Hey I was wondering if anyone knows of a gem or plugin that can limit fields returned based on the User''s role? I''m looking for something that will basically rewrite the find() method to limit the fields returned based on the User role. so, Admin: Product.all => returns id, number, description, cost fields Guest: Product.all => returns id, number, description fields Thanks! -- Posted via http://www.ruby-forum.com/.
Marli Ba wrote:> Hey I was wondering if anyone knows of a gem or plugin that can limit > fields returned based on the User''s role? I''m looking for something > that will basically rewrite the find() method to limit the fields > returned based on the User role. > > so, > > Admin: > Product.all => returns id, number, description, cost fields > > Guest: > Product.all => returns id, number, description fields > > > Thanks!We use something similar to filter objects in zena (http://bit.ly/2yjaVk). Basically, you need two things: 1. the visitor pattern (stored in Thread.current) 2. scoped finders I wrote an exemple of what you could use to filter fields: http://gist.github.com/210544 To store the visitor in the Thread, the simplest solution is: unless Thread.current.respond_to?(:visitor) class << Thread.current attr_accessor :visitor end end Thread.current.visitor = logged_in_user Gaspard -- Posted via http://www.ruby-forum.com/.
Gaspard Bucher wrote:> > We use something similar to filter objects in zena > (http://bit.ly/2yjaVk). Basically, you need two things: > > 1. the visitor pattern (stored in Thread.current) > 2. scoped finders > > I wrote an exemple of what you could use to filter fields: > http://gist.github.com/210544 > > To store the visitor in the Thread, the simplest solution is: > > unless Thread.current.respond_to?(:visitor) > class << Thread.current > attr_accessor :visitor > end > end > Thread.current.visitor = logged_in_user > > GaspardThanks! I''ve been looking through the code and like what I see. I think I may end up with my own unique implementation, but it''s helpful to see how others have done things. -- Posted via http://www.ruby-forum.com/.
Gaspard, I noticed your program uses scopes to limit the returned
information. I''m running rails 2.3.4 and there seems to be an issue
with scopes and HABTM relationships: that they don''t carry through.
I''ve tried using named scopes in my Product class like this:
class Product < ActiveRecord::Base
has_and_belongs_to_many :categories
named_scope :with_fields_for_role, lambda {|role| {:select => **code
to only select certain columns based on role** } }
end
class Category < ActiveRecord::Base
has_and_belongs_to_many :products
end
Console:>> Product.with_fields_for_role(:guest).first
=> <Product id: 1, number: "000-010", manufacturer_id: 12,
manufacturer_number: "", status: "Current", description:
"PURCHASE ORDER
FORMS:", extended_information: nil>>> Category.first.products.with_fields_for_role(:guest).first
=> ## returns all columns of the product
The first statement works perfectly and the second does not. There
already is a bug report about this.
Have you noticed any problems with your program with this issue?
--
Posted via http://www.ruby-forum.com/.