I have an app which already uses a user table for authentication. In
the early days I added extra boolean columns for flags indicating user
permissions (admin, etc.) which worked quite well up to a point.
Now the number of permission flags is increasing so I’m curious as to
where I should go from here…
Keep adding boolean columns (simple, but is there a drawback of
having too many columns?)
Have some kind of :roles table and create a join table to
link :users to :roles (probably cleaner but does mean either doing
joins all the time, or executing a new query each time you check a
permission.)
Have a :roles column in the :users table and store a YAML structure
with all the roles in a set of some sort.
Problem is I like all three options. Which of these would be
considered the most “Rails-like” way to go about things?
Problem is I like all three options. Which of these would be
considered the most “Rails-like” way to go about things?
If it were up to me, I’d go the join table route, using has_many,
:through. So it would look similar to:
Class User
has_many :roles, :through => :permissions
End
Class Role
has_many :users, :through => :permissions
End
Class Permissions
belongs_to :roles
belong_to :users
End
The benefit of using this is that it gives you a whole new model object
to work with, should the permissions system ever need to be more
complicated. Your join table would have a role_id and user_id, but could
also contain other columns if needed. I think this would be the most
flexible options, and is probably the most Rails-like.
Join table would be my second best option. Top on my list would be to
check out the acl_system or acl_system2 plugin so I wouldn’t have to
write it myself!