thr3ads.net - Rails - how to restrict/control access to certain model attributes depending on role [May 2010]

If this information is useful, please help other people find it:
Share via:

Corin

2010-May-19 16:39 UTC

how to restrict/control access to certain model attributes depending on role

Hi!

Assume I have a model named Thread.

Normal users should be able to change the attributes [title, body].
Admin users should be able to change [title, body, sticky, ...].

Now I wonder what''s the corrent/best way to restrict/control access to
certain model attributes depending on the current user''s role etc.

I currenty do it like this:
Depending on the current user''s role the controller creates an
instance of UserPost or AdminPost. This gives me the ability of
different templates, different callbacks etc. which is great and what
I need. But the problem is rails thinks UserPost/ AdminPost is a STI
(because UserPost < User) and so looks for a column named
''type'' (especially when using mongoid). But these are actually
not STI
but only helper models. How can I "turn off" STI, but still make rails
use the "posts" table (and not "user_posts"/
"admin_posts")?

Solutions for rails 3 would be best :-)

Thanks,
Corin

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Rails - May 2010 - how to restrict/control access to certain model attributes depending on role

how to restrict/control access to certain model attributes depending on role