Hi Everyone,
Is there anything out there that allows model-level access control?
Basically, records need be available if a)You created them and they''re
associated with your user id b)You''re an admin, in which case you
should be
able to see very record.
I imagine I could implement this functionality by creating separate actions,
one which only pulls records based on user id, and another which pulls all
records and also checks to see if you''re authorized to view the action.
Anyone have experience with this? Which one makes more sense?
Thanks!
Daniel
