thanks Tim, i wanted to clarify how my app is built:
it is based on http://crazyrails.com/how-to-install-restful-authentication/ i have a people STI table (admin, manager, instructor, staff, member) then i have user table (login info) with a has_one: person roles table which is a general 5 records table to store the access level / roles permissions which is a join table between people and roles so changing a role would be actually : select from a drop down then on the controller -> remove the previous role and reassign the selected one i think you're 100% right, i'll see if i can do that, let me know if you can think of anything else thanks man Ami On Oct 22, 10:58 am, Tim Parkin <[EMAIL PROTECTED]> wrote: > My first thought was to use a before_filter (only for pages that display > member information that could expose a broken role) and check the > referer to see if the user came from the roles page. If so, you could > find any broken members and give them a default role. > > Thinking more about it, however, it seems like we're avoiding the cause > of the problem and trying to hack it. The real issue is that you > shouldn't allow admins to remove someone's role in the first place. I > now suggest changing your role page to let the admin change a role (not > remove) _ or if you allow multiple roles let them only remove all but > the lowest assigned role. Another option would be to keep it as is but > check when a role is removed - if that member now has no roles then > assign them a default one. > > I hope these ideas are of use. > -- > Posted viahttp://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
