Hi Group! I started working with Rails about a week ago.
I created this app that acts pretty much like a public blog. So far
users can register for an account with Authlogic (http://github.com/
binarylogic/authlogic). Once a user has logged in they can add their
own posts. Now I would like to make it so that only posts authors are
able to edit or destroy their own items.
Using this tutorial (http://wiki.github.com/be9/acl9/tutorial-securing-
a-controller) I did the following:

–>This is in my PostsControllers

class PostsController < ApplicationController
before_filter :load_post, :only => [:edit, :update, :destroy, :show]
access_control do
allow all, :to => [:index, :show]
allow :admin
allow logged_in, :to => [:new, :create]
allow :owner, :manager, :of => :post, :to => [:edit, :update]
def load_post
@post= Post.find(params[:id])

So far so good. Now I need set the role for each user to manage their
own post.

Following the same tutorial I can only get to accomplish this by doing
this to my PostsControllers

def create
@post = Post.new(params[:product])
if @post.save
flash[:notice] = ‘Post created.’
current_user.has_role!(:author, @post # <————- assign the role
render :new

That works, but not quite. The only problem is how it gets stored in
the database.

For every time a user creates a new post it adds data to the table
“roles” and “roles_users”, so if the same user adds another post this
would add another row to “roles”, “roles_user”, and of course to

I believe this would work better (and be lighter in the database) if
the role would be set at the time the user is created…so the user
has a role over any post that has its user_id.

Can anybody help me solve this? Your assistance would be very greatly
appreciated. Thanks for your time :wink: