Model level access control

Hi Everyone,

Is there anything out there that allows model-level access control?
Basically, records need be available if a)You created them and they’re
associated with your user id b)You’re an admin, in which case you should
be
able to see very record.

I imagine I could implement this functionality by creating separate
actions,
one which only pulls records based on user id, and another which pulls
all
records and also checks to see if you’re authorized to view the action.
Anyone have experience with this? Which one makes more sense?

Thanks!
Daniel

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs