Plugins - Scoped Access
Add to favoritesIf you have a bunch of methods in your controller that should all have scoping applied to the model interactions, this is the plugin for you.
Here’s an example:
class Account < ActiveRecord::Base
has_many :pages
end
class Page < ActiveRecord::Base
belongs_to :account
end
class PageController < ApplicationController
before_filter :login_required
around_filter ScopedAccess::Filter.new(Page, :mine)
protected
def mine
{
:find => { :conditions => ["user_id = ?", session[:user_id] },
:create => { :user_id => session[:user_id] }
}
end
public
def list
@pages = Page.find(:all)
end
...
end
So, all the Page find and update methods will be scoped with the ID of the currently logged-in user. This makes it incredibly easy to implement access controls in multiple-user applications.
Check out the home page for more coolness this plugin provides.
http://habtm.com/articles/2006/02/22/nested-with_scope
http://wota.jp/svn/rails/plugins/trunk/scoped_access/
Model
The above comment is misleading. The changeset doesn't provide a default scope for the model (like this plugin), but allows you to scope a given block. eg. in the above example, any call to Page.find within PageController will be scoped.
This has been incorporated into Rails: http://dev.rubyonrails.org/changeset/3671