I have an authentication system set up via the activefx tutorial for
restful_authentication. I now need to implement roles and permissions on
a per object basis, as opposed to site wide, 'Is this user an
administrator?', permissions.
There are two types of objects, Groups and Channels, and they each have
one Admin, many Notables, and many Members. I'm presuming it could be
bad to mix my site wide roles/permissions in with the Group & Channel
roles/permissions, although it could potentially keep things tidier if
my Roles table simply has Administrator, Notable, Member (for Site,
Group, Channel objects) and then the Permissions table handles what has
been assigned to Site, Groups or Channels. In fact, I've just been
testing this approach via a polymorphic association in the Permissions
table so that the Groups and Channels are Permissionable (the
Permissions table has role_id, user_id, permissionable_id,
permissionable_type). However, calling a has_many through on the
permissionable polymorphic association seems to be causing problems (I
just keep getting an error message from AR telling me I cannot have a
has_many :through association on the polymorphic object).
Firstly, do I need to avoid mixing site permissions in with object
permissions? If so, do I differentiate between the two, maybe by keeping
site permissions in the Permissions table, and keeping object
permissions in a new Memberships table (this is a naming convention that
I'd be happy with). Secondly, is it going to be possible to use a
Permissionable polymorphic assocation on the object permissions, or do I
just want to create separate group_permissions and channel_permissions
tables to avoid any issues with a has_many through on the polymorphic
association?
Maybe even the membership model can contain what capacity the user is
in the group? This just popped into my head now.. not too sure if
this would work. Sounds okay though.
Maybe even the membership model can contain what capacity the user is
in the group? This just popped into my head now.. not too sure if
this would work. Sounds okay though.
my Roles table simply has Administrator, Notable, Member (for Site,
Firstly, do I need to avoid mixing site permissions in with object
>
--
Ramon Tayag
Thanks, Ramon. This is quite an old post - I've been happily working
along with permissions for a while now. In fact, right now, I'm
integrating per-permission notifications options, whereby a user can
specify which activities they want to be notified about (email) on a
per-group basis.
If you're interested, I posted a question about notifications &
named_scopes, in Railsforum a couple of minutes ago. I've since found a
solution for the first question, but, I know there's room for
improvement;