I already have a simple role based access control system (User, Role,
Privilege, Client) in place for my web layer, which checks
User.authorized?(controller, action, client) from a before filter.
What do you think about using this method for auth checks on the model
layer as well, only with made up controller/action strings? (e.g.
A bit simplistic for a multi user/client accounting system? I’m
certainly open for better suggestions, especially if they could
improve ease of use/maintenance.
Any feedback appreciated,