Hi,
I have a model which has objects which should have always their own password.
If I want to edit object1 I will need password a. If I want to edit object2 I will need password b.
What is the best way to implement this? I am not sure whether I can accomplish this with the traditional authorisation methods.
Thanks for your help!
Adrian D wrote:
Hi,
I have a model which has objects which should have always their own password.
If I want to edit object1 I will need password a. If I want to edit object2 I will need password b.
What is the best way to implement this? I am not sure whether I can accomplish this with the traditional authorisation methods.
Unless this is an isolated case, where you could hack something together, it sounds to me like you need support for Access Control Lists (ACL). Personally, I would not want to have each model aware of authorizations for itself. Authorization normally happens at a more abstract level.
I have not yet had the need for full ACLs in any of my Rails projects. I am aware there are some ACL plugins/gems available. Since I haven't used them I don't have any recommendations.
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks