If_attribute with declarative permission

Question

If_attribute with declarative permission

I have a many-to-many relationship: The user has several organizations through branches and vice versa.

I use declarative organizations, and I want the user to edit a specific organization if it is affiliated, and the affiliationtype attribute of the membership is a specific value.

Thus membership has 3 columns, user_id, organization_id and affiliationtype_id

I can do:

o = Organization.find(:first) o.affiliatons[0].user and get the user

Now I want to do this:

 has_permission_on [:organizations], :to => :edit do if_attribute (...) end

This if_attribute should see if the current user is an organization. Affiliate [?]. user and if organization. affiliate [?]. affiliationtype_id = "3"

Hope this is a syntax problem ... I really need to get this work to work.

+7

ruby-on-rails declarative-authorization

Victor martins Mar 13 '10 at 19:41

source share

1 answer

nanda · Accepted Answer · 2010-03-13T21:01:28+0000

EDIT:

You can limit the join type intersects_with (& block) :

  has_permission_on [:organizations], :to => :edit do if_attribute :affiliations => intersects_with { user.affiliations.with_type_3 } end

Why not create named_scope to find the affiliationtype_id = 3 affiliation?

From declarative authorization :

To reduce redundancy in has_permission_on blocks, a rule may depend on permissions on related objects:

 authorization do role :branch_admin do has_permission_on :branches, :to => :manage do if_attribute :managers => contains {user} end has_permission_on :employees, :to => :manage do if_permitted_to :manage, :branch # instead of #if_attribute :branch => {:managers => contains {user}} end end end

If_attribute with declarative permission

More articles: