Andrew France
2009-Mar-16 14:40 UTC
Overriding ActiveRecord associations for special cases
Hi,
Does anyone know a good way to override AR associations to take
special cases into account. My current take is the example below which
allows the ''root'' user to access all products, but only works
if I
remember to call it with a .all/.find or similar method:
''user.products.all'' instead of
''user.products''. Ideally I guess I want
to return a proxy object that represents all products. Any ideas?
class User
has_many :products
def root?
id == 1
end
def products_with_root
if root?
Product # Better way?
else
products_without_root
end
end
alias_method_chain :products, :root
end
Best regards,
Andrew France
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
\"Wolas!\"
2009-Mar-16 16:30 UTC
Re: Overriding ActiveRecord associations for special cases
I think you have a design problem here. Access controll should be
handled in the controller, not the model.
besides, having
def root?
id == 1
end
i believe is a very bad bad idea, maybe im wrong. any opinions anyone?
On Mar 16, 3:40 pm, Andrew France
<andrew+li...-nb9sXpffzH/10XsdtD+oqA@public.gmane.org>
wrote:> Hi,
>
> Does anyone know a good way to override AR associations to take
> special cases into account. My current take is the example below which
> allows the ''root'' user to access all products, but only
works if I
> remember to call it with a .all/.find or similar method:
> ''user.products.all'' instead of
''user.products''. Ideally I guess I want
> to return a proxy object that represents all products. Any ideas?
>
> class User
> has_many :products
>
> def root?
> id == 1
> end
>
> def products_with_root
> if root?
> Product # Better way?
> else
> products_without_root
> end
> end
> alias_method_chain :products, :root
> end
>
> Best regards,
> Andrew France
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
\"Wolas!\"
2009-Mar-16 16:43 UTC
Re: Overriding ActiveRecord associations for special cases
sorry, didint mention why it was a bad idea. Just in case the root user changes id. or someone can modify the parameters and pretend to be of id 1. and probably for som many reasons i forgot right now. On Mar 16, 3:40 pm, Andrew France <andrew+li...-nb9sXpffzH/10XsdtD+oqA@public.gmane.org> wrote:> Hi, > > Does anyone know a good way to override AR associations to take > special cases into account. My current take is the example below which > allows the ''root'' user to access all products, but only works if I > remember to call it with a .all/.find or similar method: > ''user.products.all'' instead of ''user.products''. Ideally I guess I want > to return a proxy object that represents all products. Any ideas? > > class User > has_many :products > > def root? > id == 1 > end > > def products_with_root > if root? > Product # Better way? > else > products_without_root > end > end > alias_method_chain :products, :root > end > > Best regards, > Andrew France--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Andrew France
2009-Mar-16 17:59 UTC
Re: Overriding ActiveRecord associations for special cases
On Mar 16, 4:30 pm, "\"Wolas!\"" <jcpen...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I think you have a design problem here. Access controll should be > handled in the controller, not the model.Thanks for replying. I don''t know, I figure that the model is already deciding which users are associated with which products and expanding this to handle a special case is a logical extension that saves putting business logic in the controllers. Although I will probably have to revert to that as a fully-working solution.> besides, having > > def root? > id == 1 > end > > i believe is a very bad bad idea, maybe im wrong. any opinions anyone?> sorry, didint mention why it was a bad idea. Just in case the root > user changes id. or someone can modify the parameters and pretend to > be of id 1. and probably for som many reasons i forgot right now.Not sure if these can be justified as since by the definition above if the root user changes their ID they are no longer the root user and if somebody can pretend to be other user IDs on a system I think it has bigger problems! Please let me know if you remember the other ones as security is of course important. Thanks. Andrew --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
\"Wolas!\"
2009-Mar-17 10:17 UTC
Re: Overriding ActiveRecord associations for special cases
> Not sure if these can be justified as since by the definition above if > the root user changes their ID they are no longer the root userand you would have NO root user in the system. If you have a system, where only root users can grant root access to other users you would have locked yourself out of your system. Migrating to another db where there is already data or for some reason it decides not to assign an id of 1. then you find yourself in the same situation as before. if you want to rely on a unique piece of info (that will not change with time, or migrations or other db situations) maybe name if it is unique or a boolean saying :admin => true it is quite common in our projects that we put: class User DEV = ["wolas", "foo", "abr"] def developer? DEV.include? name end def admin? developer? || super end end respect to your original issue. i dont think that is business logic but mroe access control, which should be handled in the model. As in, root users can see all products but no other so: def index @proucts = if current_user.root? Product.all else current_user.products end end On Mar 16, 6:59 pm, Andrew France <andrew+li...-nb9sXpffzH/10XsdtD+oqA@public.gmane.org> wrote:> On Mar 16, 4:30 pm, "\"Wolas!\"" <jcpen...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > I think you have a design problem here. Access controll should be > > handled in the controller, not the model. > > Thanks for replying. I don''t know, I figure that the model is already > deciding which users are associated with which products and expanding > this to handle a special case is a logical extension that saves > putting business logic in the controllers. Although I will probably > have to revert to that as a fully-working solution. > > > besides, having > > > def root? > > id == 1 > > end > > > i believe is a very bad bad idea, maybe im wrong. any opinions anyone? > > sorry, didint mention why it was a bad idea. Just in case the root > > user changes id. or someone can modify the parameters and pretend to > > be of id 1. and probably for som many reasons i forgot right now. > > Not sure if these can be justified as since by the definition above if > the root user changes their ID they are no longer the root user and if > somebody can pretend to be other user IDs on a system I think it has > bigger problems! Please let me know if you remember the other ones as > security is of course important. Thanks. > > Andrew--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---