hey, i have maded some security in my website based on
Here they work with users, roles and persmission, and they check it like
I have extended this to: users and groups with roles and permissions.
With permissions like “view records”,“edit records”,“delete records”,…
@permissions = Hash.new(false)
for group in self.groups
for role in group.roles
for perm in role.permissions
if perm.name == permission
All this works good. But all this security is based on the type of role
has (what actions the user may do)
But now i want also security on “what” the user may see.
i have in my database ex. clients ids => 1 , 2, 3, 4 and 5
User 1 may only see id 1, 2 and 3
User 2 may only see id 2, 4 and 5
User 3 may only see id 3 and 5
anyone has a idea who to do this???
in this example there are 5 ids, but that can be easily 1000+
Thanks in advance