unknown wrote: > >> sam.authorized?(controller_or_model, action)? > > I'll suggest that it's the controllers who are responsible for telling > what role or other requirements need to be satisfied to get their > services, and that it's the job of the user object (maybe by delegating > to some role class or objects) to provide the information as to whether > those requirements are met. >
That is what I thought that I was doing. The Controller sends the message to the User Instance telling it to answer the question: are you authorized to perform "controller + action"?; or role, or whatever the controller sends as the criteria to be met. It seems to me necessary that the User model receive the context of the authorization call. Now the actual check on whether user x is authorized to perform the create method of the PaymentReceivedController is done in the #authorized? method of User. Is this what should be done or is there a different way? -- Posted via http://www.ruby-forum.com/. _______________________________________________ rspec-users mailing list rspec-users@rubyforge.org http://rubyforge.org/mailman/listinfo/rspec-users