Adding permissions

Hi all.

I have an app which already uses a user table for authentication. In
the early days I added extra boolean columns for flags indicating user
permissions (admin, etc.) which worked quite well up to a point.

Now the number of permission flags is increasing so I'm curious as to
where I should go from here...

1. Keep adding boolean columns (simple, but is there a drawback of
having too many columns?)

2. Have some kind of :roles table and create a join table to
link :users to :roles (probably cleaner but does mean either doing
joins all the time, or executing a new query each time you check a
permission.)

3. Have a :roles column in the :users table and store a YAML structure
with all the roles in a set of some sort.

Problem is I like all three options. Which of these would be
considered the most "Rails-like" way to go about things?

TX

Problem is I like all three options. Which of these would be
considered the most "Rails-like" way to go about things?

If it were up to me, I'd go the join table route, using has_many,
:through. So it would look similar to:

Class User
  has_many :roles, :through => :permissions
End

Class Role
  has_many :users, :through => :permissions
End

Class Permissions
  belongs_to :roles
  belong_to :users
End

The benefit of using this is that it gives you a whole new model object
to work with, should the permissions system ever need to be more
complicated. Your join table would have a role_id and user_id, but could
also contain other columns if needed. I think this would be the most
flexible options, and is probably the most Rails-like.

Join table would be my second best option. Top on my list would be to
check out the acl_system or acl_system2 plugin so I wouldn't have to
write it myself!