Hi, I am really newbie in RoR, I am just reading this book<http://pragprog.com/book/rails2/agile-web-development-with-rails>. I am trying to make very simple application who should have 3 user roles (3 groups of many users). Each role should have different permission set (of course i have to implement some authentication mechanism first).
*Administrators *- Should have access to all data (create, edit, update, delete). *Editors *- Should have access to all data which they created (create, edit, update, delete). *Viewers *- Should have read access to all data anyone created. I just scaffold-ed basic structure of application, did some changes, defined relations between models ... Scaffold views and controllers have all actions for all data (Show, edit, update, delete). My question is: 1. Should I move somewhere to dedicated place (like /admin) these scaffold-ed files and "lock" them only for administrators? Create different set of controllers and views for Editors and different set of controllers and views Viewers? Is this even possible? 2. Should I use existing scaffold-ed controllers and views and make application logic inside (filtering out displaying Edit link is not good idea, users always can "gues" the correct edit URL even I do not show button for edit)? 3. Is there best practice for such common situation? thanx a lot for your opinions Pavel K. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/ff89211b-116a-49e3-a871-7359b21bfb40%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
