Hello everyone hope u r doing greate.. Im a almost three weeks old in RoR and ive a simple problem which i could find an answer for! Ill tell first a bit about the project im trying to do: Im making a tool for a Team Leader where he can put tasks for his team members, the Team Leader can see all tasks for his own team, but a team member can see ONLY his own task, my problem is: Im using the same view when showing the task it self and so a Team Leader would have these links shown (edit, delete.etc) but a team member cant delete his task, only can edit the status of it. Is there a way which i can tell from my controller which links to apear or not depending on the User rights? ive really tried to search this out a lot but came out empty.. Any help would be appreciated, thanks in advance.. FeDuZ!!
on 2007-06-23 18:27
on 2007-06-23 19:19
Ive doubled posted this subject the other post is: http://www.ruby-forum.com/topic/112874#new Please kindly reply over there...thanks. FeDuZ!!
on 2007-06-24 00:46
Fady, Without getting into too many details, I think the post on Authorization in Rails at http://www.vaporbase.com/postings/Authorization_in_Rails will help you understand how to address most of your requirements. The skinny of the answer is that, if you're just dealing with team leaders and team members you can probably get away with the "Super Simple" solution in the post. If your needs expand, you might want to go with Chad Fowler's recipe or with one of the well-known plugins. This said, it looks like you have one additional requirement beyond normal Role Based Access Control (RBAC) - ownership. That is, a user must be checked to see not only if they have the role "team member" but also to make sure that they're a member of the appropriate team for the tasks they are trying to access. In this case, using a recursive acts_as_tree relationship should help you to accomodate the complexity of an organizational models where users may place multiple roles across different teams. If this doesn't make sense to you or if you haven't dealt with acts_as_tree, please post back. On Jun 23, 12:27 pm, Fady Farhat <rails-mailing-l...@andreas-s.net>