I have found lots of answers on StackOverflow but i'm kinda stuck on this one
I'll try first to describe with words what I have to do:
I have multiple applications, each application can have one or multiple profiles (one to many).
I also have users, who have access to each applications through the different profiles. Each profile can have multiple users (many to many).
up to here no problem, i can get all profiles a user has been granted.
However, the difficulty here is that for each profile coming from an application, the user has a username, specific to each applications. When i see the details of a user, i want to see a list of all the profiles he's in together with the username he has been assigned for each application...
I'm sure there an easy way to do this with rails, as usual, but i can't seem to find it. How would you do this ?
So to make sure I've got this: an Application can have many Profiles, and Users can have many Profiles. So this isn't a simple many-to-many relationship between Application and User because the Profile is a first-class object.
Rails handles simple many-to-many relationships with the has_and_belongs_to_many (HABTM) association, declared on the models on both ends. What's in the middle is unimportant and merely serves to join (relate) the two models.
Your case is more fun. Your many-to-many is described in Rails as "has_many :through", and I think your case is a very good example of such a case. In this case, Application and User each have many of the other through the Profile model. Profile isn't there just to link the two, it holds username, and probably many other details of the User's relationship with his/her Applications.
Start with this excellent guide which should show you how (and why) to choose has_many :through and how to get it all modeled and set up. This is (as you suggest) one of the absolutely brilliant capabilities of Rails.
I hope this is helpful.
Related
I have the following entities:
Chat, User with a ManyToMany relationship between them.
Now I want to introduce Scopes (as a permission system), which means that Users have Scopes but they are only valid in a Chat, not globally.
I‘d image a linking table like:
user_chat_scopes (chat_id, user_id, scope_id)
How would I set this up?
Essentially when I have a Chat, I want to get the Users and their Scopes.
Or if I have a User, I want to be able to get their Scope for a Chat.
Thanks in advance. I‘m on mobile so I can‘t paste my typeorm Models here efficiently but I‘m also interested in a solution the way databases are designed. I can get it done in typeorm myself then :)
First to say is I did research, this question has already been asked on SCN, but has no answer there. I also tried to google, but after an hour I surrenderd.
I have two entities, Userand Project. There are two association between them: One is 1:n saying who the owner of the Project is. But there is a second one, the one saying who(which User) candidates for which Project.
What I also can do is creating the entity in between, called Candidation. I allready definded the associations CandidationToUser and CandidationToProject.
Now can I define such a many to many relation directly without the Candidation in between? And after that, how can I implement it? I want to have a UserSet on the Project and a ProjectSet on the User. With the Candidation in between I only have a CandidationSet on both User and Project
I'm developing an application that will be used by teachers to manage student assignments and submissions. However, different schools have different standards for assignment submissions, grades, what students should and shouldn't be able to do. As such, I was looking to implement some flexible role management functionality into my application so that the teachers can decide exactly what privileges the user should and shouldn't be able to perform.
One quick solution to this might be to simply add some boolean fields to my User model that the teachers can manipulate by way of check-boxes and run a before_filter on the pertinent controller actions. Alternatively I could move the role definitions to a separate model belonging to the teachers and run the before_filter on that.
Before I try to implement either of those solutions I was wondering if there were any gems or plug-ins that already handle flexible user-managed role definitions?
Just as a side-note I'm using Devise for my authentication if that means anything.
I found this gem quite useful. https://github.com/EppO/rolify
And it has a way of easy integration with Devise and CanCan https://github.com/EppO/rolify/wiki/Tutorial
We are building a webapplication which uses a database. Also we use an object relational mapper to access the database. One aspect of authorization in the webapplication is that the user may access an object referred to by an URL. The URL contains a unique id (for example the Primary Key) to a specific record in the database. Consider the following example.
a user may belong to many groups and a group may have many users (many-to-many).
a survey belongs to a group (many-to-one).
a survey may have multiple questions. (many-to-one).
Say we have the following URL: http://app.local/question/edit/10. This means we want to edit question with PK 10. Now, we want to verify if the logged in user may access question with PK 10. This can be done by retrieving this question, then it's survey then it's group and then all its users. If any of the users is the same as the logged in user the logged in user may access the question.
To generalize this a bit; we want to check if a record is reachable from another record by the known many-to-one or many-to-many relations. So if there is a many-to-one relation (like with a survey and a question then we should check if a user is reachable from the question through the survey and then through the group. The group has a many-to-many relation with the user so we should check if any (not all) of the users is the same as the logged in user.
If a table has multiple many-to-one relations, say; we can attach a CSS template to a survey and this template also belongs to a group then we have to check if a user is reachable from all many-to-one relations (thus the group and the template). The same holds of course for multiple many-to-many relations.
Are there Object Relation Mappers which support this behaviour? And what is this behaviour called, maybe reachability? Does Propel (for PHP) support this behaviour? I think this reachability can be done in any of the following two ways:
Execute a query to get each "parent", uses many queries)
Join all necessary tables to see if a record exists (the reachable users matches the logged in user) in one query.
Furthermore this behaviour of the ORM should support nested sets, thus if a group contains nested set behaviour it should also try to reach a user through the group's parent.
I don't think this kind of behaviour should be restricted to authorization; objects should simply be able to see if they can reach another object.
Note that I do not mean persistence by reachability: http://jpaobjects.sourceforge.net/m2-site/main/documentation/docbkx/html/user-guide/ch08s03.html.
Or... am I simply looking at this authorization wrong and is there a far better and different approach with an ORM?
I've handled this in the past using nested resources in Ruby on Rails (which uses the Active Record ORM). Rather than http://app.local/question/10/edit, the URI would be http://app.local/survey/5/questions/10/edit
In the controller you load both the question and survey. You check authorization by comparing the survey to the authenticated user's group memberships. One way to engineer this would be to embed this logic into the User class. For example, in the controller you have question and survey (and the relationship between the two is well understood by the ORM, i.e. question.survey). You could then check access as user.hasAccess?(question), which would be a relatively easy method to write. Pseudocode:
class User < ActiveRecord::Base
def hasAccess?(question)
return question.group.users.include?(self)
Yes, this will result in several queries behind the scenes, but ORMs do the work. I do it this way because you're left with solid schema and easy to read code. Don't optimize until you actually have a performance problem.
I've got different roles on my RPG website. Each user can have many roles and based on this can access features. Let's say for instance a user is a teacher and director, he should access a page to manage his subjects and another to manage all the website.
Some people have more than 5 roles and it becomes really awkward to have 5 links to each office in the header. How can I have an action to include others based on roles ?
In fact, I want to show all the offices available for a user on a unique page including offices managed by single actions. How is this possible ?
Thank you in advance !
PS: Actions are in different controllers
If I got you right.
I think it sounds like a user's privilege problem. If it is, I recommend Ryan's gem "CanCan". It's super easy to use.
CanCan
And its Railscast: #192 Authorization with CanCan
Make a chain of command, with role-weights. The heaviest role merges a lot of somehow related small ones.
Try the Cancan gem which has a way of constraining database operations based on roles.
Example from docs:
#articles = Article.accessible_by(current_ability)