StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
2191664
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2010-02-03T12:00:45.110
FavoriteCount
0
LastActivityDate
2010-02-03T12:00:45.110
LastEditDate
LastEditorUserId
0
OwnerUserId
312586
ParentId
1427173
PostTypeId
2
Score
2
ViewCount
0
LastEditorDisplayName
text
Body
I think you need to put in place some authorization mechanism. The best gem I know for this is <a href="http://wiki.github.com/stffn/declarative_authorization/" rel="nofollow noreferrer">declarative_authorization</a>. I've personally used it on a production environment, and I'm satisfied with it. There's a <a href="http://railscasts.com/episodes/188-declarative-authorization" rel="nofollow noreferrer">railscast</a> about it, too. The idea is that you declare in one specific file (<code>config/authorization_rules.rb</code>) the "roles and permissions". You say things like "a manager can read only the clients associated with it" or "an administrator can read and write all the users". In your case, it would look like this: <pre><code>authorization do role :guest do # actions here can be done by everyone, even not logged in people end role :user do includes :guest # actions here can be done by logged people end role :manager do includes :user #managers do everything users do, plus: has_permission_on :sales_region, :to => :read do if_attribute :id => is_in {user.sales_region_ids} end has_permission_on :users, :to => [:update, :read] do if_attribute :id => is {user.user_ids_by_sales_region} #defined on the model end end role :admin do includes :user has_permission_on [:sales_regions, :users], :to :manage end end privileges do privilege :manage do includes :create, :read, :update, :delete end end </code></pre> Once this is specified, you have modify your models so they use <code>declarative_authorization</code>. Also, let's define the <code>user_ids_by_sales_region</code> method <pre><code>class User < ActiveRecord::Base using_access_control # this enables DA def users_by_sales_region sales_regions.collect{ |sr| sr.users }.flatten.uniq end def user_ids_by_sales_region users_by_sales_region.collect{ |u| u.id } end end </code></pre> You must also have a <code>current_user</code> method, and a way of getting the current user's role(s). See the "Providing the Plugin’s Requirements" section on the <a href="http://github.com/stffn/declarative_authorization/blob/master/README.rdoc" rel="nofollow noreferrer">readme</a>. Then you can do what you want with <code>with_permissions_to</code> : <pre><code>manager = User.find(...) manager.users.with_permissions_to(:read) # the users from his region manager.users.with_permissions_to(:read).find(:all, conditions => { :active => true }) manager.users.with_permissions_to(:write) #returns no users, managers can't edit them admin = User.find(...) admin.users.with_permissions_to(:write) #will return all users </code></pre> This means a little bit of effort at the beginning, but simplifies the application greatly later on. Also, you have additional functionalities, such as hiding/showing parts of views depending on the permissions the current user has, as well as forbidding access to specific controller actions. Also, it should work just fine with paginations, etc. There's another declarative authorization gem called <a href="http://github.com/ryanb/cancan/" rel="nofollow noreferrer">cancan</a>. I don't have experience with this one, but if it is done by Ryan Bates, it must be good (he's got a <a href="http://railscasts.com/episodes/192-authorization-with-cancan" rel="nofollow noreferrer">railscast</a> for it, too). However, I don't think it allows model extensions, which is what you seem to need now.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. PORails dynamic finders based on role
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USkikito
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. PORails dynamic finders based on role
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COThanks for your answer, certainly looks like a great plugin. I eventually tried declaring named_scopes on the models that needed restricting, such that they could be accessed using (for example) User.visible_to(@current_user) or Account.visible_to(@current_user).in_sales_area(3). I'll post some sample code below. Thanks again!
 singulars
 PostPostId
 PO
 UserUserId
 USChris Blunt

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.