[rspec-users] [rails] An authorization question

James Byrne lists at ruby-forum.com
Mon Mar 2 13:39:11 EST 2009

Andrew Premdas wrote:

> So given that the rules should be in the model then the question is 
> which part of the model should have this responsibility and how do
> you call  it.
> Three choices come to mind here
> 1) Place the rule inside User
> 2) Place the rule inside the affected model
> 3) Create a new model(s) to encapsulate this functionality. It might be
> helpful to think of this as a service which models can use
> 1) Pollutes User with additional responsibility, but you can live with 
> this so long as things remain very simple

I am not sure that this is really "pollution".  One of the things that 
was pointed out to me on the Ruby list when I first began transitioning 
to OO was the mantra "ask" don't "tell".  It seems to me that in an OO 
authorization scheme one might properly ask the user instance (model) 
whether or not they are permitted to do "something" (controller) rather 
than have the "something" test to see if that user is permitted.

Posted via http://www.ruby-forum.com/.

More information about the rspec-users mailing list