I have a many-to-many relationship like this: A user has_many organizations through affiliations and vice-versa.
I'm using declarative organizations and I only want a user to edit a particular organization if he is affiliated and the affiliationtype attribute of affiliation is a particular value.
So affiliations has 3 columns , user_id, organization_id and affiliationtype_id
I can do:
o = Organization.find(:first)
o.affiliatons[0].user and get the user
now I wish to do this:
has_permission_on [:organizations], :to => :edit do
if_attribute (...)
end
That if_attribute should see if the current user is the organization.affiliation[?].user and if the organization.affiliation[?].affiliationtype_id = "3"
I hope this is syntax issue ... I really need to get this working.
EDIT:
You can restrict the type of affiliation with intersects_with(&block) :
has_permission_on [:organizations], :to => :edit do
if_attribute :affiliations => intersects_with {
user.affiliations.with_type_3
}
end
Why not create a named_scope to find affiliations whose affiliationtype_id = 3?
From declarative_authorization documentation:
To reduce redundancy in has_permission_on blocks, a rule may depend on permissions on associated objects:
authorization do
role :branch_admin do
has_permission_on :branches, :to => :manage do
if_attribute :managers => contains {user}
end
has_permission_on :employees, :to => :manage do
if_permitted_to :manage, :branch
# instead of
#if_attribute :branch => {:managers => contains {user}}
end
end
end