hey,
this is the situation, an user may only access x clients (ex , 1, 5 ,6
,7), so i
make a string with those ids and paste it to the sql statement, the user
is from
the session
#creating a list of all the client record ids the user may access and
paste it
in the sql statement
if user.has_permission(‘admin’) || user.view_all == 1
text = “”
else
text = “”
first = true
# only list current user’s clients
for client in user.clients
if first == true
text += " and id IN ( " + client.id.to_s
first = false
else
text += ", " + client.id.to_s
end
end
if first == false
text += " ) "
end
end
#getting the clients records depending on the given paramaters and
paginate it
@client_pages, @clients = paginate :client, :conditions => ['firm_id = ?
and
name like ? and ’ +
'address1 like ? and zip like ? and city like ? and country like ? and
deleted
like ? '+ text,
@firm_id, “%#{@name}%”, “%#{@address1}%”, “%#{@zip}%”, “%#{@city}%”,
“%#{@country}%”,0] ,
:order_by => “name ASC”, :per_page => 10
the ids are always from the session, so i was wondering if i can do the
ids
conditions on the model, and the rest in the controller. Or will the one
condition overwrite the other???
Thanks
Nick