Andrew Premdas wrote: > So given that the rules should be in the model then the question is > which part of the model should have this responsibility and how do > you call it. > Three choices come to mind here > > 1) Place the rule inside User > 2) Place the rule inside the affected model > 3) Create a new model(s) to encapsulate this functionality. It might be > helpful to think of this as a service which models can use > > 1) Pollutes User with additional responsibility, but you can live with > this so long as things remain very simple >
I am not sure that this is really "pollution". One of the things that was pointed out to me on the Ruby list when I first began transitioning to OO was the mantra "ask" don't "tell". It seems to me that in an OO authorization scheme one might properly ask the user instance (model) whether or not they are permitted to do "something" (controller) rather than have the "something" test to see if that user is permitted. -- Posted via http://www.ruby-forum.com/. _______________________________________________ rspec-users mailing list rspec-users@rubyforge.org http://rubyforge.org/mailman/listinfo/rspec-users
