Hello, I am currently working on an app where I have at least 7 roles. I want to control all the permissions available for each role. Right now I have a users table, roles table and a joined table user_roles. I have 3 ideas in mind and will like to hear your opinion on both of them (and suggestions for better solutions).
The first one is having a models table that contains the following columns: id model_name 1 User 2 Event 3 Post and a joined table model_roles: id role_id model_id Permission 1 1 1 15 2 3 3 2 The permission column will be a 4-bit number, each bit representing a CRUD operation, for example: CRUD 0010 = 2 Meaning that the user with role_id 3 can only make updates on the Post model. The only problem I have found with this approach is that there might be other actions apart from the CRUD ones. The other idea is an aro - aco based one (like the way CakePHP handles ACL's) having a table with all the possible actions and another one establishing a relationship between role and the action i.e. aco's table id aco 1 users 2 users/index permissions table role_id aco_id 1 1 1 2 ... etc the problem with this approach is that it will be a pain to keep these tables updated along with the permissions. The other idea is to have an actions table that will contain the name of a controller and a action id controller_name action_name 1 events new and finally a roles_actions table id role_id action_id 1 1 2 The idea will be to query if the current_user can do an action on a specific controller. The problem with this approach is that there will be constant querying on the roles and roles_actions table every time a user tries to access any action on the app. Anyone has ideas on how to diminish this? Maybe uploading permissions and rights for roles on a class on memory, uploading the permissions for a specific controller on a session (security problems?). Any ideas or suggestions for of these, or better solutions? Kind regards, Elioncho --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
