0

I've got an application where the user can set up a folder to keep notes in. What I had previously was a hidden form field to store the id of the person who created it, i.e.:

<%=f.hidden_field 'user_id', :value => current_user.id %>

However, I now need to add a 'keyholder', who has read-only access to this folder. I have a list of links, which only appear if the user has added a folder, or the keyholder can set one up for them.

The keyholder is a regular user themselves, so the above code would only set up a folder with their own id, not that of the person whose account they are accessing. The keyholder has an 'access_id' that matches the user id of the the person whose account they can access.

How do I set it up so that the form is capturing the right user id?

What I'm trying to acheive is the following (this doesn't work, but might give a better idea of what I mean):

<% if current_user.access.folder.nil? %>
    <li><%= link_to 'Create a Folder',
        new_folder_path(:user_id => current_user.access_id) %></li>
<% end %>

And what would I need to change in the folder form partial to get it to accept this user id? Thanks!

ecs
  • 708
  • 1
  • 14
  • 33
  • Why are you keeping a hidden field of user_id? It doesn't seem necessary to me. – Catfish Mar 06 '13 at 18:36
  • Also, what doesn't work about it? Do you get an error? – Catfish Mar 06 '13 at 18:36
  • Because the folder needs to have which user it is associated to. The link itself takes me to the right page to set up a folder, but the user_id is set to the user, not the keyholder user who is trying to set it up in the other user's name. – ecs Mar 06 '13 at 19:39
  • so are you trying to have the keyholder create a folder for the user they have access to? I thought the keyholder had read-only access to said folder – boulder Mar 06 '13 at 20:06
  • They do, but they need to be able to create one too - long story to explain why! – ecs Mar 06 '13 at 23:34

2 Answers2

0

You'd better use an authorization gem such like cancan

scaryguy
  • 7,720
  • 3
  • 36
  • 52
0

I'm not sure i completely understand what you're trying to do, but rather than storing the user id in a hidden field. Just use <%= current_user.id %> on any page as it seems your doing.

Then depending on how your models are setup, just create a helper method to check access of the page that the user is on. I'm assuming your helper will check the params[:id] or params[:user_id] to get the current page.

Catfish
  • 18,876
  • 54
  • 209
  • 353