views:

43

answers:

1

Im trying to use this approach.

My app is a cms. I have admins, editors, and subscribers. for a blog with categories... its an experimental project so I cant use wordpress or whatever. Admins should be able to do anything, editors should allow be allowed to create/edit/delete content for the category they belong to and suscribers are just allowdwed to view posts.

With that role apporach.. what else should I do now? Im lost with this thing... I cant think of many ways to get it done but Im not sure if they would be appropriate... where should the authroization logic be?? do i have to create a databse entry for each method of each of my contollers?.. please heeeeeelp

+2  A: 

I would suggest having a look at a plugin like declarative_authorization which provides a full DSL for describing roles and access permissions in your application.

In the link you provided, it looks like the logic is going in the view to disable access to specific features.

Toby Hede
Indeed, declarative_authorization is a very nice authorization framework.Have a look at the declarative_authorization railscast:http://railscasts.com/episodes/188-declarative-authorization
egarcia