[rspec-users] [rails] An authorization question
lists at ruby-forum.com
Mon Mar 2 13:39:11 EST 2009
Andrew Premdas wrote:
> So given that the rules should be in the model then the question is
> which part of the model should have this responsibility and how do
> you call it.
> Three choices come to mind here
> 1) Place the rule inside User
> 2) Place the rule inside the affected model
> 3) Create a new model(s) to encapsulate this functionality. It might be
> helpful to think of this as a service which models can use
> 1) Pollutes User with additional responsibility, but you can live with
> this so long as things remain very simple
I am not sure that this is really "pollution". One of the things that
was pointed out to me on the Ruby list when I first began transitioning
to OO was the mantra "ask" don't "tell". It seems to me that in an OO
authorization scheme one might properly ask the user instance (model)
whether or not they are permitted to do "something" (controller) rather
than have the "something" test to see if that user is permitted.
Posted via http://www.ruby-forum.com/.
More information about the rspec-users