DEVHIDE
Login Or Sign up

Enforcing restrict on current user by default

40 Views Asked by At

We're looking at the protector gem for attribute level security. I'd like to auto restrict all models to the current user by default so you have to explicitly unrestrict it instead of the other way around. So..

Article.find(3) # Is actually eq to Article.restrict!(current_user).find(3)

But finding it a little challenging to implement it without wrapping/proxying the model. Was wondering if anyone has done this or has an idea of how to implement that type of functionality.

ruby-on-rails protector
Original Q&A
1

There are 1 best solutions below

3
On

From the protector documentation:

Protector is aware of associations. All the associations retrieved from restricted instance will automatically be restricted to the same context. Therefore you don't have to do anything special – it will respect proper scopes out of the box

You need just to restrict the current User itself.

Related Questions in RUBY-ON-RAILS

Related Questions in PROTECTOR

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.