setting up access rules

I am referring to this wonderful post:
http://pivotallabs.com/users/nick/blog/articles/272-access-control-permissions-in-rails/comments
for creating access rules for my application.

So from my controller and views I am calling method in user model as:
@currentuser.topic_admin?(topic)

### User model has this method:
def topic_admin?(topic)
  topic.can_admin?(self)
end

One solution would be to provide a guest user in the database that is returned by current_user when no-one is logged in, that enables you to give the guest user whatever roles you desire. Alternatively test @currentuser before calling topic_admin. As an aside I would suggest setting up @topic_admin true or false in controller rather than calling it from view, or even better if possible setup the data to be displayed in the controller/model and remove the logic from the view entirely.

Are there different types of Topic? If not then can_create? does not need to be given a topic. Make can_be_created_by? a class method rather than an instance method, so it is called by Topic.can_be_created_by?(user).

Colin

Its getting more complex than I thought..

May it will be easier to make 'can_de_*ted_by' methods as Class methods
and call them directly bypassing the user model 'can_*t[e]' methods.

However this gives less control over the topics and items. I also have
an index action, where in front of each topic name there
edit/update/delete actions. Many users may have 'topic admin' role,
however only the user who created particular topic should be able to
delete it...

Thanks,
CS.

Colin Law wrote: