Hopefully someone can give me some advice on how to approach this problem... I''m getting ready to start a large new project where several different organizations would be working with a lot of tables. Each table would have an organization_id field to signify which organization owns that record. Organizations would only be able to view/edit records they own. Potentially thousands of organizations and dozens of tables. I''m hoping rails has some magic way to handle this in the model somehow. The alternative is I''d have to include a where organization_id = to virtually every single query... btw, I''m using mysql, in case there might be some way to accomplish this on the database level.
Hi ! 2006/4/5, Tony Buser <tbuser@gmail.com>:> I''m hoping rails has some magic way to handle this in the model > somehow. The alternative is I''d have to include a where > organization_id = to virtually every single query...You''ll need the org_id column on your child tables anyway, but Rails allows you to do it this way: class Organization < AR::Base has_many :postings has_many :employees has_many :drafts end class Posting < AR::Base belongs_to :organization end organization.postings.find(:all, ...) You can use a before_filter in ApplicationController to get the org into a known variable. This is not unlike regular authentication. Hope that helps ! -- Fran?ois Beausoleil http://blog.teksol.info/
Also look at with_scope and at the ScopedAccess plugin. Google it. Tony Buser wrote:> Hopefully someone can give me some advice on how to approach this > problem... I''m getting ready to start a large new project where > several different organizations would be working with a lot of tables. > Each table would have an organization_id field to signify which > organization owns that record. Organizations would only be able to > view/edit records they own. Potentially thousands of organizations > and dozens of tables. > > I''m hoping rails has some magic way to handle this in the model > somehow. The alternative is I''d have to include a where > organization_id = to virtually every single query... > > btw, I''m using mysql, in case there might be some way to accomplish > this on the database level.-- Posted via http://www.ruby-forum.com/.
Well that makes total sense and I can''t believe I didn''t think of it before. :) Thanks! On 4/5/06, Francois Beausoleil <francois.beausoleil@gmail.com> wrote:> organization.postings.find(:all, ...) > > You can use a before_filter in ApplicationController to get the org > into a known variable. This is not unlike regular authentication.