[rspec-users] [rails] An authorization question

Mark Wilden mark at mwilden.com
Tue Mar 3 01:04:04 EST 2009


On Mon, Mar 2, 2009 at 8:35 PM, Stephen Eley <sfeley at gmail.com> wrote:

>  @invoices = Invoice.by_role(user)

It doesn't seem right to me that invoices know about users and roles.
I think of invoices are being closer to the metal -- closer to the
essence of the application -- than petty concerns like authorization.

I would try something like

 user.role.invoices

where Role is a model that does the traffic-cop work of deciding what
invoices are available to it.

///ark


More information about the rspec-users mailing list