1

I have a scenario where I generate reports from certain ActiveRecord models.

I have multiple roles in the application. Depending on the roles, I want to show or hide certain columns. The thing is as the number of screens/pages increase, keeping a track of these can be become a nightmare.

Is there a way in Rails, where, I can stop returning values for certain columns depending on certain conditions. For e.g. I will the object returned from a ActiveRecord.Where will have data for some columns masked depending on User's role.

mihirg
  • 915
  • 2
  • 13
  • 28

2 Answers2

1

You can do that using active record select method. Select only those attributes which current user role can access and pass to view.

For this you can create array of accessible feilds for paticular role in your initializer. For this create a initializer.rb file under config/initializers/. Add code something like:

ADMIN = ['feild1', 'feild2'..., 'feild10']
MANAGER = ['feild1', 'feild2'..., 'feild5']
USER = ['feild1', 'feild2', 'feild3']

in your action write code something like :

Model.select(eval(current_user.role.upcase))

In view you need to check if attribute exist in your retured activerecord or not. Otherview you will get ActiveModel::MissingAttributeError: for this:

object.has_attribute? 'att_name'

Or you can rescue it with nil

object.att_name rescue nil
Dipak Gupta
  • 7,321
  • 1
  • 20
  • 32
0

I literally just wrote an answer about this - you'll probably benefit from it.

Model

It seems that if you want to return specific ActiveRecord data, there are certain ways to limit the attributes the class builds. More specifically, you can make certain methods "private" - preventing your model from returning them.

Although I'm not 100% sure on this, I can say that there are two "levels" to your question -- the database data & the model's construction. Although I don't have anything for the ActiveRecord side of things, the model can "privatize" certain attributes, preventing them from being available in other parts of your app.

enter image description here

A Rails model is a class - populated with attributes. This means you should be able to control which attributes are available by the Role your user is part of:

#app/models/role.rb
class Role < ActiveRecord::Base
   #columns id | name | attributes | created_at | updated_at
   #"attributes" can be used to assign an array
   has_many :users, inverse_of: :role
end

#app/models/user.rb
class User < ActiveRecord::Base
   belongs_to :role, inverse_of: :users

   role.attributes.each do |attr|
      private attr.to_sym
   end
end

This will override the attributes pulled from the db, allowing you to determine which ones are available.

Of course, a very rudimentary procedure.

--

ActiveRecord

The best way around this will be to use ActiveRecord to specifically select the attributes / columns you want. To do this, I'm not sure of the absolute best way, but perhaps using a default_scope would be beneficial:

#app/models/user.rb
class User < ActiveRecord::Base
   belongs_to :role

   def attributes
     case role_id
       when "1"
         attrs = []
       when "2"
         attrs = []
       when "3"
        attrs = []
     end
   end
   default_scope (select: attributes)
end

Again, pretty rudimentary. I'd be interested in seeing a more integrated way of doing this.

Community
  • 1
  • 1
Richard Peck
  • 76,116
  • 9
  • 93
  • 147