I’m coding a project that needs a lot of authentication stuff… e.g. I
write sort of a profile area, where users can create their different
So I need to check if a user has the right to browse the profiles, if he
has the right to change them all (as an admin) or the ones that belong
to him etc. etc. This needs quite some logic…
Now I wonder whether to use the existing UserEngine for authentication
stuff, or if I should write my own…
I guess that the UserEngine needs quite a lot of performance because it
makes so many calls to the DB. And it only has controller/action pairs
that it can validate, so I don’t think that it fits my needs.
I rather thought about creating my own system, that does not validate
controller/action pairs, but “real” roles and permissions.
class profiles_controller < ApplicationController
if user.has_right ‘EDIT_PROFILES’ or user.belongs_to ‘ADMINS’
# do edit stuff
render :partial => ‘permission_error’
What do you think about that? Do I miss something or is it really better
to create my own authentication system rather than using the UserEngine?
Or are there other authentication systems available for Rails apps?
Thanks a lot for your opinions.