Currently, I have 3 models User Group Permission Users and Groups have a HABTM relationship and Groups and Permissions have a HABTM relationship. For purposes of authorization, I need to know if a user belongs to a particular group that has a particlar permission to determine if they can perform an operation. What's the best way to go about this?
on 2009-04-28 18:11
on 2009-04-29 20:08
On Tue, Apr 28, 2009 at 10:10 AM, DVG <firstname.lastname@example.org> wrote: > particular group that has a particlar permission to determine if they > can perform an operation. Have the user ask its groups if any of them have the permission in question: target_permission = Permission.find(...) user.groups.any? do |group| group.permissions.include?(target_permission)} end