Ruby on Rails

Have you been looking at CanCan?

I've implemented a similar situation with CanCan. It will not cover your needs for 100% but it will do a lot.
 

Op donderdag 21 februari 2013 00:56:53 UTC+1 schreef Tim Uckun het volgende:

I have the following scenario.

Users have various levels of ability.  They can only view and edit
their own records (their profile).  Their managers can only view and
edit their employees records. The regional managers can view and edit
only the people in their regions and the corporate headquarters can
view and edit all records.  There are multiple regions  so somebody
can be the manager of the north region and somebody is the manager of
the south region. They both have the role of "regional manager".

Of course this also applies to any of the child relations as well
(addresses, phone numbers etc).

I am struggling with a clean way to write a controller which would
only show the records they have the right to on the index method. I
want to avoid silly and complex case statements  and I also want avoid
roles like "regional manager north".

I figure somebody here has run into this problem.  What is the most
elegant way to solve this problem.

Cheers.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/AcPwpZUGr6cJ.
For more options, visit https://groups.google.com/groups/opt_out.