-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
67 lines (42 loc) · 2.07 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
ActsAsRestricted
================
Restrict read/write access to your active record classes via named scope
so you can use your models exactly as normal but add a restricted method/filter:
Message.restricted.find(:all)
and all instantiated objects from the find should be tainted as restricted objects so you can also restrict writes to that data.
Preamble
========
TODO
====
Need to add restricted writes back in on instantiated restricted objects, this was lost after a rewrite to move to named_scope since rails 2.1
Example
=======
install plugin
add the following line to your class:
acts_as_restricted :read => true, :write => true
the options instruct whether to restrict access to read or write, by default both are set to true.
Also by default acts_as_restricted will restrict all access.
you can set specific conditions for reading and writing in the class by optionally adding these functions:
this example is from my project currently using the plugin and restricts read/write access to messages and received messages.
acts_as_restricted :read => true, :write => true
todo: restricted writes to be added back in..
def self.restricted_condition
if current_user
"sender_uid = #{current_user.id} or message_recipients.recipient_uid = #{current_user.id}"
else
ActsAsRestricted::SQL_NO_ACCESS # actually this is just "0"
end
end
def self.restricted_join
"LEFT OUTER JOIN message_recipients ON message_recipients.message_id = messages.id"
end
def self.restricted_select
"messages.*"
end
Both default_condition and default_join allow you to add conditions or joins to finders with scope and keep all existing joins etc intact.
the current_user function is also made available and grabs from the current thread:Thread.current['user']
the plugin allows you to limit data retrieved, you completely restrict, or return subsets of data. You can also control writes to data (including create)
Examples
========
>> Thread.current['user'] = User.find_by_id(1)
Copyright (c) 2008 [Stephen Strudwick], released under the MIT license