Scope Controller Model plugin

Plugin details

ScopeControllerModel plugin was created to DRY up controller and model logic when working a common data model pattern. Particularly, when access to model data is restricted to the current_user or their account.

Websitehttp://elctech.com/http://elctech.com/2007/8/10/scope-controller-model Repositoryhttp://svn.elctech.com/svn/public/plugins/scope_controller_model Author ELC TECHNOLOGIES Tags scope LicenseUnknown

Documentation

Install the plugin: 
ruby script/plugin install http://svn.elctech.com/svn/public/plugins/scope_controller_model

Supposing you have: 

class Invoice < ActiveRecord::Base
  belongs_to :account
end
class Account < ActiveRecord::Base
  has_many :invoices
end


In this circumstance, there are two models: accounts and invoices. We want invoices to be restricted to the account of the currently logged in user, but also leverage scaffold_resource to make our site building nice and snappy.

A scaffold_resourced default controller will make reference to @invoices = Invoice.find(:all); however, this returns all invoices when we only want the invoices for a particular user. Likewise, Invoice.create(param[:invoice]) creates an invoice and has an inherent insecurity that a user can overload form data to create the invoice into the account of their choice. Enter ScopeControllerModel: 

class InvoiceController < ApplicationController
  scope_controller_model :invoice, :conditions => { :account => Proc.new { |c| c.send(:current_user).account } }


This code snippit shows ScopeControllerModel being used to enforce a condition throughout all model find and create calls.

Further Documentation

There is currently no advanced documentation for this plugin.

New documentation

Edit plugin | (0 older versions) | Last edited by: hardway, 7 months ago