Corin
2010-May-19 16:39 UTC
how to restrict/control access to certain model attributes depending on role
Hi! Assume I have a model named Thread. Normal users should be able to change the attributes [title, body]. Admin users should be able to change [title, body, sticky, ...]. Now I wonder what''s the corrent/best way to restrict/control access to certain model attributes depending on the current user''s role etc. I currenty do it like this: Depending on the current user''s role the controller creates an instance of UserPost or AdminPost. This gives me the ability of different templates, different callbacks etc. which is great and what I need. But the problem is rails thinks UserPost/ AdminPost is a STI (because UserPost < User) and so looks for a column named ''type'' (especially when using mongoid). But these are actually not STI but only helper models. How can I "turn off" STI, but still make rails use the "posts" table (and not "user_posts"/ "admin_posts")? Solutions for rails 3 would be best :-) Thanks, Corin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.