Hi,
I am really newbie in RoR, I am just reading this
bookhttp://pragprog.com/book/rails2/agile-web-development-with-rails.
I am trying to make very simple application who should have 3 user roles
(3
groups of many users). Each role should have different permission set
(of
course i have to implement some authentication mechanism first).
*Administrators *- Should have access to all data (create, edit,
update,
delete).
*Editors *- Should have access to all data which they created (create,
edit, update, delete).
*Viewers *- Should have read access to all data anyone created.
I just scaffold-ed basic structure of application, did some changes,
defined relations between models … Scaffold views and controllers have
all actions for all data (Show, edit, update, delete). My question is:
- Should I move somewhere to dedicated place (like /admin) these
scaffold-ed files and “lock” them only for administrators? Create
different
set of controllers and views for Editors and different set of
controllers
and views Viewers? Is this even possible? - Should I use existing scaffold-ed controllers and views and make
application logic inside (filtering out displaying Edit link is not
good
idea, users always can “gues” the correct edit URL even I do not show
button for edit)? - Is there best practice for such common situation?
thanx a lot for your opinions
Pavel K.