[Rails] Need help with n<->n authorization

Wed, 22 Apr 2009 08:35:37 -0700 

Hi folks,

I'm trying to implement an authorization system with users, roles and
permissions. Each user can have multiple roles, each role multiple
permissions and users can have multiple 'snowflake' permissions as
well.

This is my migration schema:

############################
create_table "permissions", :force => true do |t|
    t.string   "name"
    t.string   "controller"
    t.boolean  "c"
    t.boolean  "u"
    t.boolean  "d"
    t.datetime "created_at"
    t.datetime "updated_at"
  end

  create_table "permissions_roles", :force => true do |t|
    t.integer "role_id"
    t.integer "permission_id"
  end

  create_table "roles", :force => true do |t|
    t.string   "name"
    t.datetime "created_at"
    t.datetime "updated_at"
  end

  create_table "roles_users", :force => true do |t|
    t.integer "user_id"
    t.integer "role_id"
  end

  create_table "snowflakes", :force => true do |t|
    t.integer  "user_id"
    t.integer  "permission_id"
    t.datetime "due_date"
    t.datetime "created_at"
    t.datetime "updated_at"
  end

  create_table "users", :force => true do |t|
    t.string   "login",              :null => false
    t.string   "crypted_password",   :null => false
    ...
  end
############################

As you can see, the user->role->permission-path is solved with
has_and_belongs_to_many connections and the user->permission-path with
has_many, :through snowflakes connections.

What is the best way to authorize a user?

I have various ideas, but I don't know how to implement them in Rails
and which of them are the best in case of performance and security. I
thought of a prepared statement with all permissions by user or an
array with all permissions stored and cached. But I don't know how I
can do something like array.find_by_controller().

Can anybody help me with a clean and straight solution for that
problem?

Thank you very much in advance!

Pat

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com
To unsubscribe from this group, send email to 
rubyonrails-talk+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to