[rspec-users] [rails] An authorization question
lists at ruby-forum.com
Mon Mar 2 13:48:19 EST 2009
James Byrne wrote:
> I am not sure that this is really "pollution". One of the things that
> was pointed out to me on the Ruby list when I first began transitioning
> to OO was the mantra "ask" don't "tell". It seems to me that in an OO
> authorization scheme one might properly ask the user instance (model)
> whether or not they are permitted to do "something" (controller) rather
> than have the "something" test to see if that user is permitted.
Unless I have misunderstood your intent and by your third choice you are
referring to an external role based model while your first choice refers
to putting the actual rules inside the user model. In which case I
agree with you.
My comments refer to the idea that the user model makes the calls to the
role model and returns whether or not they were authorized to the
Posted via http://www.ruby-forum.com/.
More information about the rspec-users