
Francisco Quinones
Joined
Activity
Posted in filter child record by the parent.
Info: My models and association. I got a ServiceUser ( Manager ) model,User model, ServiceCompany model, Employee model and a Project model. A ServiceCompany can have many projects, employees and many ServiceUSer. A ServiceUser can be assign to a project and employees work at a project. Im using devise for authentication and cancan.
Models: https://gist.github.com/Frank004/c578864985b77fe284d4
Second info: My routes
resources :service_companies, shallow: true do
resources :service_users
end
resources :projects, shallow: true do
resources :employees
end
My problem: I got different companies and each one has his projects with different employees on each project. I can filter the project of the current user as a (client or as a manager). my problem start in the url anybody can change the ids of companies, projects or employees and view info from the other company. employee controller: https://gist.github.com/Frank004/b013218c4d4103a7ee55
Im looking for a way to only allow the information of the current project that is view and if he change the ids it wont show the other projects or parts of the projects like the employees list.
Im trying to find a way to get the project
@project
and then filter the employees by the project
love it great job
Wow This just great I was looking for something like this ill be your new member on gorails. :)