Hi,
I am building a application with some object level authentification.
Following permission/role/user design, I will have some exrta parameters
on the authorize() method
For example, I have two permissions "car::view" and
"car::manage".
Having one Car controller, I would go for:
def view
authorize("user::view", params[:id])
end
def edit
authorize("user::manage", params[:id])
end
authorize method would check user''s role, and chek permission for given
object.
This doesn''t appear nice to me, i could forget to authorize on the
beginning of the method. Best would to keep hacing a mixin, but since
parameters can change, I do not see how to do it.
Any help?
Thank you!
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---