Hi - what I'm trying to accomplish is to enable different levels of access to users in my application. The models are here: http://pastie.org/408263 Basically, the permission model holds the group_id, page_id and read/write permission as boolean. If a certain user from some group is trying to access a page, he can do it if his group_id has can_read = true for the specific page_id. He can then edit the page if he has can_edit = true. This got a little (very) complex to manage since I need to add and deny permissions for every group on every page, and also need to use a before_filter or some sort of <% if current_user.can_read(page_id) %> at the beginning of each action. I'm looking for suggestions on how to simplify this system while still retaining it's original functionality (ie - allow or deny user's access to pages based on the group he belongs to). The less code in the controller - the better :) thanks.
on 2009-03-05 16:02