I have a very similar question. For any given users I can determine
user.accessible_foo_ids
or
user.non_accessible_foo_ids
As such a user should have permissions on an object with foo_ids if the object's foo_ids do not intersect with the user's non_accessible_foo_ids, so something like:
has_permission_on :object, :to => :CRUD do
if_attribute :foo_ids => does_not_intersect_with { user.non_accessible_foo_ids }
end
Of course there is no "does_not_intersect_with" method. Is there another logical way to express that relationship that ALL object.foo_ids need to be in the user's foo_ids?
As far as I know does_not_contain / does_contain and is_in / is_not_in all compare a single value with an array, but in this case we're dealing with the relationship of two arrays.
Any help would be greatly appreciated.
I don't think any of the existing permission rules works for a case like this one.