Forum: Ruby on Rails Nested and non-nested resources, and admin restrictions

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
49de4cd2f26705785cbef2b15a9df7aa?d=identicon&s=25 Nick Hoffman (nickh)
on 2008-11-24 20:14
(Received via mailing list)
This is a fairly long question, but it's a common one that applies to
a lot of applications. Here goes!

Many apps have/want a setup similar to this:

1) ModelA has many ModelBs (Eg: User has many Photos).
2) Admins CRUD all photos at /photos and beyond (Eg: /photos/1/edit).
3) Admins CRUD User photos at /user/1/photos and beyond.
4) Users CRUD their photos at /account/photos and beyond.

Some people don't bother with #2, because photos can be CRUDed via #3.
However, I want #2 because it gives you a higher/broader view of the
Photos resource.

I'm trying to figure out an efficient, DRY/semi-DRY way of
implementing this. At the moment:

For #2 above, I've:
1) Restricted PhotosController to admins.
2) Created a Photos resource (map.resources :photos).

For #3 above, I've:
1) Nested a Photos resource within the Users resource:
      map.resources :users, :has_many => :photos

For #4 above, I've:
1) Created Account::PhotosController, which restricts photos to the
current user (account).
2) Nested Account::PhotosController within the Account singleton
resource:
      map.resource :account do |account|
        account.resources :photos, :controller => 'account/photos'
      end

Everything but #3 works perfectly. /user/1/photos calls
PhotosController#index , which finds all photos, rather than finding
only photos belonging to user 1.

I've come up with a few solutions, but don't feel that any of them are
ideal.

Solution #1:
Create a whole new controller, which finds photos within the specified
user. However, this would duplicate 95% of PropertiesController, which
is pretty dirty.

Solution #2:
Create a method in PhotosController that abstracts the finding of
photos. However, this feels wrong because it's mixing functionality
between two different resources (photos vs user-photos).
See http://pastie.org/pastes/322733

Solution #3:
Create a new controller which inherits from PhotosController, and add
a bit of logic to PhotosController to prevent it from finding photos
when they've already been found.
See http://pastie.org/322734

Solution #4:
Use the resource_controller plugin. However, I find that r_c limits
what I can do in some controller actions. For example, r_c only
provides customisable failure scenarios for #create, #update and
#destroy, while I need to customise every action's failure scenario.

So, what do you guys think of those solutions, and are there any other
solutions that are more ideal?

Cheers,
Nick
This topic is locked and can not be replied to.