On Fri, Feb 22, 2013 at 1:50 PM, Sebastian Porto <[email protected]>wrote:
> Authority has been great for us so far, as we have lots of things to > authorize we really like the fact that you can define authorizer classes > for each type of resource. It lets you define common behaviors and then > build complex rules for some resources if needed. > > I like the fact that you can split up your authentications to different classes. > One drawback of Authority is that it is a one way street, it let's you > say: can user read this document? but it doesn't try to do something like: > give me all the documents that this user can read. I think that cancan > tries to do this. > > Yes CanCan does this. @records = Model.accessible_by(current_ability, :read). Consul also does this. In fact it works exclusively on scopes as far as I can tell. > It also doesn't deal with restricting access to particular attributes. > > In my research only Consul deals with this. They do it in a way that's likely to be compatible with Rails 4 from the looks of it. -- You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/rails-oceania?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
