I have installed the RBAC_base extension to add custom roles for my 
extension.  However, I would like different roles to be able to access 
different methods on the same controller.

For example, 

  only_allow_access_to :index, :show, :new, :create, :edit, :update, 
:remove, :destroy,
     :when => [:admin],
     :denied_url => { :controller => 'admin/pages', :action => 'index' },
     :denied_message => "You must have admin privileges to manage 
categories in ResiTrac."

This will give admins access to all methods on my controller.  Now, I have 
another role named Residents.  How can I allow Residents to say :index, 
:show, :edit while still giving admins full access?  Do I just call this 
twice?

  only_allow_access_to :index, :show, :new, :create, :edit, :update, 
:remove, :destroy,
     :when => [:admin],
     :denied_url => { :controller => 'admin/pages', :action => 'index' },
     :denied_message => "You must have admin privileges to manage 
categories in ResiTrac."

  only_allow_access_to :index, :show, :edit, 
     :when => [:resident],
     :denied_url => { :controller => 'admin/pages', :action => 'index' },
     :denied_message => "You must have admin privileges to manage 
categories in ResiTrac."

Jason

Reply via email to