Forum: Ruby on Rails Limiting a user's view of data

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
David (Guest)
on 2006-03-09 01:41
I currently have two models.  One holds users (username, password) and
one "data" (title, message, etc.).  I can handle login via filters I
believe, courtesy of the Rails Recipes book.

However, I'd like to limit what a user can see of the data.  To do this,
I added another table to the database with user_id and data_id fields.
Now I'm a little stuck, as I can't figure out how to limit the 'list'
action based on which users may see it.  I don't really need much more
granularity than this.

Do I need another model, to hold the user<->data mapping?  Or is it
enough just to edit the data model somehow so it only returns entries
that the current user has access to?

Also, if anybody can suggest a good way to add the privileges that would
also be useful.  I guess it would be simplest if it was a separate view
(instead of tacked on to the user or data views).  But should it be
mixed with the data controller?  Or the user controller?

Time to have another read of the pragmatic book, to see what I've missed
:)

Cheers.
Alain R. (Guest)
on 2006-03-09 10:10
(Received via mailing list)
David,

There are many way to nail this one, but you could use "with_scope" to
wrap the restriction around your query. You still have to 1/detect the
level of a given user and 2/filter out data records.

article:
   http://blog.caboo.se/articles/2006/02/22/nested-with_scope
api doc:
   http://api.rubyonrails.org/classes/ActiveRecord/Ba...

Alain
This topic is locked and can not be replied to.