James Schementi wrote:
> Any ideas? If this is the wrong approach, any > suggestions on another? Anything obvious I'm missing? > > ~Jimmy
Ok, I came up with a semi-suitable solution. Since I'm not turning this on yet, I stuck this in my ApplicationController to store rights as the system handles actions:
before_filter :store_right
def store_right Right.find_or_create_by_name_and_controller_and_action(controller_name + " - " + action_name, controller_path, action_name) end
Of course, not perfect ... since my migrations don't capture this data ... and it doesn't ensure that all actions are represented. So, I'm looking for a solution better than this
~Jimmy
-- Posted via http://www.ruby-forum.com/.
The user_engine has a rake task that basically does this.
However... I have found that unless you really expect that the roles and permissions will be changing a lot, that the database approach to this is 1) slower, because of the extra queries required, 2) a royal PITA, precisely because it is so sensitive to the database setup.
I'd consider hard wiring in the roles and authorization. This is faster and it's easy to see at a glance through the source code, which roles should be able to access which actions.
_Kevin