I have the following tables: Users, Clients, Roles, Assignments(user_id,
role_id, client_id) and Rights(controller, action).
First of all, I’d like to know if hooking things up this way makes any
sense. Could perhaps add a second join table between assignments and
but not sure that would add any value.
What i’m really wondering about, though - is how to do things the
My session contains :user_id and :client _id. I’ve alread loaded the
into @user, with an auth filter, and am now writing the filter ‘allow?’
do role based authorization on the controller/action tier.
Second step is loading the client, just to make sure it exists and so
Next i’d like to ask my user if it’s authorized to access this
controller/action, i.e. @user.authorized?(@client, controller_name,
I should be using the actual client instance here, I assume, not just
Now… How should i iterate through all Rights for a given User–Client
relationship? Could do it easily with Rights.find_by_sql(…), but don’t
think that’s appropriate…?
What if i only wanted the Roles?
Will be reading ‘agile web development’ as soon as it drops into my
but a head start would be nice. Any feedback appreciated.
View this message in context:
Sent from the RubyOnRails Users forum at Nabble.com.