All - is there a standard pattern for the following case? My domain is
pretty unique so let me use an analogy to try and better convey the
problem.
Let’s assume that a “director” owns a “series” and that an
“administrator” or “director” can add information (actors, an episode,
whatever) to that “series”. So, for a given season (Let’s say it’s Lost
and JJ Abrams is the director), JJ wants to login to this app and say
“add a new episode to Lost.”
I need to ensure that JJ has the rights to add this episode or actor to
the series he’s wishing to add it to. In other words, I need to say -
if JJ (current_user) is the director of this series, then let him.
That said, let’s say I have an ‘episode’ object - and JJ has gone and
created a new instance. I’m guessing the best way to make sure that the
current user (JJ) has rights to create this episode (before saving) is
to override validate and basically say:
def validate
errors.add_to_base(“no no”) unless current_user (jj) owns the series
we’re trying to associate this episode to
end
Does this question make sense? Hope so.