ACL involving database information
18 views
Skip to first unread message
Yury G. Kudryashov
Sep 26, 2011, 3:08:18 PM9/26/11
to cantango
Hi!
I need the following permissions model: a user _U_ can read item _I_
if there exists an event _E_ such that _U_ participates in _E_ and _I_
belongs to _E_.
The relations are:
* users habtm events;
* items habtm events.
Is there a standard way to achieve this with CanTango? Where can I
read some HOW-TO/tutorial?
I need the following permissions model: a user _U_ can read item _I_
if there exists an event _E_ such that _U_ participates in _E_ and _I_
belongs to _E_.
The relations are:
* users habtm events;
* items habtm events.
Is there a standard way to achieve this with CanTango? Where can I
read some HOW-TO/tutorial?
Kristian Mandrup
Sep 26, 2011, 5:33:00 PM9/26/11
to cant...@googlegroups.com
For such a complex scenario you need to use the block syntax, something like:
can :read, Item do |item|
item.events.any? {|event| event.user == user}
end
If the block returns true, the user gets the ability to perform that action.
This really has nothing todo with CanTango specifically but is just basic CanCan permission logic, so look there for more details.
Good luck!
Kristian
Reply all
Reply to author
Forward
0 new messages