I am referring to this wonderful post:
http://pivotallabs.com/users/nick/blog/articles/272-access-control-permissions-in-rails/comments
for creating access rules for my application.
So from my controller and views I am calling method in user model as:
@currentuser.topic_admin?(topic)
### User model has this method:
def topic_admin?(topic)
topic.can_admin?(self)
end
One solution would be to provide a guest user in the database that is returned by current_user when no-one is logged in, that enables you to give the guest user whatever roles you desire. Alternatively test @currentuser before calling topic_admin. As an aside I would suggest setting up @topic_admin true or false in controller rather than calling it from view, or even better if possible setup the data to be displayed in the controller/model and remove the logic from the view entirely.
Are there different types of Topic? If not then can_create? does not need to be given a topic. Make can_be_created_by? a class method rather than an instance method, so it is called by Topic.can_be_created_by?(user).
Colin
Its getting more complex than I thought..
May it will be easier to make 'can_de_*ted_by' methods as Class methods
and call them directly bypassing the user model 'can_*t[e]' methods.
However this gives less control over the topics and items. I also have
an index action, where in front of each topic name there
edit/update/delete actions. Many users may have 'topic admin' role,
however only the user who created particular topic should be able to
delete it...
Thanks,
CS.
Colin Law wrote:
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks