Michael Schreifels
2006-Aug-30 04:39 UTC
Validations: Controller Filters vs. Model validate()
Lately I have come to somewhat of a dilemma. Consider I have a Forum
model. A Forum belongs_to a Group, but not any one particular User. To
create a Forum, however, the Membership association between the User
and the Group must be at an admin-level (integer value is 3). In the
controller I use the before_filter called
''require_group_admin'' to
ensure proper permissions. The problem is that in the Forum validate()
method, I cannot make sure that the user creating it has sufficient
permissions without adding a user_id foreign key.
Consider an opposite example. A Group also has_many Events. To create
an Event, just like a Forum, the User''s Membership association with
the Group (:through) must be 3. As such, I use the same before_filter
in the controller as in the previous example. However, this time in
the validate() method of the Event class I can choose to make sure the
User has proper permissions because it belongs_to a User. This would
have to be done via something like:
"self.user.membership.find_by_group_id(group).status == 3"
Something very similar is required in the before_filter
''require_group_admin'' to make sure the User can do that. I was
told
that before_filters should be used to protect the viewing of files;
models to protect the actual data itself. So in theory I should be
using both. But I am repeating myself, thereby violating the infamous
DRY. And add to that the fact that I am doing two extra queries, if
not more ("self.user.membership" == find user, find membership by
user?).
Am I missing something here? Am I supposed to use both validations? If
so, what about in the first case? It doesn''t make sense for a single
forum to "belong" to a user! Responses greatly appreciated!
- Michael
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---