[rspec-users] [rails] An authorization question
mark at mwilden.com
Tue Mar 3 01:04:04 EST 2009
On Mon, Mar 2, 2009 at 8:35 PM, Stephen Eley <sfeley at gmail.com> wrote:
> @invoices = Invoice.by_role(user)
It doesn't seem right to me that invoices know about users and roles.
I think of invoices are being closer to the metal -- closer to the
essence of the application -- than petty concerns like authorization.
I would try something like
where Role is a model that does the traffic-cop work of deciding what
invoices are available to it.
More information about the rspec-users