On 12 May 2013 14:09, Polly Hay <li...@ruby-forum.com> wrote: You obviously missed my request to not top post, so that it is easier to follow the thread.
> Let me try to describe it clearly in one post: > > * AdminUsers only manage the Team & Member objects. > * Members build Team data by managing all objects under Team (Thing, > Widget, Part). > * Team data is private to Team Members. > > ********************************************** > > AdminUser > > Team A > -MemberUser > -Thing > --Widget > ---Part > > Team B > -MemberUser > -Thing > --Widget > ---Part Since they both have to be authenticated then obviously there has to be at least a common table for the authentication data. Basically then you need to allow one sort of user to access certain controllers and methods and another sort of user to access a different set of controller methods. You can put this in the before filter where you do the authentication check. As well as checking that a user is logged in, check that it is the right sort of user. Probably the only place you need to check is in the before filters. Colin > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-talk+unsubscr...@googlegroups.com. > To post to this group, send email to rubyonrails-talk@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.