I have the following tables: Users, Clients, Roles, Assignments(user_id, role_id, client_id) and Rights(controller, action). First of all, I'd like to know if hooking things up this way makes any sense. Could perhaps add a second join table between assignments and roles, but not sure that would add any value. What i'm really wondering about, though - is how to do things the 'right' way. My session contains :user_id and :client _id. I've alread loaded the user into @user, with an auth filter, and am now writing the filter 'allow?' to do role based authorization on the controller/action tier. Second step is loading the client, just to make sure it exists and so on. Next i'd like to ask my user if it's authorized to access this controller/action, i.e. @user.authorized?(@client, controller_name, action_name). I should be using the actual client instance here, I assume, not just the id? Now.. How should i iterate through all Rights for a given User--Client relationship? Could do it easily with Rights.find_by_sql(...), but don't think that's appropriate..? What if i only wanted the Roles? Will be reading 'agile web development' as soon as it drops into my mailbox, but a head start would be nice. Any feedback appreciated. -- View this message in context: http://www.nabble.com/Coding-conventions-%28mostly... Sent from the RubyOnRails Users forum at Nabble.com.
on 2006-03-02 12:23
on 2006-03-02 13:11
Hmm.. Bad subject here, figure it should have read 'AR usage' or similar. Please bear with me. -- View this message in context: http://www.nabble.com/Coding-conventions-%28mostly... Sent from the RubyOnRails Users forum at Nabble.com.