Restricting a FIND based on the results of another

If anyone could help me figure this out, I’d appreciate it alot.

I’m playing around with the Scriptaculous autocomplete function, which
per the demonstration on their page looks like this in the controller:

def auto_complete_responder_for_contacts(value)

    @results = People.find(:all,
                       :conditions => [ 'LOWER(fullname) LIKE ?','%'
  • value.downcase + ‘%’ ],
    :order => ‘fullname ASC’,
    :limit => 8)
    render :partial => ‘contacts’ and return


There are three database tables…

  1. People - id, fullname, email
    (Stores the contact information of the people)

  2. Access - id, people_id, user_id
    (If a user has access to particular contact, it records that contact and
    that user’s id in a new row)

  3. User - id, username, password, etc.
    (Stores the user account data)

In short, not all users get access to the same contacts although there
will be some overlap, which prevents me from assigning any particular
contact simply to one user alone.

The question:

How could this controller be modified so that users only see contacts
that they have access to? Ideally, this would be because there is a
matching pair in the Access table. Once the system finds a match between
the user input and the database in question, it then checks to make sure
that there is a row in the Access table that has both the people_id and
user_id necessary. If not, discards it.

Thank you for your time!


This it really depends on what the relationships are between these
tables. One way would be to use a has_many, or has_many :through
relationship between users and people… Use :through if you want to
add other information to your access table… like this:

class User < ActiveRecord::Base
has_many :access
has_many :people, :through => :access

… Then you could get all the people like this:

user = User.find(some_id)
@people = user.people

or like:

user = User.find(some_id)
@people = user.people.find(:all, :conditions => blah)

Not sure if this is the exact syntax… find more here:

It sounds like what you really want is RBAC (Role Based Authentication
Have a look at ActiveRBAC:

Good luck,

On Jun 27, 2:11 pm, Robert S. [email protected]


Thank you! The Through Associations worked perfectly.