I am using the the authorization recipe outlined in Rails Recipes.Is it
possible for one role, say ‘admin’, to have access to every action on
every
controller without explicitly having to create a Right for each?
I know this will not work as is, and to force it to do so would violate
MVC,
but is there some other way to accomplish having something like this in
a
controller:
loggedin=false;
if session[:user]
Applicant.find(session[:user]).roles.each{|r| loggedin=true if r.name==
“admin”}
end
skip_before_filter :check_authentication, :check_authorization if
loggedin
Thanks,
Howard
On 8/24/06, Howard R. [email protected] wrote:
Applicant.find(session[:user]).roles.each{|r| loggedin=true if
r.name==“admin”}
end
skip_before_filter :check_authentication, :check_authorization if loggedin
Thanks,
Howard
I store * as a wildcard for the action/controller columns, and query
for (rights.controller = controller_name OR rights.controller = ‘*’)
AND in my authorized() method.
Isak
On 8/24/06, Isak H. [email protected] wrote:
I store * as a wildcard for the action/controller columns, and query
for (rights.controller = controller_name OR rights.controller = ‘*’)
AND in my authorized() method.
Isak
Thanks Isak, It seemed so very obvious once I saw your suggestion. I
works
beautifully.
Thank You,
Howard