Forum: Ruby on Rails Restricting a FIND based on the results of another

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Robert S. (Guest)
on 2007-06-28 01:11
If anyone could help me figure this out, I'd appreciate it alot.

I'm playing around with the Scriptaculous autocomplete function, which
per the demonstration on their page looks like this in the controller:

def auto_complete_responder_for_contacts(value)

        @results = People.find(:all,
                           :conditions => [ 'LOWER(fullname) LIKE ?','%'
+ value.downcase + '%' ],
                           :order => 'fullname ASC',
                           :limit => 8)
        render :partial => 'contacts' and return

  end

There are three database tables...

1. People - id, fullname, email
(Stores the contact information of the people)

2. Access - id, people_id, user_id
(If a user has access to particular contact, it records that contact and
that user's id in a new row)

3. User - id, username, password, etc.
(Stores the user account data)

In short, not all users get access to the same contacts although there
will be some overlap, which prevents me from assigning any particular
contact simply to one user alone.


The question:

How could this controller be modified so that users only see contacts
that they have access to? Ideally, this would be because there is a
matching pair in the Access table. Once the system finds a match between
the user input and the database in question, it then checks to make sure
that there is a row in the Access table that has both the people_id and
user_id necessary. If not, discards it.

Thank you for your time!
msnapper (Guest)
on 2007-06-28 02:23
(Received via mailing list)
Robert,

This it really depends on what the relationships are between these
tables. One way would be to use a has_many, or has_many :through
relationship between users and people... Use :through if you want to
add other information to your access table... like this:

class User < ActiveRecord::Base
    has_many :access
    has_many :people, :through => :access
end

... Then you could get all the people like this:

user = User.find(some_id)
@people = user.people

or like:

user = User.find(some_id)
@people = user.people.find(:all, :conditions => blah)


Not sure if this is the exact syntax... find more here:
http://wiki.rubyonrails.org/rails/pages/ThroughAssociations

It sounds like what you really want is RBAC (Role Based Authentication
Control).
Have a look at ActiveRBAC: http://active-rbac.rubyforge.org/

Good luck,
Peter


On Jun 27, 2:11 pm, Robert S. <removed_email_address@domain.invalid>
Robert S. (Guest)
on 2007-06-28 05:37
Peter,

Thank you! The Through Associations worked perfectly.
This topic is locked and can not be replied to.