1 table 2 models

I have a single database which contains a single table. The general
public will not have access to the table at all. I have 2 classes of
users that will have access to the table. The ‘members’ class is to
have read-only access. The ‘admins’ class is to have read and edit
access.

My initial thought was that the way to handle this was to setup 2
controllers (and 2 models) because it would be easier to control the
access if each class having access to the table had their own separate
controller. I’m having trouble with that approach getting
ActiveRecord::StatementInvalid errors. I think I am beginning to see
why.

My question is: When one has only one table and wants to provide 2
different levels of access to it, what is the best strategy to employ?

Thanks for any input.

   ... doug

I don’t know about best…

Use validate_on_update to reject the update if the user lacks
permission.

On 9/24/07, doug [email protected] wrote:

controller. I’m having trouble with that approach getting
ActiveRecord::StatementInvalid errors. I think I am beginning to see
why.

My question is: When one has only one table and wants to provide 2
different levels of access to it, what is the best strategy to employ?

Having two models isn’t going to help you much. You need one model.

You can look at http://perens.com/FreeSoftware/ModelSecurity/ for an
interesting approach to employing security at the model level, but
it’s tricky, so do your research.

In general, you use before_filter in your controller to asses the
current user’s level and allow or deny access to the appropriate
actions. Having two controllers makes it simpler because you don’t
have to do fine-grained declarations in your before_filter statement.

Having two controllers makes it simpler because you don’t
have to do fine-grained declarations in your before_filter statement.

Exactly what I was thinking but articulated much better.

Having two models isn’t going to help you much. You need one model.

So, I take it that you are suggesting 2 controllers and one model.
Sounds
good to me; and, in fact, at least initially that approach seems to
work great.

I’m not sure that I have my mind completely wrapped around all this;
but,
at least it appears that things are beginning to clear up.

Thanks for the help.

   ... doug

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs