I have an authentication system set up via the activefx tutorial for restful_authentication. I now need to implement roles and permissions on a per object basis, as opposed to site wide, ''Is this user an administrator?'', permissions. There are two types of objects, Groups and Channels, and they each have one Admin, many Notables, and many Members. I''m presuming it could be bad to mix my site wide roles/permissions in with the Group & Channel roles/permissions, although it could potentially keep things tidier if my Roles table simply has Administrator, Notable, Member (for Site, Group, Channel objects) and then the Permissions table handles what has been assigned to Site, Groups or Channels. In fact, I''ve just been testing this approach via a polymorphic association in the Permissions table so that the Groups and Channels are Permissionable (the Permissions table has role_id, user_id, permissionable_id, permissionable_type). However, calling a has_many through on the permissionable polymorphic association seems to be causing problems (I just keep getting an error message from AR telling me I cannot have a has_many :through association on the polymorphic object). Firstly, do I need to avoid mixing site permissions in with object permissions? If so, do I differentiate between the two, maybe by keeping site permissions in the Permissions table, and keeping object permissions in a new Memberships table (this is a naming convention that I''d be happy with). Secondly, is it going to be possible to use a Permissionable polymorphic assocation on the object permissions, or do I just want to create separate group_permissions and channel_permissions tables to avoid any issues with a has_many through on the polymorphic association? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Ramon Miguel M. Tayag
2008-Sep-18 09:08 UTC
Re: Help with object level roles & permissions
I would separate it... keep the roles and permission you have with activefx''s tutorial. Then your group or channel has_one :administrator, <necessary options here> has_many :notables, <necessary options here> has_many :members, :through => :memberships, <other necessary options here> has_many :memberships Maybe even the membership model can contain what capacity the user is in the group? This just popped into my head now.. not too sure if this would work. Sounds okay though. On Wed, May 7, 2008 at 5:03 PM, Neil Cauldwell <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > I have an authentication system set up via the activefx tutorial for > restful_authentication. I now need to implement roles and permissions on > a per object basis, as opposed to site wide, ''Is this user an > administrator?'', permissions. > > There are two types of objects, Groups and Channels, and they each have > one Admin, many Notables, and many Members. I''m presuming it could be > bad to mix my site wide roles/permissions in with the Group & Channel > roles/permissions, although it could potentially keep things tidier if > my Roles table simply has Administrator, Notable, Member (for Site, > Group, Channel objects) and then the Permissions table handles what has > been assigned to Site, Groups or Channels. In fact, I''ve just been > testing this approach via a polymorphic association in the Permissions > table so that the Groups and Channels are Permissionable (the > Permissions table has role_id, user_id, permissionable_id, > permissionable_type). However, calling a has_many through on the > permissionable polymorphic association seems to be causing problems (I > just keep getting an error message from AR telling me I cannot have a > has_many :through association on the polymorphic object). > > Firstly, do I need to avoid mixing site permissions in with object > permissions? If so, do I differentiate between the two, maybe by keeping > site permissions in the Permissions table, and keeping object > permissions in a new Memberships table (this is a naming convention that > I''d be happy with). Secondly, is it going to be possible to use a > Permissionable polymorphic assocation on the object permissions, or do I > just want to create separate group_permissions and channel_permissions > tables to avoid any issues with a has_many through on the polymorphic > association? > -- > Posted via http://www.ruby-forum.com/. > > > >-- Ramon Tayag --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Ramon Tayag wrote:> I would separate it... keep the roles and permission you have with > activefx''s tutorial. Then your > > group or channel > has_one :administrator, <necessary options here> > has_many :notables, <necessary options here> > has_many :members, :through => :memberships, <other necessary options > here> > has_many :memberships > > Maybe even the membership model can contain what capacity the user is > in the group? This just popped into my head now.. not too sure if > this would work. Sounds okay though. > > On Wed, May 7, 2008 at 5:03 PM, Neil Cauldwell > <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: >> my Roles table simply has Administrator, Notable, Member (for Site, >> Firstly, do I need to avoid mixing site permissions in with object >> >> > >> > > > > -- > Ramon TayagThanks, Ramon. This is quite an old post - I''ve been happily working along with permissions for a while now. In fact, right now, I''m integrating per-permission notifications options, whereby a user can specify which activities they want to be notified about (email) on a per-group basis. If you''re interested, I posted a question about notifications & named_scopes, in Railsforum a couple of minutes ago. I''ve since found a solution for the first question, but, I know there''s room for improvement; http://railsforum.com/viewtopic.php?id=22509 Also, my friend Ryan, from ThinkRefresh.com, made a screencast about polymorphic permissions after I posed the same question to him; http://thinkrefresh.com/posts/7/polymorphic-permissions Maybe that''ll help anyone else who comes across this post... -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---