I''m using the latest RESTful_ACL plugin - http://github.com/mdarby/restful_acl - and so far it has fulfilled my app needs... I control the access to the several models depending on the user''s role and the REST action. Although, I have a question: For example, imagine that I have an User, each User can have many Numbers, and each Number can have many Profiles. A User can only access his Numbers and hence only the Profiles associated with each of those Numbers he owns. Imagine that I have an User 1, which owns the Number 1, which has a Profile 1. And there''s another User 2, which owns the Number 2, which has a Profile 2. I can protect the access to a particular Number and Profile using self.is_readable_by(user. object). User 1 is successfully blocked when trying to access /numbers/2 and /numbers/2/profiles/2 But I''m having problems finding a way to _not_ allow a User to access the index of Profiles for a Number that he doesn''t own. How could I protect the User 1 from accessing the index of Profiles belonging to User 2? /numbers/2/profiles --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks for using RESTful_ACL!
What you''re trying to do is simple with v2.0+:
class Profile < ActiveRecord::Base
logical_parent :number
belongs_to :number
# This method checks permissions for the :index action
def self.is_indexable_by(user, parent = nil)
user.number == parent
end
end
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Many thanks for the reply, issue solved!!! Keep up with the good work :) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Jm Freitas wrote:> Many thanks for the reply, issue solved!!! > Keep up with the good work :)1. Awesome. 2. Thanks ;) -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---