Forum: Ruby on Rails Need help with n<->n authorization

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
B38799960e5ca8c1b3c2f083c1d371ac?d=identicon&s=25 Patrick (Guest)
on 2009-04-22 17:36
(Received via mailing list)
Hi folks,

I'm trying to implement an authorization system with users, roles and
permissions. Each user can have multiple roles, each role multiple
permissions and users can have multiple 'snowflake' permissions as
well.

This is my migration schema:

############################
create_table "permissions", :force => true do |t|
    t.string   "name"
    t.string   "controller"
    t.boolean  "c"
    t.boolean  "u"
    t.boolean  "d"
    t.datetime "created_at"
    t.datetime "updated_at"
  end

  create_table "permissions_roles", :force => true do |t|
    t.integer "role_id"
    t.integer "permission_id"
  end

  create_table "roles", :force => true do |t|
    t.string   "name"
    t.datetime "created_at"
    t.datetime "updated_at"
  end

  create_table "roles_users", :force => true do |t|
    t.integer "user_id"
    t.integer "role_id"
  end

  create_table "snowflakes", :force => true do |t|
    t.integer  "user_id"
    t.integer  "permission_id"
    t.datetime "due_date"
    t.datetime "created_at"
    t.datetime "updated_at"
  end

  create_table "users", :force => true do |t|
    t.string   "login",              :null => false
    t.string   "crypted_password",   :null => false
    ...
  end
############################

As you can see, the user->role->permission-path is solved with
has_and_belongs_to_many connections and the user->permission-path with
has_many, :through snowflakes connections.

What is the best way to authorize a user?

I have various ideas, but I don't know how to implement them in Rails
and which of them are the best in case of performance and security. I
thought of a prepared statement with all permissions by user or an
array with all permissions stored and cached. But I don't know how I
can do something like array.find_by_controller().

Can anybody help me with a clean and straight solution for that
problem?

Thank you very much in advance!

Pat
B38799960e5ca8c1b3c2f083c1d371ac?d=identicon&s=25 Patrick (Guest)
on 2009-04-24 11:08
(Received via mailing list)
I really need help with this problem. Is there any better approach?
This topic is locked and can not be replied to.