ruby on rails - Preventing / Validating the creation of child relationships before commit in Rails3 -


i'm trying prevent users creating relationship in 'has many through' association record doesn't belong them.

my users have many locations through location_users. , locations have many shops through location_shops. have things protected cancan.

class user < activerecord::base   has_many :locationusers   has_many :locations, :through => :locationusers   end  class location < activerecord::base   has_many :locationusers   has_many :users, :through => :locationusers   has_many :location_shops   has_many :shops, :through => :location_shops end  class shop < activerecord::base   has_many :location_shops   has_many :locations, :through => :location_shops end

and cancan abilities

class ability   can [:manage], shop, { :locationusers => {:user_id => user.id }}   can [:manage], location, { :locationusers => {:user_id => user.id }} end

i can handle creation / editing of locations via setup , users can view / edit own locations / shops.

the issue creation of these relationships.

if user posts location id doesn't belong them, relationship created regardless of whether have permission create it. granted, can't view relationship need prevent creation in first place.

eg, user single location id 314

>> user.last.locations.map(&:id) => [314]

when creating new shop, if alter params posted:

:shop=>{:shop_name=>"ye old shoppe", :location_ids => [1,2,3,314]}}

the above creates relationship 4 locations obviously. need validate location ids before creation of relationship.

the thing come adding before_add in model:

class location   has_many :location_shops   has_many :shops, :through => :location_shops, :before_add => :check_location_ownership end

is correct way go , if so, should :check_location_ownership like? or, there better way prevent creation of relationship?

although have done make sense, there 2 other ways can think of.

1) use :conditions option on has_many relationship.

2) custom validation method.

class location   has_many :location_shops   has_many :shops, :through => :location_shops   validate :check_location_ownership end

i choose 1 of these 3 depending on case.


Comments

Post a Comment

Popular posts from this blog

php - Wordpress website dashboard page or post editor content is not showing but front end data is showing properly -

Image
recently have uploaded wordpress site onto server. have uploaded wordpress site in sub-folder under root folder ../root(domain root folder)/wordpress (where host wordpress folder). now problem content data in page or post in dashboard of wordpress admin panel not showing - see image. but data showing in front view - see image. if not browser cache issue , not issue happened tinymce editor during upgrade; try add config file: define('concatenate_scripts', false);
Read more

How to get the ip address of VM and use it to configure SSH connection dynamically in Ansible -

i trying ip address of vm , trying use establish ssh vm. following script: --- - hosts: localhost become: yes connection: local gather_facts: false serial: 1 vars_files: - createvmvars.yml tasks: - name: gathering vm info. vsphere_guest: vcenter_hostname: "{{vcenter_hostname}}" username: "{{vcenter_username}}" password: "{{vcenter_password}}" guest: "{{guest_name}}" vmware_guest_facts: yes register: var - debug: msg="{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" - name: establishing ssh connection. script: /home/shasha/devops/scripts/ssh_configure.sh "{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" following content of ssh_configure.sh : #!/bin/sh ssh-keygen -t rsa ssh-copy-id $1 but when running playbook, getting following error while executing third task: error! 'var' undefined but debug module(second task) printin
Read more

javascript - Get parameter of GET request -

i make request: createxhrrequest( "get", fileurl, function( err, response ) { if( err ) { alert( "error get!" ); } alert(response); }); and full response: { "status" : "ok", "message" : "jvberi0xljqkjdduxdgkmy how can jvberi0xlj ? i try response.message , response["message"]. nothing works. just simple access this: var json = json.parse(response); json.message
Read more