I am working on an app that has three roles (user, admin, business). I
have the situation where all three roles interact with the same
controller, but have access to different actions. Some actions are
authorized for 2 roles (admin, business), and others are only authorized
for one role (administrator).
Does anyone know if there is a commonly used pattern for security on a
per action basis?
What I would like to do is be able to map which roles are authorized to
call which actions and be able to call a :before_filter in my
In my head I’m thinking of something like
before_filter :authorize_action => :except [:public_action1,
Thanks for any input.