I therefore add a before_filter and implement the before_filter
function.
def load_for_view
@customer = Customer.find_by_id(params[:id])
end
All ok so far.
If I have access to the customer id (via the url for example) and then
modify this value I expect ACL9 to restrict my access to this object
(ie might belong to another user). If I put in another customers
number that does not exist, the find will return a nil. This then gets
passed to the has_role method but follows the route that performs the
check on the role only. What I want is for the behaviour to be the
same as if I was making a request for access to a customer that
belongs to someone else.
What I can do is do the check in the method ie view but it would be
good if I can trap this in the has_role
Any ideas
Thanks
To unsubscribe from this group, send email to acl9-discuss+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
def has_role role, obj=nil
return false if obj.is_a(Customer) and obj.blank?
super role, obj
end