[rspec-users] [rails] An authorization question
James Byrne
lists at ruby-forum.com
Mon Mar 2 15:59:04 EST 2009
unknown wrote:
>
>> sam.authorized?(controller_or_model, action)?
>
> I'll suggest that it's the controllers who are responsible for telling
> what role or other requirements need to be satisfied to get their
> services, and that it's the job of the user object (maybe by delegating
> to some role class or objects) to provide the information as to whether
> those requirements are met.
>
That is what I thought that I was doing. The Controller sends the
message to the User Instance telling it to answer the question: are you
authorized to perform "controller + action"?; or role, or whatever the
controller sends as the criteria to be met. It seems to me necessary
that the User model receive the context of the authorization call. Now
the actual check on whether user x is authorized to perform the create
method of the PaymentReceivedController is done in the #authorized?
method of User.
Is this what should be done or is there a different way?
--
Posted via http://www.ruby-forum.com/.
More information about the rspec-users
mailing list