My Project Model looks like this:
# == Schema Information
# Schema version: 20101117094659
#
# Table name: projects
#
# id :integer not null, primary key
# name :string(255)
# description :string(255)
# designer_id :integer
# client_id :integer
# notified :boolean
# created_at :datetime
# updated_at :datetime
# user_id :integer
#
class Project < ActiveRecord::Base
belongs_to :user
has_many :stages
has_many :uploads
has_many :comments
end
The Projects Controller looks like this:
class ProjectsController < ApplicationController
filter_resource_access
# GET /projects
# GET /projects.xml
def index
@projects = Project.all
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @projects }
end
end
# GET /projects/1
# GET /projects/1.xml
def show
@project = Project.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @project }
end
end
# GET /projects/new
# GET /projects/new.xml
def new
@project = Project.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @project }
end
end
# GET /projects/1/edit
def edit
@project = Project.find(params[:id])
end
# POST /projects
# POST /projects.xml
def create
@project = Project.new(params[:project])
respond_to do |format|
if @project.save
format.html { redirect_to(@project, :notice => 'Project was successfully created.') }
format.xml { render :xml => @project, :status => :created, :location => @project }
else
format.html { render :action => "new" }
format.xml { render :xml => @project.errors, :status => :unprocessable_entity }
end
end
end
# PUT /projects/1
# PUT /projects/1.xml
def update
@project = Project.find(params[:id])
respond_to do |format|
if @project.update_attributes(params[:project])
format.html { redirect_to(@project, :notice => 'Project was successfully updated.') }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @project.errors, :status => :unprocessable_entity }
end
end
end
# DELETE /projects/1
# DELETE /projects/1.xml
def destroy
@project = Project.find(params[:id])
@project.destroy
respond_to do |format|
format.html { redirect_to(projects_url) }
format.xml { head :ok }
end
end
end
When a user logs in, and goes to clicks ‘View all projects’ which links to the index action of the projects controller, I want them to only see the projects that they are allowed to see.
The index view of the projects controller looks like this:
<h1>Listing projects</h1>
<table>
<tr>
<th>Name</th>
<th>Description</th>
<th></th>
</tr>
<% @projects.each do |project| %>
<tr>
<td><%= link_to project.name, project %> | </td>
<td><%= project.description %> | </td>
<% if permitted_to? :edit, @project %>
<td><%= link_to 'Edit', edit_project_path(project) %></td>
<% end %>
<% if permitted_to? :destroy, @project %>
<td><%= link_to 'Destroy', project, :confirm => 'Are you sure?', :method => :delete %></td>
<% end %>
</tr>
<% end %>
</table>
<br />
<% if permitted_to? :create, Project.new %>
<%= link_to 'New Project', new_project_path %>
<% end %>
I don’t want you to do this for me, but could you walk through with me what I would need to do. i.e. do I need to add new columns to the tables, or do I create a new table and create a join between that new table and my users and projects model & tables?
Another thing to keep in mind, I have four major models that I want personalized to each user. Projects, comments, uploads, stages.
Oh, and I have a superuser that I want to be able to view all projects/comments/stages/uploads per user (both on a granular level, and on a high-level).
Would love to hear your thoughts.
Edit: Also, if you could possibly point me in the direction of some reading material that might help me with this entire process – I would really appreciate that.
You need to add in your User model :
And this should to the trick :
It will work if you have a current_user method of course. Otherwise it’s equivalent to (although I’m sure you don’t want to pass the user_id) :
You should really read the rails tutorial book or the rails guides