Adrian D wrote:
I have a model which has objects which should have always their own
If I want to edit object1 I will need password a.
If I want to edit object2 I will need password b.
What is the best way to implement this? I am not sure whether I can
accomplish this with the traditional authorisation methods.
Unless this is an isolated case, where you could hack something
together, it sounds to me like you need support for Access Control Lists
(ACL). Personally, I would not want to have each model aware of
authorizations for itself. Authorization normally happens at a more
I have not yet had the need for full ACLs in any of my Rails projects. I
am aware there are some ACL plugins/gems available. Since I haven't used
them I don't have any recommendations.