Permalink
Browse files

project-permissions

How should this affect the permissions? Certain operations on the project should probably be restricted to its owner. We'll use the `owner_is?` helper (that Hobo provides for every `belongs_to` relationship) as it can save an extra database hit. So, edit these permission methods in the Project model:

SHOW_PATCH

Note that in the `create_permitted?` method, we assert that `owner_is? acting_user`. This is very often found in conjunction with `:creator => true`. Together, these mean that the current user can create their own projects only, and the "Owner" form field will be automatically removed from the new project form.
  • Loading branch information...
bryanlarsen authored and iox committed Jun 3, 2013
1 parent d7470ae commit 4d7525bb3c626b6555e7eb35e7c95ed6b8bd9661
Showing with 3 additions and 3 deletions.
  1. +3 −3 app/models/project.rb
View
@@ -18,15 +18,15 @@ class Project < ActiveRecord::Base
# --- Permissions --- #
def create_permitted?
acting_user.administrator?
owner_is? acting_user
end
def update_permitted?
acting_user.administrator?
acting_user.administrator? || (owner_is?(acting_user) && !owner_changed?)
end
def destroy_permitted?
acting_user.administrator?
acting_user.administrator? || owner_is?(acting_user)
end
def view_permitted?(field)

0 comments on commit 4d7525b

Please sign in to comment.