i got two controller (with restful actions) where my code is quite
ugly and not very dry. every action looks quite like this:
if @logged_user.has_role?("admin")
User.find(params[:id)
else
@logged_user.group.user.find(params[:id])
this is a security check that enforce a simple spec: normal user
should read/write information only about their group's users, but
"admin" users can read/write about all users.
The other controller is quite similar, just on another model.
trying to refactor a was reading about using a with_scope in an
around_filter.
this seems to work and the code gets a lot smaller. But it seems to be
a deprecated practice...
What is the "rails way" to accomplish this?
thanks.
i got two controller (with restful actions) where my code is quite
ugly and not very dry. every action looks quite like this:
if @logged_user.has_role?("admin")
User.find(params[:id)
else
@logged_user.group.user.find(params[:id])
this is a security check that enforce a simple spec: normal user
should read/write information only about their group's users, but
"admin" users can read/write about all users.
The other controller is quite similar, just on another model.
trying to refactor a was reading about using a with_scope in an
around_filter.
this seems to work and the code gets a lot smaller. But it seems to be
a deprecated practice...
What is the "rails way" to accomplish this?
thanks.
one way would be to have a before filter that looked like
def get_user_to_edit
if @logged_user.has_role?("admin")
@user = User.find(params[:id)
else
@user = @logged_user.group.user.find(params[:id])
end
end