I have the following scenario. Users have various levels of ability. They can only view and edit their own records (their profile). Their managers can only view and edit their employees records. The regional managers can view and edit only the people in their regions and the corporate headquarters can view and edit all records. There are multiple regions so somebody can be the manager of the north region and somebody is the manager of the south region. They both have the role of "regional manager". Of course this also applies to any of the child relations as well (addresses, phone numbers etc). I am struggling with a clean way to write a controller which would only show the records they have the right to on the index method. I want to avoid silly and complex case statements and I also want avoid roles like "regional manager north". I figure somebody here has run into this problem. What is the most elegant way to solve this problem. Cheers. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
On 20 February 2013 23:56, Tim Uckun <timuckun-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I have the following scenario. > > Users have various levels of ability. They can only view and edit > their own records (their profile). Their managers can only view and > edit their employees records. The regional managers can view and edit > only the people in their regions and the corporate headquarters can > view and edit all records. There are multiple regions so somebody > can be the manager of the north region and somebody is the manager of > the south region. They both have the role of "regional manager".Is this a fully hierarchical network? If so then you could use a child parent arrangement such that a user at one level can access all the users below him. Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Have you been looking at CanCan? I''ve implemented a similar situation with CanCan. It will not cover your needs for 100% but it will do a lot. Op donderdag 21 februari 2013 00:56:53 UTC+1 schreef Tim Uckun het volgende:> > I have the following scenario. > > Users have various levels of ability. They can only view and edit > their own records (their profile). Their managers can only view and > edit their employees records. The regional managers can view and edit > only the people in their regions and the corporate headquarters can > view and edit all records. There are multiple regions so somebody > can be the manager of the north region and somebody is the manager of > the south region. They both have the role of "regional manager". > > Of course this also applies to any of the child relations as well > (addresses, phone numbers etc). > > I am struggling with a clean way to write a controller which would > only show the records they have the right to on the index method. I > want to avoid silly and complex case statements and I also want avoid > roles like "regional manager north". > > I figure somebody here has run into this problem. What is the most > elegant way to solve this problem. > > Cheers. >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/AcPwpZUGr6cJ. For more options, visit https://groups.google.com/groups/opt_out.
On Fri, Feb 22, 2013 at 3:51 AM, javinto <jan.javinto-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Have you been looking at CanCan? > > I''ve implemented a similar situation with CanCan. It will not cover your > needs for 100% but it will do a lot. >Yes I have been looking at cancan. I have also been looking at Consul. Of the two Consul seems to have a little more power and is scope based so it''s probably worth giving a shot but it looks like cancan has won the popularity war anyway. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.