this: user = User.find(some_id) @people = user.people or like: user = User.find(some_id) @people = user.people.find(:all, :conditions => blah) Not sure if this is the exact syntax... find more here: http://wiki.rubyonrails.org/rails/pages/ThroughAssociations It sounds like what you really want is RBAC (Role Based Authentication Control). Have a look at ActiveRBAC: http://active-rbac.rubyforge.org/ Good luck, Peter On Jun 27, 2:11 pm, Robert S. <email@example.com>
on 2007-06-28 05:37
Peter, Thank you! The Through Associations worked perfectly.