I'm creating a rails app requiring an ACL system to grant different
priviledges to users, but I have some doubts on how to structure it.
Right now I have three users: Administrator > Area manager > Employee
I'm able to distinguish between users and block certain actions or
controllers based on the role. What I don't get is how to manage in a
clean way situations where different kind of users access the same
action, but have to display and get different data from the database.
An employee has_many :documents , and in the index action of the
documents_controller I have to get HIS documents (something like
current_user.documents), but an area manager accessing the same action
has to get ALL the documents (Document.find(:all))
I can't think of a clean way to implement this avoiding conditions in
the controller like "if the user is a X, find(something) else
Thanks in adavance for your suggestions