So, I hear that with_scope is going to be deprecated.
Which is a bit of a shame, given the stuff I’ve been writing recently.
I have a CMS with multiple clients. A ‘client’ is essentially a
company, with multiple users. Content on the site belongs to a client
- content could be messages, images, schedules, etc etc. People
belonging to one client should not be able to see content created by
people from another client.
I’ve wrapped this all up very nicely into a controller method, looking
class SchedulerController < ApplicationController
client_filter_on :events, :compositions
which uses some with_scope magic to ensure that any Event or
Composition objects that are created or found within that controller
have a client id matching the currently logged in user.
According to DHH -
- with_scope is going to be deprecated. So how do I accomplish this
without with_scope? Add conditions to every single find & create
method across my entire site? That doesn’t sound too clever.
Basecamp must have some sort of similar set-up. How are the 37signals
team preventing one company seeing another company’s secret messages,
without having to remember to filter every query?