Hobo Cookbook

View Source

Question: Question I've got a model that belongs to a user. How do I get it so users can only see their owned models?

Markdown Asks kevinpfromnm
Hi,

I am still new to hobo and loving it. But I have come unstuck and cant
find an answer so I was hoping someone could help.

I have a user, contract, smartcard and device models. What I want to
do is allow a user to login and only see their contract, device and
smartcard. But, I cant figure out how to make it happen. Each user can
login and see all contracts, smartcards and devices which is not what
I want.

The relationships are:

User

has_many :contract_assignments, :dependent => :destroy
has_many :contracts, :class_name => "Contract", :foreign_key => "owner_id"
has_many :contracts, :through => :contract_assignments

contract

belongs_to :owner, :class_name => "User", :creator => true
has_many :smartcards, :dependent => :destroy
has_many :devices, :dependent => :destroy
has_many :contract_assignments, :dependent => :destroy

smartcard
belongs_to :contract

device
belongs_to :contract

I just added this in user:

has_many :contracts, :class_name => "Contract", :foreign_key => "owner_id"

to see if i could get it to work as per the agility recipe. How do I
go about getting this to work?

Help would be truly appreciated.

Discussion

  • In answer to I've got a model that belongs to a user. How do I get it so users can only see their owned models?
    kevinpfromnm Says:

    First step, modify the permissions on the contract model so that only the owner (and maybe admin depending on your needs) can view the model.

    def view_permitted?(attribute)
  owner_is? acting_user or acting_user.administrator?
end

    This will keep anyone from admins and the owner from being able to see it’s there.

    If you leave it here though, the pagination will be confusing for the user as the controller will grab every record and then the view will only show the one’s that are owned. Instead, you can do one of two things. Either have the index view be an owned action (see hobo manual for more info) or change the index action to select only the current user’s contracts.

    If you redefine the action, you’ll end up with something like this:

    app/controllers/contracts_controller.rb

    def index
  hobo_index current_user.contracts
end

    Basically, passes the current_users contracts association to hobo_index for proper pagination.