tags:

views:

45

answers:

2
Q: 

Restrict access to some model items in Rails 3

I have Post model with published? field and some authorization system which defines admin? method inside ApplicationController.

I want to restrict access to unpublished posts and show them only to administrator.

I tried to define a scope accessible to return only published posts to users, but all posts for administrator.

scope :published, where(:published => true)

def self.accessible
  admin? ? all : published
end

The problem is that admin? method can't be accessed inside the model. What is the best way to implement what I want?

+1  A:  
# option 1
class Post < ActiveRecord::Base
  def self.accessible_to user
    user.admin? ? all : published
  end
end
class PostsController < ApplicationController
  def index
    @posts = post.accessible_to current_user
  end
end

# option 2
class Post < ActiveRecord::Base
  def self.accessible is_admin
    is_admin ? all : published
  end
end
class PostsController < ApplicationController
  def index
    @posts = post.accessible admin?
  end
end
Justice  2010-08-09 18:54:07
Good for applications with multiple users, but I don't have any registered users except me as administrator. I will search for prettier solution.
Semyon Perepelitsa  2010-08-09 19:04:45
A: 

One way, but not so abstract.

def self.published_unless(condition)
  condition ? all : published
end

Post.published_unless(admin?)
Semyon Perepelitsa  2010-08-09 19:10:57

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.