Hi
we are creating small site on Rails which fits perfectly into REST model. One of our futures is security model with roles. In general, there are 3 types of users: standard, power-user and administrator. We need also to have different admin users with different roles. Also in other hand some users can have API access via RESTFUL interface.
Currently we are having standard CRUD interface via rest , something similar to scaffold generated code:
def index @data = SomeCodeWhichLoadData() respond_to do |format| format.html # index.html.erb format.xml { render :xml => @profiles } end end
My problem is that i need to have standard rights (is user loged in), plus rights to check if user can have access to html parts (admin v.s. user v.s. power-user) and also part where i can limit some REST API to some users.
Is there any standard (Rails) way for doing this? Any ideas how to fit user rights model into rails app?
Best