I recently added a method like your talking about for conditional
view display. Its pretty simple and works like this:
<% restrict_to "admin | moderator" do %>
<%= link_to "Destroy" %>
<% end %>
That method will get the current_user behind the scene and compare
the users roles with the permissions string in the restrict_to
method. So the body of the block will only get executed if the user
has a role that when evaluated with the logic string, returns true.
This works good for conditional blocks of code or html in the view.
And the declarative style of access_control in the controller will
keep users out of controller/actions that they have no right to see.
But some actions need to be seen by many roles but have certain links
like destroy that can only be used by one or two roles.
On Mar 6, 2006, at 8:14 AM, James A. wrote:
structure in data rather than code. The differences might be small
info) and we’ll do our best to sort out any problems there. FYI I’m
think they’re working on fixing it (if it hasn’t been already). I
Basically, I decided that I wanted to use :through badly enough that
Rails mailing list