tags:

views:

33

answers:

3
+1  Q: 

Rails: editable/non-editable field depending on user permissions

I'd like to display a single form in which each user can edit different fields.

Currently, the code looks like this:

<% if can? :update, item %>  
` <%= f.text_field :title %>
<% else %>
  <%=h f.object.title %>
<% end %>

I can package this in a series of helpers (one for each field type) but I also have to check in the controller whether the user can update all submitted fields (in case a malicious user tries to submit fields he is not authorized for).

Is there a cleaner pattern in rails for this type of task? Ideally, I would like to define these access permissions in the model and have the changes propagate to controller and view.

Edit:

Using the readonly tag is not a viable option; It doesn't take care of validations and replaces the view logic with lots of CSS. Not the best trade-off.

A: 

You can make them readonly

<%= f.text_field :title, :readonly=> (can? :update, item)? true : false %>
Salil  2010-07-05 14:23:22
It's just cosmetics; It depends whether you prefer writing lots of CSS (to style readonly controls as if they were plain text) or prefer some extra logic in the view.And it doesn't address the issue of controller-side validation.
shmichael  2010-07-05 14:27:26
A: 

Take a look at the acl9 plugin for authorization .

NM  2010-07-05 14:40:44
As far as I could see, it's no different than declarative authorization or cancan: I still have to implement all the various logics in the controller/view.
shmichael  2010-07-06 07:05:35
Yes . I realized that you are already using a autorization framework. I guess there is no escaping the condition checks in the controllers .
NM  2010-07-06 07:23:53
A: 

I dont belive theres any way to solve this with a plugin, the only option would be to change the controller code to:

@model=Model.new
@model.field = params[:model][:field] if can? ....
@model.save
Arcath  2010-07-14 11:27:17

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.