Reputation: 12650
Limiting Select options for non admin users
I have an options select drop-down that currently selects all "Categories" from a database of questions. ie, there are 100 questions, and 5 categories, so each category has 20 questions.
If the current user isn't an admin, they're assigned a category.
How do I limit the select to only their assigned category questions?
I figure I can do this easily from the view, but wouldn't it be better to do from the controller/model?
Upvotes: 0
Views: 45
Answers (1)
Reputation: 417
This is most definitely something that is much better suited to the controller / model level. Doing security on the front-end is a big no-no in my book. You want something like this:
Controller:
@categories = Category.editable_by(current_user)
Model
def self.editable_by(user)
user.admin? ? all : scoped_to(user)
end
private
def scoped_to(user)
where(category_id: user.category_id)
end
Not sure what your schema is looking like... but something in that ballpark should do it.
EDIT: Not sure in this context, but scoped_to may need to be def self.scoped_to. I forget how it works with private scopes.
Upvotes: 2
Related Questions
- Rails options_from_collection_for_select display all users except current user
- Ruby on Rails - Filter records based on users selected options
- Option From collection for select and user roles
- Custom Filter for Active Admin
- rails admin customization of selects
- Rails - user selected filters
- RailsAdmin - Customizing your own filters
- Building a selectbox or filter in Rails
- Filtering out admins from members in Rails
- RailsAdmin filter by certain fields only