All - is there a standard pattern for the following case? My domain is
pretty unique so let me use an analogy to try and better convey the
problem.
Let''s assume that a "director" owns a "series" and
that an
"administrator" or "director" can add information (actors,
an episode,
whatever) to that "series". So, for a given season (Let''s
say it''s Lost
and JJ Abrams is the director), JJ wants to login to this app and say
"add a new episode to Lost."
I need to ensure that JJ has the rights to add this episode or actor to
the series he''s wishing to add it to. In other words, I need to say -
if JJ (current_user) is the director of this series, then let him.
That said, let''s say I have an ''episode'' object - and
JJ has gone and
created a new instance. I''m guessing the best way to make sure that
the
current user (JJ) has rights to create this episode (before saving) is
to override validate and basically say:
def validate
errors.add_to_base("no no") unless current_user (jj) owns the series
we''re trying to associate this episode to
end
Does this question make sense? Hope so.
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
it is not validation issue, it should not go to model at all. before_filter in controller or decent acl plugin will do the job On 25 фев, 02:03, Cory Wilkerson <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> All - is there a standard pattern for the following case? My domain is > pretty unique so let me use an analogy to try and better convey the > problem. > > Let''s assume that a "director" owns a "series" and that an > "administrator" or "director" can add information (actors, an episode, > whatever) to that "series". So, for a given season (Let''s say it''s Lost > and JJ Abrams is the director), JJ wants to login to this app and say > "add a new episode to Lost." > > I need to ensure that JJ has the rights to add this episode or actor to > the series he''s wishing to add it to. In other words, I need to say - > if JJ (current_user) is the director of this series, then let him. > > That said, let''s say I have an ''episode'' object - and JJ has gone and > created a new instance. I''m guessing the best way to make sure that the > current user (JJ) has rights to create this episode (before saving) is > to override validate and basically say: > > def validate > errors.add_to_base("no no") unless current_user (jj) owns the series > we''re trying to associate this episode to > end > > Does this question make sense? Hope so. > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
There''s a great Rails Recipe (http://www.pragprog.com/titles/fr_rr/) that covers basic access control using users, roles, and rights. I don''t have it nearby, but I''d highly recommend reading it in your case. -Kyle On Feb 24, 7:34 pm, lq <liquidaut...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> it is not validation issue, it should not go to model at all. > before_filter in controller or decent acl plugin will do the job > > On 25 фев, 02:03, Cory Wilkerson <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> > wrote: > > > All - is there a standard pattern for the following case? My domain is > > pretty unique so let me use an analogy to try and better convey the > > problem. > > > Let''s assume that a "director" owns a "series" and that an > > "administrator" or "director" can add information (actors, an episode, > > whatever) to that "series". So, for a given season (Let''s say it''s Lost > > and JJ Abrams is the director), JJ wants to login to this app and say > > "add a new episode to Lost." > > > I need to ensure that JJ has the rights to add this episode or actor to > > the series he''s wishing to add it to. In other words, I need to say - > > if JJ (current_user) is the director of this series, then let him. > > > That said, let''s say I have an ''episode'' object - and JJ has gone and > > created a new instance. I''m guessing the best way to make sure that the > > current user (JJ) has rights to create this episode (before saving) is > > to override validate and basically say: > > > def validate > > errors.add_to_base("no no") unless current_user (jj) owns the series > > we''re trying to associate this episode to > > end > > > Does this question make sense? Hope so. > > -- > > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---