I am really newbie in RoR, I am just reading this
I am trying to make very simple application who should have 3 user roles
groups of many users). Each role should have different permission set
course i have to implement some authentication mechanism first).
*Administrators *- Should have access to all data (create, edit,
*Editors *- Should have access to all data which they created (create,
edit, update, delete).
*Viewers *- Should have read access to all data anyone created.
I just scaffold-ed basic structure of application, did some changes,
defined relations between models … Scaffold views and controllers have
all actions for all data (Show, edit, update, delete). My question is:
- Should I move somewhere to dedicated place (like /admin) these
scaffold-ed files and “lock” them only for administrators? Create
set of controllers and views for Editors and different set of
and views Viewers? Is this even possible?
- Should I use existing scaffold-ed controllers and views and make
application logic inside (filtering out displaying Edit link is not
idea, users always can “gues” the correct edit URL even I do not show
button for edit)?
- Is there best practice for such common situation?
thanx a lot for your opinions