Skip to content

Commit

Permalink
project-permissions
Browse files Browse the repository at this point in the history 
How should this affect the permissions? Certain operations on the project should probably be restricted to its owner. We'll use the `owner_is?` helper (that Hobo provides for every `belongs_to` relationship) as it can save an extra database hit. So, edit these permission methods in the Project model:

SHOW_PATCH

Note that in the `create_permitted?` method, we assert that `owner_is? acting_user`. This is very often found in conjunction with `:creator => true`. Together, these mean that the current user can create their own projects only, and the "Owner" form field will be automatically removed from the new project form.
  • Loading branch information
@bryanlarsen @iox
bryanlarsen authored and iox committed Aug 12, 2013
1 parent d7470ae commit 4d7525b
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions app/models/project.rb
View file
Expand Up @@ -18,15 +18,15 @@ class Project < ActiveRecord::Base
# --- Permissions --- #

def create_permitted?
acting_user.administrator?
owner_is? acting_user
end

def update_permitted?
acting_user.administrator?
acting_user.administrator? || (owner_is?(acting_user) && !owner_changed?)
end

def destroy_permitted?
acting_user.administrator?
acting_user.administrator? || owner_is?(acting_user)
end

def view_permitted?(field)
Expand Down

0 comments on commit 4d7525b

Please sign in to comment.