Sign in through GitHub

Please read for an updated status on RailsCasts:

Learn more or hide this

Tom Dworzanski's Profile

GitHub User: dworzanski

Site: http://dworzanski.com

Comments by Tom Dworzanski

Avatar

Very helpful screencast! There are several Rails 4 helper methods for this and similar form building: https://github.com/rails/rails/blob/master/actionview/lib/action_view/helpers/form_options_helper.rb

Though doing it using Ryan's way allows for infinite flexibility.

Avatar

Both methods of setting hash values work the same, it's a matter of style preference.

Avatar

Thanks for pointing this out, it helped me get this working in Rails 4.

Avatar

Great episode as usual. I love how you test everything. Moving the permissions into a model is definitely the way to go.

Avatar

You can use either one, there is no reason to use one or the other. The key is the readability of your code. Personally, I prefer "if not" because I find it easier to understand.

Avatar

Wonderful episode!

There are some tangential security issues with this, but they are outside the scope (no pun intended) of multitenancy. The most obvious one is any user can create a resource in another scope by simply POSTing a tenant_id other than his own. To prevent this hole, simply make sure the controller does not accept a tenant_id parameter.

Regardless, this is awesome stuff, well thought out, and extremely helpful. Thanks Ryan!