Antonio Tapiador del Dujo wrote: > Hi folks, > I am working on Station, a Rails Engine [1] that supports authorization > among > other things. > > Using Station, you can ask a model about authorization, for example: > > post.authorize?(permission, :to => current_user) > > My question rises when doing automatic Model - Controller mapping. How > coupled > should be the action in the controller with the permission authorized in > the > model?
Philosophically, I agree with Ryan Bates' approach in CanCan, which is to decouple authorization from everything, including all three layer of MVC. http://github.com/ryanb/cancan I say "philosophically" since I have not add the opportunity to implement CanCan in any of my projects yet. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
