Check if user is in right group


#1

What is the best way of checking this?

I have 3 tables:

groups
users
group_members

class GroupMember < ActiveRecord::Base
belongs_to :group
belongs_to :user
validates_uniqueness_of :user_id, :scope => “group_id”

Then I want a method here that checks if a given user is a member of a
given group. What is the right way of doing that?

def is_member_of(user, group)
??
end

Regards,
Henrik


#2

If a member can be in more than one group I would use a
has_and_belongs_to_many relationship. You create a table called
groups_users and in taht table you have primary keys set for user_id
and group_id you can also add other fields into that table for
permissions and anything else. Than you need to set foreign key
relationships (also indexes) that reference the respective id’s in
the other tables. The HABTM table does not have an id column in it.
If a user can only belong to one group I would get rid of the
group_members table. This is something that I used in PHP allot but
it is not needed on rails with the great relationship support. As far
as a check to see if a user is a member of a group It depends on what
you are looking to display? if it content specific to the group when
they access the page call a find that has the constraint of looking
for the group_id in the users table (foreign key relationship of has
one) or look in groups_users table to pull the users for that
particular group.

Andrew


#3

Thanks for the fast reply :-).

An user can be an member of a lot of groups.

The GoupMember class i supposed to do a lot of things. I therefore
deliberately chose to use this class instead of HABTM (as recommended
it the Aguile book “When a join wants to be a model”, page 241). The
problem is that I just haven’t yet got the whole grasp of this magic
here in AR.

I have started with:

def is_member_of(user, group)
@user = User.find(:id,
:condition => [“uname = ?”, user])
@group = Group.find(:id,
:condition => [“name = ?”, group])
end

But I guess it is more clever ways of doing this in Rails. Beside I’m
not sure how to continue in this method.

  • Henrik
    Sat, 28 Jan 2006, Andrew F. skrev:

as a check to see if a user is a member of a group It depends on what

belongs_to :user
Henrik


Rails mailing list
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails


Rails mailing list
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails
Henrik Ormåsen


SOS Rasisme er Norges eneste demokratiske medlemsorganisasjon som
konsentrerer seg om å arbeide mot rasisme og nazisme. Vi har over
40.000 individuelle medlemmer, 8.000 kollektive medlemmer og 90
lokallag. Vi er Europas største antirasistiske organisasjon.
Har du lyst til å bli medlem? Gå til: www.sos-rasisme.no/blimedlem
Har du lyst til å bli aktiv? Gå til: www.sos-rasisme.no/bliaktiv

PB 9427, Grønland -0135 OSLO
Besøk oss i Brugata 14, 0186 Oslo (Samme bygg som 7 Eleven)

telefon: 23 00 29 00
direkte: 23 00 29 06
faks: 23 00 29 01
mobil: 48 18 14 92


#4

Hello Kevin!

Thanks for your advise. I have from before installed the old login
generator. I should probably upgrade to this one.

But I’m still little unhappy about my missing understanding of the
possibilities of this case. Even if the user|login_engine will solve
my problem here, I will eventually get the same problem later. I’m
working with a news publishing system where the grouping system will
be a very important thing.

But thanks anyway. I no body will help me with my silliness limiting
my ability here, I can try to read some open code and see if I can get
some out of it.

  • Henrik
    Sat, 28 Jan 2006, Kevin O. skrev:

If you want to only permit user assigned to a particular role to be able

:conditions => [“visible_to = ?”, role_id]

Actually… you would need to set up the query to pick up items in any
of the user’s roles, since they can have more than one.

That combination of controller/action access control and record level
control should cover most use cases.

_Kevin

Henrik Ormåsen


SOS Rasisme er Norges eneste demokratiske medlemsorganisasjon som
konsentrerer seg om å arbeide mot rasisme og nazisme. Vi har over
40.000 individuelle medlemmer, 8.000 kollektive medlemmer og 90
lokallag. Vi er Europas største antirasistiske organisasjon.
Har du lyst til å bli medlem? Gå til: www.sos-rasisme.no/blimedlem
Har du lyst til å bli aktiv? Gå til: www.sos-rasisme.no/bliaktiv

PB 9427, Grønland -0135 OSLO
Besøk oss i Brugata 14, 0186 Oslo (Samme bygg som 7 Eleven)

telefon: 23 00 29 00
direkte: 23 00 29 06
faks: 23 00 29 01
mobil: 48 18 14 92


#5

Henrik,

if you want to keep the UserGroup model you first posted, how about

class User < AR:B
has_many :group_members

def member_of?(group)
group_members.include? group
end
end

class Group < AR:B
has_many :group_members
end

cheers
Gerret


#6

Thanks everybody. I’ve converted to the user|login engine. It looks
really nice, and I guess its anyway a good thing to have this part
separated from rest of the app like this engine thing does. Nice to be
able to update it without a lot of work :-).

Also thanks to Gerret, small thing when you know it :-).

  • Henrik

#7

Henrik =?iso-8859-1?Q?Orm=E5sen?= wrote:

Then I want a method here that checks if a given user is a member of a
given group. What is the right way of doing that?

You can do a lot of this kind of stuff using ‘roles’ from the
‘user|login_engine’.

You can restrict access to specific controller/action pairs using that
system (which works nicely IMO).

If you want to only permit user assigned to a particular role to be able
to see an object, you would need some sort of association describing
which roles can see the object. In some cases you could make it as
simple as having a ‘visible_to’ column and populating that with the id
of the appropriate role.

Then you modify your find method to be something like…

@object = Object.find_all_by_visible_to(role_id)

or add a condition like…

:conditions => [“visible_to = ?”, role_id]

Actually… you would need to set up the query to pick up items in any
of the user’s roles, since they can have more than one.

That combination of controller/action access control and record level
control should cover most use cases.

_Kevin