I'm using restful_authentication and role_requirement to handle use authentication for my application. I'm wondering what the best way is for me to set up tiered access privileges. Essentially, I want to restrict access as follows:
- some users will get access to one or more branches - some users will get access to one or more regions, including the branches within that region - some users will get access to an entire company, including the regions and branches within that company When a person logs into the application, I want to show them data only relevant to their particular branch if they only have access at the branch level. Similarly, when a person logs in that has access to an entire company, I want to be able to show them company data, regional data, and branch-level data. Should I set up three separate index tables (users_branches, users_regions, users_companies), and then when the user logs in just do three separate finds, one against each of these three tables, to find out their access rights? Or is there a better way to do this to cut down on the number of queries? I hope I've been clear enough - let me know if I need to elaborate more. Thanks in advance! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
