Idea: specify permissions in the field's declaration?

4 views
Skip to first unread message

Scott Bronson

unread,
Jan 9, 2009, 7:27:35 PM1/9/09
to hobousers
I must say, I really like Hobo's new permission system.  That said, I don't find the following very readable...

def update_permitted?
  return false unless owner_is? acting_user
  none_changed? :address, :city, :zipcode
end


It also gets unwieldy if you're passing lots of fields to none_changed.

What about putting the permissions into the field declaration itself?

fields do
  address :string, :except => :update
  city :string,    :except => :update
  zipcode :string, :except => :update
end

def update_permitted?
  owner_is? acting_user
end

This would be totally optional -- the restrictions would be in addition to those imposed with the current permission system.


You could have some helpers to make it even more readable:

fields do
  name :string,   :read_only
  avatar :string, :owner_only
  pingid :string, :only => [:create, :destroy]
  perm :string,   :except => :delete
end

Does this make sense?  It seems like it would help dry out my models quite a bit.

   - Scott

Paul Howson

unread,
Jan 10, 2009, 3:03:21 PM1/10/09
to Hobo Users
That definitely makes it easier to understand; and it's more in
keeping with the way you declare controller actions, which might make
it easier to remember.

Paul

Tom Locke

unread,
Jan 12, 2009, 5:17:31 AM1/12/09
to hobo...@googlegroups.com
> I must say, I really like Hobo's new permission system. That said,
> I don't find the following very readable...
>
> def update_permitted?
> return false unless owner_is? acting_user
> none_changed? :address, :city, :zipcode
> end

Not readable? What do you want man, natural language?? : )

You can also use attr_protected and attr_readonly, e.g.

attr_readonly :address, :city, :zipcode

In general, the permission method only needs to be concerned with
stuff that changes according to the current user and stuff in the
database. For fields that are *always* protected, use attr_protected/
attr_accessible/attr_readonly.

I really like this idea:

> What about putting the permissions into the field declaration itself?
>
> fields do
> address :string, :except => :update
> city :string, :except => :update
> zipcode :string, :except => :update
> end

Except I think it should be a shorthand for protected / accessible /
readonly.

e.g.

address :string, :readonly

You could give :readonly, :protected or :accessible.

It would be an error to use both :accessible and :protected on the
same model (just as it is to use both attr_protected and
attr_accessible on the same model)

Like?

Tom

Scott Bronson

unread,
Jan 14, 2009, 6:39:57 AM1/14/09
to hobo...@googlegroups.com
On Mon, Jan 12, 2009 at 2:17 AM, Tom Locke <t...@tomlocke.com> wrote:
>> What about putting the permissions into the field declaration itself?
>>
>> fields do
>> address :string, :except => :update
>> city :string, :except => :update
>> zipcode :string, :except => :update
>> end
>
> Except I think it should be a shorthand for protected / accessible /
> readonly.
>
> e.g.
>
> address :string, :readonly
>
> You could give :readonly, :protected or :accessible.
>
> It would be an error to use both :accessible and :protected on the
> same model (just as it is to use both attr_protected and
> attr_accessible on the same model)
>
> Like?

Love. Should I open a ticket?

Tom Locke

unread,
Jan 14, 2009, 10:26:25 AM1/14/09
to hobo...@googlegroups.com
> Love. Should I open a ticket?

Sure. And stop calling me Love : /

Tom

Scott Bronson

unread,
Jan 14, 2009, 12:53:48 PM1/14/09
to hobo...@googlegroups.com

http://hobo.lighthouseapp.com/projects/8324-hobo/tickets/370-declare-permissions-directly-in-field-declarations

And my name is not Sure!

- Scott


(mad points to anyone who can name the movie)

solars

unread,
Jan 14, 2009, 12:59:27 PM1/14/09
to hobo...@googlegroups.com

idiocracy!

Reply all
Reply to author
Forward
0 new messages