Yesterday I was playing with how to do the authorization in rails? So I got a book called “Rails Recipes” page 141. they have a pretty nice tutorial talking about how to authorize.

But I have a little problem when I need to cancel the rights from role. because we don’t have a model represented rights_roles table. So how can we delete the record from that table in our controller. After I had a great help from my friend and looked up in Rails API a little bit. We found out that we can also do things like this

But first I’m going to show you the structure of role and right models.

Right

class Right < ActiveRecord::Base

has_and_belongs_to_many :roles

end

Note: this tell us that Right has and belong to many roles

Role

class Role < ActiveRecord::Base

has_and_belongs_to_many :users
has_and_belongs_to_many :rights

end

Note: Role has and belong to many users and rights

After we assigns right for role. it will record it into the table called “rights_roles”

Rights_Roles

Role_id (fk) Integer
Right_id (fk) Integer

Okay now is how you can delete record in rights_roles table without need a model.

def cancel_right
@right = Right.find(params[:id])
@role = Role.find(params[:role])

@role.rights.delete(@right) => get rights in the role object and delete which has been selected

redirect_to :action => “view_assign_right”, :id => @role.id
end

*สำหรับภาษาไทยกด 1 ครับ อิอิ