Hi folks, I am working on Station, a Rails Engine [1] that supports authorization among other things.
Using Station, you can ask a model about authorization, for example: post.authorize?(permission, :to => current_user) My question rises when doing automatic Model - Controller mapping. How coupled should be the action in the controller with the permission authorized in the model? Consider this resource: class PostsController authorization_filter end This could map the authorization to the post instance this way: * create Post.new.authorize?(:create, :to => current_user) * show Post.find(params[:id]).authorize?(:show, :to => current_user) I am not sure that the Controller actions should be mapped directly to the Model permissions. There are cases when an action requires several permissions, like: * edit Post.find(params[:id]).authorize?(:show, :to => current_user) && Post.find(params[:id]).authorize?(:update, :to => current_user) Maybe this mapping could be declared in the controller, maybe in the model... Can anyone shed light on this? [1] http://rstation.wordpress.com -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.