I have the following scenario.
Users have various levels of ability. They can only view and edit
their own records (their profile). Their managers can only view and
edit their employees records. The regional managers can view and edit
only the people in their regions and the corporate headquarters can
view and edit all records. There are multiple regions so somebody
can be the manager of the north region and somebody is the manager of
the south region. They both have the role of “regional manager”.
Of course this also applies to any of the child relations as well
(addresses, phone numbers etc).
I am struggling with a clean way to write a controller which would
only show the records they have the right to on the index method. I
want to avoid silly and complex case statements and I also want avoid
roles like “regional manager north”.
I figure somebody here has run into this problem. What is the most
elegant way to solve this problem.