How can I use Cancan permissions to filter the papertrail versions that I
retrieve for a timeline?
I have a few models with version changes I am tracking using Papertrail. I
want to pull out the version for a timeline view of recent activity, but
users should only see changes to models which they have permission to
view.
I use Cancan to control access to all areas of the app, and the Ability
class has all the business logic I need. However, it specifies the model
name e.g. Post in the rulesets, whereas PaperTrail uses the Version model
to store changes.
How can I (efficiently) tie the two systems together so that I can ask the
DB to only return Version models where the associated model is visible to
the user? I can do this by just getting the whole timeline of the whole
site and looping over it in Ruby, but this is not scalable and I need to
use scopes so that it happens in SQL.
No comments:
Post a Comment