I'm using Cancan, which works really well and is pretty cleanly implemented. Check out Ryan Bates Railscast here http://railscasts.com/episodes/192-authorization-with-cancan.
The urls you have up there end in .html, which doesn't really happen all that often in rails. With routes, what you're more likely going to have is: http://example.com/users/### ...where ### is the user_id (or whatever). This goes to the show action for user ###. If the user_id matches the current_user or if current_user is an admin, they get to access to that model. If not, they'll get redirected. Furthermore, if current_user is an admin, they would also get access to: http://example.com/users ...which goes to the index action to list all of the users. Other (non- admin) users will get a nasty flash message and redirected elsewhere. Hope I'm answering the right question. :) Dee On Jun 2, 7:16 pm, Fearless Fool <li...@ruby-forum.com> wrote: > In an app where ordinary users are limited to viewing and editing their > own "stuff", but someone with admin privs can view and edit anybody's > stuff, what's the right strategy for routing? > > At first blush, I'd think that an ordinary user (e.g. with id 565) > should see something like: > > http://example.com/mystuff.html > > ... where the controller assumes @current_user has been established by > authlogic or whatnot. But if you're logged in as an admin, you could > get at that same user's stuff via: > > http://example.com/users/565/mystuff.html > > and you could list and administer all the users via: > > http://example.com/users > > Does this sound like the right approach? If so, what are the patterns > for the routes and controllers? If not, what's the accepted DRY, > RESTful approach? > > t.i.a. > > - ff > -- > Posted viahttp://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
