In the past, I have used a solution of Rights/Roles/Users as outlined by
Chad Fowler in his original Rails Recipes but this is different.
I am dealing with a legacy application, written in PHP with users,
passwords and security values that I can easily access in RAILS but I am
primarily interested in using Rails to write reports and don't see much
need to create new tables - at least not yet.
So if I put into application_controller.rb,
:except => [:login, :err_handler]
unless session[:securitylevel] >= session[:pageseclevel]
flash[:notice] = "You are not authorized to do that"
request.env["HTTP_REFERER"] ? (redirect_to :back,
:params => @params) : (redirect_to $SOMETHING)
and I try to set session[:pageseclevel] inside of each method, that
isn't going to work. I think I just need a way to use a before_filter
but have a very small table of lookup values for the security level for
the few methods I am going to create.
Does anyone have a suggestion?