[rspec-users] [rails] An authorization question

James Byrne lists at ruby-forum.com
Mon Mar 2 13:48:19 EST 2009


James Byrne wrote:

> 
> I am not sure that this is really "pollution".  One of the things that 
> was pointed out to me on the Ruby list when I first began transitioning 
> to OO was the mantra "ask" don't "tell".  It seems to me that in an OO 
> authorization scheme one might properly ask the user instance (model) 
> whether or not they are permitted to do "something" (controller) rather 
> than have the "something" test to see if that user is permitted.

Unless I have misunderstood your intent and by your third choice you are 
referring to an external role based model while your first choice refers 
to putting the actual rules inside the user model.  In which case I 
agree with you.

My comments refer to the idea that the user model makes the calls to the 
role model and returns whether or not they were authorized to the 
request.
-- 
Posted via http://www.ruby-forum.com/.


More information about the rspec-users mailing list