Forum: Ruby on Rails How to set up tiered access privileges?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
gaveeno (Guest)
on 2008-10-28 01:52
(Received via mailing list)
I'm using restful_authentication and role_requirement to handle use
authentication for my application.  I'm wondering what the best way is
for me to set up tiered access privileges.  Essentially, I want to
restrict access as follows:

- some users will get access to one or more branches
- some users will get access to one or more regions, including the
branches within that region
- some users will get access to an entire company, including the
regions and branches within that company

When a person logs into the application, I want to show them data only
relevant to their particular branch if they only have access at the
branch level.  Similarly, when a person logs in that has access to an
entire company, I want to be able to show them company data, regional
data, and branch-level data.

Should I set up three separate index tables (users_branches,
users_regions, users_companies), and then when the user logs in just
do three separate finds, one against each of these three tables, to
find out their access rights?  Or is there a better way to do this to
cut down on the number of queries?

I hope I've been clear enough - let me know if I need to elaborate
more.

Thanks in advance!
This topic is locked and can not be replied to.