How can I restrict records by user accounts as a default_scope, or better solution?

rubyonrails-talk
1

I currently have two models, “User” and “Report”. I want to find out the best way of restricting reports from certain user groups.

Given the following three groups…

  • General Manager

  • Store Manager

  • Employee I would like to restrict the users from seeing certain reports.

  • General Manager can see all reports - no restrictions

  • Store Manager can see their reports and all employee reports

  • Employee can see only their own reports

I’ve currently been restricting access by basically “if” statements in the partials, but it seems like only a matter of time before one of these fails (by my own logic). So the idea came to me to try and set the “default_scope” based on what role the user has… To my knowledge it doesn’t work this way though. What would be the equivalent of this though? Or is there a better idea? Thanks!

2

default_scope is a global scope. Several times I have used default_scope thinking it is a good idea but every time I have regretted it and had to remove it and find all the queries and put the scope in manually. My advise is don't use default_scope.

For your problem you could use a parametrised scope that is given a role and returns the appropriate records. So you could say something like @reports = Report.by_role(current_user.role) though having looked again I see that you also want to include the users own reports, in which case pass the user to the scope and do all the logic in there, so @reports = Report.visible_to_user(current_user) That line would probably be in the controller.

Colin