Topic: just double checking the validity of my design.

So basically, the app is supposed to allow anyone to signup and create their own customized mini forums and thus becoming admins of their own forum. Each admins create as many forums as they want.

Forums consist of categoory > topic > posts . Anyone can register to as many forums as they want. and they will have a menu to show all of the forums they belong to.

Consist of : Admin.rb, Forum.rb, User.rb, Category.rb, Topic.rb, Post.rb

So in general what the below says is:

One to many b/t Admin and Forums.
Many to Many b/t Forums and Users.

One to many b/t Forum and Categories.
One to many b/t Category and Topics.
One to many b/t Topic and Posts.


Admin.rb

has_many :forums

Forum.rb
belongs_to :admin
has_and_belongs_to_many :users
has_many :categories

User.rb
has_and_belongs_to_many :forums

Category.rb
belongs_to :forum
has_many :topics

Topic.rb
belongs_to :category
has_many :posts

Post.rb
has_many :forums
belongs_to :topic

Err. thats the easy part. My main dillema is whether or not upon sign up what sort of fields(excluding ids) I should include in the Admin's table as well as User's table.

Should Admin table have things like

forum_title
forum_createdon
category_title
category_order
...

OR is the above approach completely wrong?

Instead, should above fields be in their own unique tables? Meaning, forum_title, forum_admin_name would be in the Forum table. and category_title, category_order would be in the Category table.....and so on. And rails be intelligent enough to work out all the relationships??

The latter part I am still unsure of..

Last edited by downwiz2 (2007-04-22 05:06:01)

Re: just double checking the validity of my design.

More specifically, im curious as to how to access an admin's forums....or even allowing creating forums....argh its mind boggling.


well, heres my noob attempt.

#upon logging in have something like
def list
@forums = current_user.forums.find_all
end

def new
end

def create
@forum = Forum.new(params[:forum])
@forum.admin_id = current_user.id  ### EASY THIS SAFE???
@forum.save

end


Should I just generate scaffolded controllers for Forum, Category, Topics, Posts? to allow, the admin to specifically hae CRUD abilities over everysingle detail of the forums....

Argh. My brain is fried for today. I know i will be sleeping on this one. being a noob sucks sad
I'll be happy if one person replied.

Last edited by downwiz2 (2007-04-22 05:22:19)

Re: just double checking the validity of my design.

Isn't an admin just a user with special rights? In that case you wouldn't have an Admin model. Try something like this:

# in Forum model
belongs_to :admin, :foreign_key => 'admin_id', :class_name => 'User'

# in User model
has_many :forums_as_admin, :foreign_key => 'admin_id', :class_name => 'Forum'


Hope that helps.

Railscasts - Free Ruby on Rails Screencasts

Re: just double checking the validity of my design.

# in Forum model
belongs_to :admin, :foreign_key => 'admin_id', :class_name => 'User'
# in User model
has_many :forums_as_admin, :foreign_key => 'admin_id', :class_name => 'Forum'

okay so this is saying look at teh admin_id column in the User table...these association options are just to override what Activerecord would usually do is look for admin.rb, and forumsasadmin.rb.....and your saying we dont need admin.rb because admin_id field in the forum table.

i see. so there will be no need to alter user table itself. upon signing up, and logging in, the user will then create a new forum...where the id field in the user table will be recorded into the forum's table field admin_id ?!

but im rather confused about the :admin, and :forums_as_admin....these would be like phantoms?

@forums = current_user.forums_as_admin.find_all

thanks again.

Re: just double checking the validity of my design.

downwiz2 wrote:

okay so this is saying look at teh admin_id column in the User table

The admin_id column should be in the forums table.

downwiz2 wrote:

these association options are just to override what Activerecord would usually do is look for admin.rb, and forumsasadmin.rb.....and your saying we dont need admin.rb because admin_id field in the forum table.

Correct. We need to tell ActiveRecord the name of the class and foreign key because the default lookup isn't correct.

downwiz2 wrote:

i see. so there will be no need to alter user table itself. upon signing up, and logging in, the user will then create a new forum...where the id field in the user table will be recorded into the forum's table field admin_id ?!

Yep, you can store the user's id in the admin_id column.

downwiz2 wrote:

but im rather confused about the :admin, and :forums_as_admin....these would be like phantoms?

@forums = current_user.forums_as_admin.find_all

Yes, but there's no need to do "find_all" here. Just do this to fetch the user's forums that he owns as an admin:

@forums = current_user.forums_as_admin

You can treat it just like any other association. The reason for the odd name is because you can't call it "forums" since that has already been taken. That will return which forums the user is a member of. The above code will return the forums that the user is an admin of.

Railscasts - Free Ruby on Rails Screencasts

Re: just double checking the validity of my design.

im getting an forums_as_admin unknown method errors....

i just did it like

@forums = Forum.find_all_by_admin_id(current_user.id)

Re: just double checking the validity of my design.

Interesting, what exactly did the error say? Are you certain current_user is set and not nil?

Either way, the code you posted should work fine too.

Railscasts - Free Ruby on Rails Screencasts

Re: just double checking the validity of my design.

hmmm seems to be working now. mb it was when i was testing in console i did not set current_usr properly

current_user.forums_as_admin works exactly same as the code i posted right ?

however my only problem is, since a logged in  user are able to edit freely the title of their forum.

they can still go into the URL and type something like new/forum/33 and access other people's forum.

what would the best solution to this?

in my link_to action should i be passing current_user.id instead of category.id ?

Last edited by downwiz2 (2007-04-24 18:14:26)

Re: just double checking the validity of my design.

downwiz2 wrote:

they can still go into the URL and type something like new/forum/33 and access other people's forum.

what would the best solution to this?

You need to set up a before filter on that action to check if the user has permission to access it (if they are the owner of the forum). If they don't have permission then redirect them to another page saying unauthorized access. I can post some code if you need it.

downwiz2 wrote:

in my link_to action should i be passing current_user.id instead of category.id ?

No need to pass the current_user id in the URL, it is stored in the session so you can always fetch it in the next action. Besides, passing the user id in the URL would allow them to change it.

Railscasts - Free Ruby on Rails Screencasts

Re: just double checking the validity of my design.

i was thinking of :before_filters, but how would i go about checking current_user is the admin?


in authenticated_system.rb

   def authorized?
      if ['new', 'create'].include?(action_name)
      return false unless current_user.id == Category.admin_id
      end
    return true
   end

im getting a nomethoderror for admin_id since there are many different admin_ids.

so
i've tried

return false unless current_user.id == current_user.forums_as_admin

but no luck.


is the approach of comparing current_user.id with admin_id of Forum table not effective?

when you wnat to add new topics, one could essentially still access other admin's topics by doing /topic/edit/1

Last edited by jjk2 (2007-04-25 01:29:08)

Re: just double checking the validity of my design.

jjk2 wrote:

when you wnat to add new topics, one could essentially still access other admin's topics by doing /topic/edit/1

You need to fetch the object which relates to params[:id] in order to see if the current user has permission to access it. Neither of your other approaches did this. I'm assuming forum has_many topics, so you would do this:

# in before filter for editing a topic
@topic = Topic.find(params[:id])
if @topic.forum.admin_id == current_user.id
  # user has permission to access it
end

Since this only really applies to one action, you may not want to use a before filter, just place it directly in the action. Of course it would be nice to abstract this all into one smart before filter, but that can get complicated fast.

Railscasts - Free Ruby on Rails Screencasts

Re: just double checking the validity of my design.

ryanb wrote:
jjk2 wrote:

when you wnat to add new topics, one could essentially still access other admin's topics by doing /topic/edit/1

You need to fetch the object which relates to params[:id] in order to see if the current user has permission to access it. Neither of your other approaches did this. I'm assuming forum has_many topics, so you would do this:

# in before filter for editing a topic
@topic = Topic.find(params[:id])
if @topic.forum.admin_id == current_user.id
  # user has permission to access it
end

Since this only really applies to one action, you may not want to use a before filter, just place it directly in the action. Of course it would be nice to abstract this all into one smart before filter, but that can get complicated fast.

!!! thats what i didn't see. params[:id]. thank you rbates.