I currently have two models. One holds users (username, password) and one "data" (title, message, etc.). I can handle login via filters I believe, courtesy of the Rails Recipes book. However, I'd like to limit what a user can see of the data. To do this, I added another table to the database with user_id and data_id fields. Now I'm a little stuck, as I can't figure out how to limit the 'list' action based on which users may see it. I don't really need much more granularity than this. Do I need another model, to hold the user<->data mapping? Or is it enough just to edit the data model somehow so it only returns entries that the current user has access to? Also, if anybody can suggest a good way to add the privileges that would also be useful. I guess it would be simplest if it was a separate view (instead of tacked on to the user or data views). But should it be mixed with the data controller? Or the user controller? Time to have another read of the pragmatic book, to see what I've missed :) Cheers.
on 2006-03-09 00:41
on 2006-03-09 09:10
David, There are many way to nail this one, but you could use "with_scope" to wrap the restriction around your query. You still have to 1/detect the level of a given user and 2/filter out data records. article: http://blog.caboo.se/articles/2006/02/22/nested-with_scope api doc: http://api.rubyonrails.org/classes/ActiveRecord/Ba... Alain