All user groups can add events to their account area (except user group 4 as they don't have a login). In order to view the event, everyone would access the same link "/events". I'd have to distinguish between 4 variants on how to query the events table depending on the user:
1. Admin: get all events in the system
2. Creator/Owner: only get events I created
3. Viewer: get events I added to my account
4. General Visitor: get events that are set to public
In this case there is a significant difference in behavior. When dealing with REST, you split up the actions depending on the behavior. It just so happens that each account needs a different behavior. So, the events controller needs to support this:
1. find all events
2. find all public events
3. find all events created by a given account
4. find all events related to a given account
Forget about restricting access for a moment, these are all different behaviors that the Events controller needs to provide. I recommend creating a separate action for each one. By default, REST only gives you the "index" action, but here you need to add more "collection" actions which can be specified through the routes.
Once you get each behavior in its own action it's very reasy to restrict access using before filters. If there's duplication in the views, you can either have them all render the same view or use partials to remove the duplication.
An alternative is to move the event fetching into the User model and use Single Table Inheritence for the different type of users. This is a good approach in many cases, but here I prefer making them separate actions.
Additionally to this, there would be the need to make 4 partials for every user group to see their events as they all get the data displayed in a different format.
How different is the format? If you just need to show/hide a few things, I recommend keeping it all in one partial but using "if" conditions. Also, if you go with the approach I mentioned above, it is split into four actions so there's no need to move them into partials or create separate partials. Just use partials where there is duplication.
- Free Ruby on Rails Screencasts