question on how ROR choses a controller instance ``at runtime"

I have read through, written, and completed several ROR examples from widely available texts. So far so good.

However, texts (ROR Up and Running [Pub: O'Reilly], Ruby for Rails [Pub: Manning]) are sorely lacking in describing the dynamic aspects of ROR as background for writing more complex applications. And, yes, part of this question derives from my own lack of experience.

Bottom line question: how can you dynamically choose which controller is created and run on an incoming request?

Motivating example: A web system requires a login. A login is either an instance of a priviledged user or some other user. Once the login is done, the web system must display the home page. The home page must always have a button labeled ``log out." Also, if the user is priviledged, then it must have another button ``Admin."

Now if this was a non-web, non-DB program i.e. a windows GUI running all in memory, a if-then, lookup, or case statement could cateogorize the login as priviledged or not. Then, as the case may be, a priviledged or non-priviledged controller ``theController" would be created. It would know how to create the appropriate view(s) instances and model instances. So, the non-priviledged controller would create views which DO NOT give an admin button whereas a privileged controller would. And if the logout button was pressed, the non-priviledged or priviledged controller could vary their behavior depending on what was needed. The controller would available at anytime in memory to control any future interactions. This is basic, simple, classic OO in a MVC paradigm,

It's unclear how this thinking carries into ROR after the home page appears.

Doing the login and getting the home page with or without the ``admin" button roughly runs like this. You'd probably create two models PrivUser and User plus LoginController, UserController, PrivUserControllers. Upon entering the login id and password into one's web browser, the form data would be sent to the LoginController which could easily verify the id and password, and create a PrivUser or User instance. By then it's dirt simple to instantiate a UserController or PrivUserController and pass control to it (i.e. via a method call on the User or PrivUser instance or merely performing an if-then on the class of the user) which would render the home page. The PrivUserController would eventually delegate to view(s) which DO INCLUDE an ``admin" button whereas the UserController wouldn't include that button.

But now what? How should clicking on ``logout" work? Because once the home page appears the controller instance is lost (stateless computing). Suppose, that in addition to performing normal logout behavior, a priviledged user must perform some other action A at logout.

So when the user clicks on ``logout" how could I route the request to, say, PrivUserController if a priviledged user was logged in or UserController otherwise? What's the right design or thinking pattern here?

Thank you in advance. Shane

you should certainly not use different controllers for different user types. instead, you should - In your controller: use before_filter e.g. to call a method that validates weihter the user has the corect priviliges to run the requested action. -in your views: do somthing like this:

<a href="linktologout blabla">logout</a> <% if @user.privilege = "admin" %> <a href="linktoadminarea blabla">Admin Area</a> <%end>

hope that helps, aint got much time to write a book about it :smiley: