Hi all!
I have the following situation:
class User < ActiveRecord::Base belongs_to :customer end
class Customer < ActiveRecord::Base has_many :events end
Now, I want to access all customer events from my user, so I added delegate :events, :to => :customer
This works great, but I would like to enforce some access control over my objects and would like to do this in the user model and not in a lot of places inside controllers. Normally, a user should only be able to CRUD his/her own events, but an admin should be able to access all. The following I tried in the User class:
alias real_events events def events if is_admin? then Event.find(:all) else real_events end end
This works great for a normal user, since in controllers, I can do something like current.user.events.find(1). The problem however is that a real Array is returned when current_user.is_admin? and not a association proxy. When calling find() on a normal array, a block is expected.
Is there a way to overcome this issue or to structure it in a different way?
Thanks!
Wouter