Posted by Tom on 2006-12-27
I’ve posted another demo – this one is a simple to-do list app (see the Demos section). The app took about 10 - 15 minutes to create, which includes figuring out the (minimal!) design.
This demo illustrates a little more of what you can do with the permission system. Each to-do list has a
public? attribute. Public lists can be viewed by any visitor to the site, whereas private lists can only be viewed by the owner of the list. Here’s a couple of fragments from the
TodoList model that show how we set this up:
class TodoList (fragments)
belongs_to :user has_many :tasks def viewable_by?(viewer, field) viewer == user or public? end
Clearly we want this view permission to carry over to the individual tasks in the list. First we define
owner methods on the
class Task (fragments)
todo_list and todo_list.user end def public? todo_list and todo_list.public? end
The owner of a task is the owner of the to-do list it belongs to, and a task is public if it belongs to a list and that list is public. Note that the implementation of these rules is no longer than the descriptions I’m giving in English. Now we can define view permission for the task:
class Task (fragment)
def viewable_by?(viewer, field) viewer == owner or public? end
Run up the demo and have a look at the way these permissions effect the user-interface, as seen by a guest user, a signed in user, and the administrator (to create the administrator, just sign up as “admin”). Are there any holes? You might notice that the front page gets a little out of whack. This is because at the moment there’s no way to count the number of public to-do lists, or, say, fetch the first three public lists. That would have to be coded manually.