I have the following tables: Users, Clients, Roles, Assignments(user_id,
role_id, client_id) and Rights(controller, action).
First of all, I''d like to know if hooking things up this way makes any
sense. Could perhaps add a second join table between assignments and roles,
but not sure that would add any value.
What i''m really wondering about, though - is how to do things the
''right''
way.
My session contains :user_id and :client _id. I''ve alread loaded the
user
into @user, with an auth filter, and am now writing the filter
''allow?'' to
do role based authorization on the controller/action tier.
Second step is loading the client, just to make sure it exists and so on.
Next i''d like to ask my user if it''s authorized to access this
controller/action, i.e. @user.authorized?(@client, controller_name,
action_name).
I should be using the actual client instance here, I assume, not just the
id?
Now.. How should i iterate through all Rights for a given User--Client
relationship? Could do it easily with Rights.find_by_sql(...), but
don''t
think that''s appropriate..?
What if i only wanted the Roles?
Will be reading ''agile web development'' as soon as it drops
into my mailbox,
but a head start would be nice. Any feedback appreciated.
--
View this message in context:
http://www.nabble.com/Coding-conventions-%28mostly-AR%29-t1211090.html#a3200610
Sent from the RubyOnRails Users forum at Nabble.com.