I have a single database which contains a single table. The general
public will not have access to the table at all. I have 2 classes of
users that will have access to the table. The ''members'' class
is to
have read-only access. The ''admins'' class is to have read and
edit
access.
My initial thought was that the way to handle this was to setup 2
controllers (and 2 models) because it would be easier to control the
access if each class having access to the table had their own separate
controller. I''m having trouble with that approach getting
ActiveRecord::StatementInvalid errors. I think I am beginning to see
why.
My question is: When one has only one table and wants to provide 2
different levels of access to it, what is the best strategy to employ?
Thanks for any input.
... doug
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
I don''t know about best... Use validate_on_update to reject the update if the user lacks permission. On Sep 24, 2:00 pm, doug <ddjol...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I have a single database which contains a single table. The general > public will not have access to the table at all. I have 2 classes of > users that will have access to the table. The ''members'' class is to > have read-only access. The ''admins'' class is to have read and edit > access. > > My initial thought was that the way to handle this was to setup 2 > controllers (and 2 models) because it would be easier to control the > access if each class having access to the table had their own separate > controller. I''m having trouble with that approach getting > ActiveRecord::StatementInvalid errors. I think I am beginning to see > why. > > My question is: When one has only one table and wants to provide 2 > different levels of access to it, what is the best strategy to employ? > > Thanks for any input. > > ... doug--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 9/24/07, doug <ddjolley-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > I have a single database which contains a single table. The general > public will not have access to the table at all. I have 2 classes of > users that will have access to the table. The ''members'' class is to > have read-only access. The ''admins'' class is to have read and edit > access. > > My initial thought was that the way to handle this was to setup 2 > controllers (and 2 models) because it would be easier to control the > access if each class having access to the table had their own separate > controller. I''m having trouble with that approach getting > ActiveRecord::StatementInvalid errors. I think I am beginning to see > why. > > My question is: When one has only one table and wants to provide 2 > different levels of access to it, what is the best strategy to employ?Having two models isn''t going to help you much. You need one model. You can look at http://perens.com/FreeSoftware/ModelSecurity/ for an interesting approach to employing security at the model level, but it''s tricky, so do your research. In general, you use before_filter in your controller to asses the current user''s level and allow or deny access to the appropriate actions. Having two controllers makes it simpler because you don''t have to do fine-grained declarations in your before_filter statement. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> Having two controllers makes it simpler because you don''t > have to do fine-grained declarations in your before_filter statement.Exactly what I was thinking but articulated much better.> Having two models isn''t going to help you much. You need one model.So, I take it that you are suggesting 2 controllers and one model. Sounds good to me; and, in fact, at least initially that approach seems to work great. I''m not sure that I have my mind completely wrapped around all this; but, at least it appears that things are beginning to clear up. Thanks for the help. ... doug --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---