a "User" has_and_belongs_to_many "Roles"
a "Role" has_and_belongs_to_many "Rights"
how can i relate Users and Rights? i would like something like
@user.rights
i know it can be done via SQL, but i don't know if there is a more
rails-way to do this.
any suggestion?
thanks.
What do you mean by how to relate them? As you have defined it then
if you have a user, @user, then @user.roles will give you an array of
roles and @user.role[0].rights will give you an array of rights for
that role.
private
def self.scope_hash_for_user(user)
case (user.role rescue nil)
when :admin
# see everything
when :client
# see nothing
{ :conditions => ["1 = 0"] }
when :customer_admin
# their company and below
{ :conditions => ["groupable_entities.id IN (SELECT company.id
FROM groupable_entities AS company
WHERE company.id in (?))",
user.company.self_and_descendants_ids] }
when :customer
# their company
{ :conditions => ["groupable_entities.id IN (SELECT company.id
FROM groupable_entities AS company
WHERE company.id = ?)", user.company.id] }
else
raise Aegis::PermissionError, "Unknown role"
end
end
In the controller I can call Model.for_user(current_user) to return
the items they are permitted to see, and combine it with Aegis for
permissions-checking on specific instances of objects in controllers
and views. Speaking to the developers of Aegis, they're hoping to
introduce some named-scope permissions method in their next release,
but depending on the timescale, I might look to see if CanCan handles
the problem better.