Consider restful_authentication and rolerequirement http://code.google.com/p/rolerequirement/
On May 26, 4:01 pm, Mike Buckley <[email protected]> wrote: > I am working on an app that has three roles (user, admin, business). I > have the situation where all three roles interact with the same > controller, but have access to different actions. Some actions are > authorized for 2 roles (admin, business), and others are only authorized > for one role (administrator). > > Does anyone know if there is a commonly used pattern for security on a > per action basis? > > What I would like to do is be able to map which roles are authorized to > call which actions and be able to call a :before_filter in my > controller. > > In my head I'm thinking of something like > > before_filter :authorize_action => :except [:public_action1, > :public_action2] > > Thanks for any input. > -- > Posted viahttp://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
