advice for structure and user access

Question

Ok so I have acl9 in place and functioning, and my app structure thus far:

Regions (which have) Locations (which have sales). Sales aren't important, basically just posts which will show on each location.

I also have Users, which integrated with acl9 can be restricted and allowed based on role.

What i need to to do is create companies and have users created for a given company only allowed access for regions and locations within that company. I will then need users that each company can create which only have access to the location they are given access to.

My question is, I'm not sure how to go about restricting a created user to a certain section dynamically. That is to say, the interface for the admin. I can imagine a few approaches, but looking for advice on the best one.

Answer 1

You could override the "has_role?" method for the user.

class User < ActiveRecord::Base
    def has_role?(role_name, obj=nil)
        # Your code
    end
end

If the object type is "Region" or "Location", you check the user's company and allow the access if the region is appropriate. Otherwise, you call "super". And let ACL9 retrieve it's default value.

It'd give you something like this :

class User < ActiveRecord::Base
    def has_role?(role_name, obj=nil)
        super unless obj.class == Region or obj.class == Location
        return company.region == obj if obj.class == Region
        return company.location == obj if obj.class == Location
    end
end

After it's only one implementation suggestion. There are almost an infinite number of them. And I never said it's the best one.